[PR] OPENNLP-1689 - Update GH actions with ASF #builds security recommendtions (opennlp)

Sun, 05 Jan 2025 23:48:11 -0800 


rzo1 opened a new pull request, #736:
URL: https://github.com/apache/opennlp/pull/736

   
   
   ### For all changes:
   - [x] Is there a JIRA ticket associated with this PR? Is it referenced 
        in the commit message?
   
   - [x] Does your PR title start with OPENNLP-XXXX where XXXX is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
   
   - [x] Has your PR been rebased against the latest commit within the target 
branch (typically main)?
   
   - [x] Is your initial contribution a single, squashed commit?
   
   ### For code changes:
   - [ ] Have you ensured that the full suite of tests is executed via mvn 
clean install at the root opennlp folder?
   - [ ] Have you written or updated unit tests to verify your changes?
   - [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
   - [ ] If applicable, have you updated the LICENSE file, including the main 
LICENSE file in opennlp folder?
   - [ ] If applicable, have you updated the NOTICE file, including the main 
NOTICE file found in opennlp folder?
   
   ### For documentation related changes:
   - [ ] Have you ensured that format looks appropriate for the output in which 
it is rendered?
   
   ### Note:
   
   Adjust GH workflow to avoid persisting credentials according to 
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=321719166#GitHubActionsSecurity-Dangerousworkflows
 found via "zizmor" static GH action analysis.
   
   ```bash
   ➜  workflows git:(main) ✗ zizmor maven.yml publish-snapshots.yml 
   2025-01-06T07:43:52.127796Z  INFO audit: zizmor: 🌈 completed 
/Users/rz/IdeaProjects/opennlp/.github/workflows/maven.yml
   2025-01-06T07:43:52.133229Z  INFO audit: zizmor: 🌈 completed 
/Users/rz/IdeaProjects/opennlp/.github/workflows/publish-snapshots.yml
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to