When testing SKARA-2198, I found that there is a bug.
When determining if the bot should add the csr label to a backport CSR pr, if the bot found the pr is already associated with any CSR(regardless if it's withdrawn or not), then the bot would not add the csr label.
This is a bug. A user could create a CSR for this pr and withdraw it, then the user could bypass the CSR request.
The bot should ignore withdrawn CSRs in this case.
When determining if the bot should add the csr label to a backport CSR pr, if the bot found the pr is already associated with any CSR(regardless if it's withdrawn or not), then the bot would not add the csr label.
This is a bug. A user could create a CSR for this pr and withdraw it, then the user could bypass the CSR request.
The bot should ignore withdrawn CSRs in this case.
- relates to
-
SKARA-2198 Backport PRs should check if a CSR is required
-
- Resolved
-
