From 5c0021d269acd7a374c3658de022056506e10f74 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Wed, 10 Nov 2021 18:48:33 +0100
Subject: [PATCH 1/3] Sort CPEs before adding them to the datastream.

---
 ssg/build_yaml.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssg/build_yaml.py b/ssg/build_yaml.py
index 5de4ce72bb93..db1ebab559fa 100644
--- a/ssg/build_yaml.py
+++ b/ssg/build_yaml.py
@@ -1535,7 +1535,7 @@ def to_xml_element(self, env_yaml=None):
 
         add_sub_element(rule, 'rationale', self.rationale)
 
-        for cpe_platform_name in self.cpe_platform_names:
+        for cpe_platform_name in sorted(self.cpe_platform_names):
             platform_el = ET.SubElement(rule, "platform")
             platform_el.set("idref", "#"+cpe_platform_name)
 

From fa1ac5a6a5538c815154a74bb9575adc256873dc Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Wed, 10 Nov 2021 18:49:50 +0100
Subject: [PATCH 2/3] Do not show diff for rule security_patches_up_to_date.

---
 utils/compare_ds.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/compare_ds.py b/utils/compare_ds.py
index 265315dac967..1d23ca9e9e9e 100755
--- a/utils/compare_ds.py
+++ b/utils/compare_ds.py
@@ -233,7 +233,7 @@ def compare_checks(
                 "'%s' to '%s'." % (
                     system, rule_id, old_check_id, new_check_id)
             )
-        if show_diffs:
+        if show_diffs and rule_id != "xccdf_org.ssgproject.content_rule_security_patches_up_to_date":
             try:
                 old_check_doc = old_checks[old_check_file_name]
             except KeyError:

From 71f2a2cf7bfc02a4d7006ca3366387aeed94d8fb Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Wed, 10 Nov 2021 20:30:31 +0100
Subject: [PATCH 3/3] Use specific commit sha when pulling out the branch for
 compare_ds job.

---
 .github/workflows/compare-ds.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/compare-ds.yaml b/.github/workflows/compare-ds.yaml
index cdd317061c74..e571d4b07fd5 100644
--- a/.github/workflows/compare-ds.yaml
+++ b/.github/workflows/compare-ds.yaml
@@ -47,6 +47,7 @@ jobs:
         if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
         uses: actions/checkout@v2
         with:
+          ref: ${{ github.event.pull_request.head.sha }}
           clean: false
       - name: Build product
         if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}