From aecf8ec23f79f230ab53fd548f04660ae9be719b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20Mart=C3=ADnez=20P=C3=A9rez?= Date: Wed, 18 Feb 2026 16:47:14 +0100 Subject: [PATCH 1/2] fix: protect integer conversion --- controllers/redis_manager.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/controllers/redis_manager.go b/controllers/redis_manager.go index 8eddf94..569089f 100644 --- a/controllers/redis_manager.go +++ b/controllers/redis_manager.go @@ -379,6 +379,11 @@ func (r *RedkeyClusterReconciler) doSlowUpgradeResharding(ctx context.Context, r // RollingUpdate r.logInfo(redkeyCluster.NamespacedName(), "Executing partition Rolling Update", "partition", currentPartition) + if currentPartition < 0 || currentPartition > math.MaxInt32 { + err = fmt.Errorf("invalid partition index %d: must be between 0 and %d", currentPartition, int(math.MaxInt32)) + r.logError(redkeyCluster.NamespacedName(), err, "Partition value out of int32 range") + return err + } localPartition := int32(currentPartition) existingStatefulSet.Spec.UpdateStrategy = v1.StatefulSetUpdateStrategy{ Type: v1.RollingUpdateStatefulSetStrategyType, From aef676378a6c2133e36cf1cd2f0232fb83cf9182 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20Mart=C3=ADnez=20P=C3=A9rez?= Date: Wed, 18 Feb 2026 16:47:29 +0100 Subject: [PATCH 2/2] fix: add permissions to workflows --- .github/workflows/code-verify.yml | 3 +++ .github/workflows/e2e-tests.yml | 2 ++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/code-verify.yml b/.github/workflows/code-verify.yml index 199b771..8cd40cf 100644 --- a/.github/workflows/code-verify.yml +++ b/.github/workflows/code-verify.yml @@ -2,6 +2,9 @@ # SPDX-License-Identifier: Apache-2.0 name: Static code analysis and unit testing +permissions: + contents: read + on: push: paths-ignore: diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 47dfbee..7167a66 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -2,6 +2,8 @@ # SPDX-License-Identifier: Apache-2.0 name: E2E tests +permissions: + contents: read on: pull_request: