This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new ac2f8a2696 Fix typo-check in CI, run only for pull requests because of
security reasons (#4433)
ac2f8a2696 is described below
commit ac2f8a2696dc0fe00734d417d95377a7b39ab94f
Author: Lari Hotari <[email protected]>
AuthorDate: Wed Jun 12 20:32:57 2024 +0300
Fix typo-check in CI, run only for pull requests because of security
reasons (#4433)
---
.github/workflows/bk-ci.yml | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/bk-ci.yml b/.github/workflows/bk-ci.yml
index 2a3a459c51..1f6ffd652e 100644
--- a/.github/workflows/bk-ci.yml
+++ b/.github/workflows/bk-ci.yml
@@ -485,11 +485,14 @@ jobs:
typo-check:
name: Typo Check
+ # only run on pull requests because of security reasons
+ # we shouldn't trust external actions for builds within the repository
+ if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check typos
- uses: crate-ci/typos@master
+ uses: crate-ci/[email protected]
owasp-dependency-check:
name: OWASP Dependency Check
@@ -551,11 +554,19 @@ jobs:
'windows-build'
]
steps:
- - name: Check build-and-license-check and typo-check success
+ - name: Check build-and-license-check success
run: |
if [[ ! ( \
"${{ needs.build-and-license-check.result }}" == "success" \
- && "${{ needs.typo-check.result }}" == "success" \
+ ) ]]; then
+ echo "Required jobs haven't been completed successfully."
+ exit 1
+ fi
+ - name: Check typo-check success for pull requests
+ if: ${{ github.event_name == 'pull_request' }}
+ run: |
+ if [[ ! ( \
+ "${{ needs.typo-check.result }}" == "success" \
) ]]; then
echo "Required jobs haven't been completed successfully."
exit 1
