internal/relui: add a check to PRIVATE-track CVEs parameter

This manual parameter might become obsolete in the future, in favor of being pulled from another source automatically. Since that hasn't been implemented yet, add a simple automated check to it in the meantime so that release coordinators can pay more attention elsewhere. Change-Id: I4dc422837293274d64fba4b5fd8e266ab3a449dc Reviewed-on: https://go-review.googlesource.com/c/build/+/568260 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2024-02-29 19:03:18 -05:00 · 2024-02-29 19:03:18 -05:00 · 991db46f6c
--- a/internal/relui/workflows.go
+++ b/internal/relui/workflows.go
@ -120,7 +120,21 @@ It must not reveal details beyond what's allowed by the security policy.`,
 		ParamType: wf.SliceShort,
 		Example:   "CVE-2023-XXXX",
 		Doc:       "List of CVEs for PRIVATE track fixes contained in the release to be included in the pre-announcement.",
+		Check: func(cves []string) error {
+			var m = make(map[string]bool)
+			for _, c := range cves {
+				switch {
+				case !cveRE.MatchString(c):
+					return fmt.Errorf("CVE ID %q doesn't match %s", c, cveRE)
+				case m[c]:
+					return fmt.Errorf("duplicate CVE ID %q", c)
+				}
+				m[c] = true
+			}
+			return nil
+		},
 	}
+	cveRE = regexp.MustCompile(`^CVE-\d{4}-\d{4,7}$`)

 	securitySummaryParameter = wf.ParamDef[string]{
 		Name: "Security Summary (optional)",