[rust-guard] Hoist commit SHA extraction in commit_integrity and add default-branch commit-context coverage

[Copilot]

commit_integrity duplicated sha/short_sha extraction in two branches, and is_default_branch_commit_context (including SHA-shape handling) had no direct unit coverage despite gating merged-level integrity decisions.
This PR removes the duplication and adds focused tests for the get_commit SHA path and SHA/ref edge cases.

• Refactor: commit_integrity SHA handling

  • Hoists sha and short_sha computation to a single binding at function entry.
  • Reuses the same short_sha in both:
    • blocked-user early return logging
    • collaborator-permission fallback context (repo@short_sha)

• Coverage: default-branch commit context classification

  • Adds targeted tests for is_default_branch_commit_context behavior:
    • empty ref and main/master/HEAD (case-insensitive) as default-branch context
    • get_commit + valid SHA (7..=40 hex) treated as default-branch context
    • list_commits + SHA not treated as default-branch context
    • non-hex, too-short, and too-long SHA-like refs rejected

pub fn commit_integrity(...) -> Vec<String> {
    let sha = item.get("sha").and_then(|v| v.as_str()).unwrap_or("unknown");
    let short_sha = short_sha(sha);

    let author_login = extract_author_login(item);
    if !author_login.is_empty() && is_blocked_user(author_login, ctx) {
        crate::log_info(&format!(
            "[integrity] commit:{}@{} → blocked ...",
            repo_full_name, short_sha
        ));
        return blocked_integrity(repo_full_name, ctx);
    }

    // ...
    integrity = elevate_via_collaborator_permission(
        author_login, repo_full_name, "commit", &format!("{}@{}", repo_full_name, short_sha), integrity, ctx
    );
}

[Copilot]

Pull request overview

This PR refactors Rust guard integrity labeling logic to reduce duplication in commit_integrity, and adds unit coverage for the “default-branch commit context” classifier that influences merged-level integrity decisions.

Changes:

• Hoists commit sha and derived short_sha computation to a single binding in commit_integrity and reuses it for blocked-user logging and collaborator-permission fallback context formatting.
• Adds focused unit tests for is_default_branch_commit_context / looks_like_commit_sha, covering empty refs, default branch names (main/master/HEAD, case-insensitive), get_commit SHA handling (7..=40 hex), and rejection of non-hex / too-short / too-long inputs.

Show a summary per file

File	Description
guards/github-guard/rust-guard/src/labels/helpers.rs	Deduplicates SHA handling in commit_integrity and adds targeted tests for default-branch commit-context classification edge cases.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/1 changed files
• Comments generated: 0