Thank you Ricardo for this thread. I don't know details about the workflows, but see that for PR checks there are reported actions that are not allowed in Apache org:
https://github.com/apache/incubator-kie-kogito-serverless-operator/actions/runs/6252529689 The status there says: shogo82148/actions-goveralls@v1 is not allowed to be used in apache/incubator-kie-kogito-serverless-operator. Actions in this workflow must be: within a repository owned by apache, created by GitHub, verified in the GitHub Marketplace, or matching the following And then continues regex and allowed origins. The sources I've referred to in my other mail are the only info I have. https://lists.apache.org/thread/3vw3rdxw8yxj9rlpodksv4wmc3cqmoyo https://lists.apache.org/thread/84wbzldr4gpvbgwdppw7mclbw7ovtkpp https://cwiki.apache.org/confluence/display/BUILDS/GitHub+Actions+status#GitHubActionsstatus-Security Regards Jan Dne st 20. 9. 2023 20:26 uživatel ricardo zanini fernandes < [email protected]> napsal: > I'm starting a new thread since it was requested by Jan, so we won't mess > up the topics. > > He mentioned that there are several restrictions to GHA under Apache org. > Honestly, I didn't go through all the docs he linked in the other email, > but it seems it can hardly restrict our cloud requirements. > > Is there an alternative? Like other CI systems? If so, can someone point me > in the right direction via simple steps? > > Sorry to keep pushing, but I need to unlock those PRs since I have users > and product releases depending on them. > > Cheers! > -- > Ricardo Zanini Fernandes > Vida longa e próspera. >
