From b19c81ca2b1adf9a12fafef18f6c3c8b5616d2b0 Mon Sep 17 00:00:00 2001
From: Charlie Marsh <charlie.r.marsh@gmail.com>
Date: Mon, 20 Jan 2025 18:20:42 -0500
Subject: [PATCH] Validate metadata under GitHub fast path

---
 crates/uv-distribution/src/source/mod.rs | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/crates/uv-distribution/src/source/mod.rs b/crates/uv-distribution/src/source/mod.rs
index 4a784fbf4e0c..8faa3844f783 100644
--- a/crates/uv-distribution/src/source/mod.rs
+++ b/crates/uv-distribution/src/source/mod.rs
@@ -1518,11 +1518,22 @@ impl<'a, T: BuildContext> SourceDistributionBuilder<'a, T> {
                 .github_metadata(precise, source, resource, client)
                 .await?
             {
-                debug!("Found static metadata via GitHub fast path for: {source}");
-                return Ok(ArchiveMetadata {
-                    metadata: Metadata::from_metadata23(metadata),
-                    hashes: vec![],
-                });
+                // Validate the metadata, but ignore it if the metadata doesn't match.
+                match validate_metadata(source, &metadata) {
+                    Ok(()) => {
+                        debug!("Found static metadata via GitHub fast path for: {source}");
+                        return Ok(ArchiveMetadata {
+                            metadata: Metadata::from_metadata23(metadata),
+                            hashes: vec![],
+                        });
+                    }
+                    Err(Error::WheelMetadataNameMismatch { metadata, given }) => {
+                        debug!(
+                            "Ignoring `pyproject.toml` from GitHub for: {source} (metadata: {metadata}, given: {given})"
+                        );
+                    }
+                    Err(err) => return Err(err),
+                }
             }
         }