This is an automated email from the ASF dual-hosted git repository.

oscerd pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-kamelets.git


The following commit(s) were added to refs/heads/main by this push:
     new 8402363cf ci: add job timeout-minutes and pin backport checkout to a 
SHA (#2891)
8402363cf is described below

commit 8402363cf51501ee8ee6299db1c2b7ae1c01bb93
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Jun 30 13:43:24 2026 +0200

    ci: add job timeout-minutes and pin backport checkout to a SHA (#2891)
    
    Hardening of the GitHub Actions workflows:
    
    - Add timeout-minutes to every job (none had one). A hung job -- e.g. the
      Testcontainers/JBang integration-tests run -- previously could run up to
      the 6h GitHub default. Values are generous upper bounds (integration-tests
      90, java-tests/ci-build 60, the rest 30).
    - Pin actions/checkout in backport.yml to the commit SHA already used by the
      other workflows (was the mutable v7.0.0 tag), for supply-chain 
consistency.
    
    Signed-off-by: Andrea Cosentino <[email protected]>
    Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>
---
 .github/workflows/automatic-changelog-update.yml | 1 +
 .github/workflows/backport.yml                   | 3 ++-
 .github/workflows/ci-build.yml                   | 2 ++
 .github/workflows/generate-sbom-main.yml         | 1 +
 .github/workflows/integration-tests.yaml         | 1 +
 .github/workflows/java-tests.yaml                | 1 +
 .github/workflows/main-push-regen.yaml           | 1 +
 .github/workflows/pr-doc-validation.yml          | 1 +
 .github/workflows/validate.yaml                  | 1 +
 9 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/automatic-changelog-update.yml 
b/.github/workflows/automatic-changelog-update.yml
index 1b66da0ce..8ea5ad5b8 100644
--- a/.github/workflows/automatic-changelog-update.yml
+++ b/.github/workflows/automatic-changelog-update.yml
@@ -27,6 +27,7 @@ jobs:
   generate_changelog:
     if: github.repository == 'apache/camel-kamelets'
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     name: Generate changelog for main branch
     steps:
       - name: "Checkout"
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
index e4801954e..3aa8801cd 100644
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -29,10 +29,11 @@ permissions:
 jobs:
   backport:
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     name: Backport
     steps:
       - name: "Checkout Camel Kamelets"
-        uses: actions/[email protected]
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # 
v7.0.0
         with:
           persist-credentials: false
           submodules: recursive
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index 7cecd7cdc..a8acb44ee 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -50,6 +50,7 @@ permissions:  # added using 
https://github.com/step-security/secure-repo
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 60
     steps:
     - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       with:
@@ -72,6 +73,7 @@ jobs:
         path: maven-repo-${{ github.run_id }}-${{ github.run_number }}.tgz
   deploy:
     runs-on: ubuntu-latest
+    timeout-minutes: 60
     # Run only when pushing to the branches (either main or release), never on 
merge requests and forks
     if: ${{ github.repository == 'apache/camel-kamelets' && github.event_name 
== 'push' }}
     env:
diff --git a/.github/workflows/generate-sbom-main.yml 
b/.github/workflows/generate-sbom-main.yml
index c74091852..628e76169 100644
--- a/.github/workflows/generate-sbom-main.yml
+++ b/.github/workflows/generate-sbom-main.yml
@@ -31,6 +31,7 @@ jobs:
       pull-requests: write # to create a PR (peter-evans/create-pull-request)
 
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     strategy:
       matrix:
         java: [ '17' ]
diff --git a/.github/workflows/integration-tests.yaml 
b/.github/workflows/integration-tests.yaml
index 4528d036f..18975f8f3 100644
--- a/.github/workflows/integration-tests.yaml
+++ b/.github/workflows/integration-tests.yaml
@@ -46,6 +46,7 @@ permissions:  # added using 
https://github.com/step-security/secure-repo
 jobs:
   test:
     runs-on: ubuntu-latest
+    timeout-minutes: 90
     steps:
     - name: Checkout code
       uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
diff --git a/.github/workflows/java-tests.yaml 
b/.github/workflows/java-tests.yaml
index dda085643..3d092773c 100644
--- a/.github/workflows/java-tests.yaml
+++ b/.github/workflows/java-tests.yaml
@@ -37,6 +37,7 @@ permissions:
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 60
     steps:
       - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # 
v7.0.0
         with:
diff --git a/.github/workflows/main-push-regen.yaml 
b/.github/workflows/main-push-regen.yaml
index 6f45492ae..e5bc328e7 100644
--- a/.github/workflows/main-push-regen.yaml
+++ b/.github/workflows/main-push-regen.yaml
@@ -36,6 +36,7 @@ jobs:
       contents: write  # for peter-evans/create-pull-request to create branch
       pull-requests: write  # for peter-evans/create-pull-request to create a 
PR
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     steps:
       - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # 
v7.0.0
         with:
diff --git a/.github/workflows/pr-doc-validation.yml 
b/.github/workflows/pr-doc-validation.yml
index a48779d6a..ca3515f31 100644
--- a/.github/workflows/pr-doc-validation.yml
+++ b/.github/workflows/pr-doc-validation.yml
@@ -34,6 +34,7 @@ jobs:
   check-doc:
     if: github.repository == 'apache/camel-kamelets'
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     steps:
       - name: Checkout camel-quarkus repo
         uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # 
v7.0.0
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
index 6df13636e..418ffe719 100644
--- a/.github/workflows/validate.yaml
+++ b/.github/workflows/validate.yaml
@@ -46,6 +46,7 @@ permissions:
 jobs:
   validate:
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     steps:
     - name: Checkout code
       uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

Reply via email to