From bba73591e1b6f6d17a58c0fa5941e42533833c1a Mon Sep 17 00:00:00 2001 From: Jan Grodowski Date: Thu, 6 Nov 2025 18:17:12 +0100 Subject: [PATCH 1/2] Fix lexographical comparison of binlog filenames (#1604) * Parse binlog file numbers numerically instead of lexicographically to correctly order files like binlog.999999 < binlog.1000000. Would cause the stream to ignore all incoming events and render the gh-ost process stuck: https://github.com/github/gh-ost/blob/48b34bcbfde730b2548d598dee98e9c1f0d2fcce/go/binlog/gomysql_reader.go#L85-L88 Possibly remediated by 005043d5 too, which drops the SmallerThanOrEqual check from GoMySqlReader.handleRowsEvent * Remove unused fn FileBinlogCoordinates.FileSmallerThan --- go/mysql/binlog_file.go | 20 +++++--------------- go/mysql/binlog_file_test.go | 16 ++++++++++++++++ 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/go/mysql/binlog_file.go b/go/mysql/binlog_file.go index 426e54076..b9df215bf 100644 --- a/go/mysql/binlog_file.go +++ b/go/mysql/binlog_file.go @@ -78,13 +78,12 @@ func (this *FileBinlogCoordinates) SmallerThan(other BinlogCoordinates) bool { if !ok || other == nil { return false } - if this.LogFile < coord.LogFile { - return true - } - if this.LogFile == coord.LogFile && this.LogPos < coord.LogPos { - return true + + fileNumberDist := this.FileNumberDistance(coord) + if fileNumberDist == 0 { + return this.LogPos < coord.LogPos } - return false + return fileNumberDist > 0 } // SmallerThanOrEquals returns true if this coordinate is the same or equal to the other one. @@ -100,15 +99,6 @@ func (this *FileBinlogCoordinates) SmallerThanOrEquals(other BinlogCoordinates) return this.LogFile == coord.LogFile && this.LogPos == coord.LogPos // No Type comparison } -// FileSmallerThan returns true if this coordinate's file is strictly smaller than the other's. -func (this *FileBinlogCoordinates) FileSmallerThan(other BinlogCoordinates) bool { - coord, ok := other.(*FileBinlogCoordinates) - if !ok || other == nil { - return false - } - return this.LogFile < coord.LogFile -} - // FileNumberDistance returns the numeric distance between this coordinate's file number and the other's. // Effectively it means "how many rotates/FLUSHes would make these coordinates's file reach the other's" func (this *FileBinlogCoordinates) FileNumberDistance(other *FileBinlogCoordinates) int { diff --git a/go/mysql/binlog_file_test.go b/go/mysql/binlog_file_test.go index f12f5514f..50d513698 100644 --- a/go/mysql/binlog_file_test.go +++ b/go/mysql/binlog_file_test.go @@ -134,3 +134,19 @@ func TestIsLogPosOverflowBeyond4Bytes(t *testing.T) { require.True(t, curCoordinates.IsLogPosOverflowBeyond4Bytes(preCoordinates)) } } + +func TestBinlogCoordinates_LogFileZeroPaddedTransition(t *testing.T) { + c1 := FileBinlogCoordinates{LogFile: "mysql-bin.999999", LogPos: 100} + c2 := FileBinlogCoordinates{LogFile: "mysql-bin.1000000", LogPos: 100} + + require.True(t, c1.SmallerThan(&c2)) +} + +func TestBinlogCoordinates_SameLogFileDifferentPosition(t *testing.T) { + c1 := FileBinlogCoordinates{LogFile: "binlog.000001", LogPos: 100} + c2 := FileBinlogCoordinates{LogFile: "binlog.000001", LogPos: 200} + + require.True(t, c1.SmallerThan(&c2)) + require.False(t, c2.SmallerThan(&c1)) + require.False(t, c1.SmallerThan(&c1)) +} From 1b7933afa466248e682c8487ef1347bf724e02b4 Mon Sep 17 00:00:00 2001 From: Cindy Hill <110551331+cinderellasecure@users.noreply.github.com> Date: Thu, 6 Nov 2025 10:30:21 -0700 Subject: [PATCH 2/2] Potential fix for code scanning alert no. 5: Workflow does not contain permissions (#1597) * Potential fix for code scanning alert no. 5: Workflow does not contain permissions As part of the organization's transition to default read-only permissions for the GITHUB_TOKEN, this pull request addresses a missing permission in the workflow that triggered a code scanning alert. This PR explicitly adds the required read permissions to align with the default read only permission and is part of a larger effort for this OKR github/security-services#455 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 3: Workflow does not contain permissions adding to existing branch, existing PR for similar alert Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Jason White Co-authored-by: meiji163 --- .github/workflows/ci.yml | 2 ++ .github/workflows/replica-tests.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a65f973a0..6105adaa7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,6 @@ name: CI +permissions: + contents: read on: [pull_request] diff --git a/.github/workflows/replica-tests.yml b/.github/workflows/replica-tests.yml index 9641727a2..957d7a176 100644 --- a/.github/workflows/replica-tests.yml +++ b/.github/workflows/replica-tests.yml @@ -1,4 +1,6 @@ name: migration tests +permissions: + contents: read on: [pull_request]