This is an automated email from the ASF dual-hosted git repository.

lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new ac2f8a2696 Fix typo-check in CI, run only for pull requests because of 
security reasons (#4433)
ac2f8a2696 is described below

commit ac2f8a2696dc0fe00734d417d95377a7b39ab94f
Author: Lari Hotari <[email protected]>
AuthorDate: Wed Jun 12 20:32:57 2024 +0300

    Fix typo-check in CI, run only for pull requests because of security 
reasons (#4433)
---
 .github/workflows/bk-ci.yml | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/bk-ci.yml b/.github/workflows/bk-ci.yml
index 2a3a459c51..1f6ffd652e 100644
--- a/.github/workflows/bk-ci.yml
+++ b/.github/workflows/bk-ci.yml
@@ -485,11 +485,14 @@ jobs:
 
   typo-check:
     name: Typo Check
+    # only run on pull requests because of security reasons
+    # we shouldn't trust external actions for builds within the repository
+    if: ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: Check typos
-        uses: crate-ci/typos@master
+        uses: crate-ci/[email protected]
 
   owasp-dependency-check:
     name: OWASP Dependency Check
@@ -551,11 +554,19 @@ jobs:
       'windows-build'
     ]
     steps:
-      - name: Check build-and-license-check and typo-check success
+      - name: Check build-and-license-check success
         run: |
           if [[ ! ( \
                    "${{ needs.build-and-license-check.result }}" == "success" \
-                && "${{ needs.typo-check.result }}" == "success" \
+               ) ]]; then
+            echo "Required jobs haven't been completed successfully."
+            exit 1
+          fi
+      - name: Check typo-check success for pull requests
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          if [[ ! ( \
+                   "${{ needs.typo-check.result }}" == "success" \
                ) ]]; then
             echo "Required jobs haven't been completed successfully."
             exit 1

Reply via email to