[
https://issues.apache.org/jira/browse/IGNITE-23820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17908188#comment-17908188
]
Maksim Timonin commented on IGNITE-23820:
-----------------------------------------
Functionality is restored, thanks [~engelen] for your patch.
> run privileged workflow against approved commit
> -----------------------------------------------
>
> Key: IGNITE-23820
> URL: https://issues.apache.org/jira/browse/IGNITE-23820
> Project: Ignite
> Issue Type: Improvement
> Components: build
> Reporter: Arnout Engelen
> Assignee: Pavel Tupitsyn
> Priority: Minor
> Fix For: 2.17
>
> Attachments: image-2024-12-09-18-53-12-359.png
>
> Time Spent: 2h
> Remaining Estimate: 0h
>
> `sonar-pr-from-fork-build.yml` and `sonar-pr-from-fork-scan.yml` analyze PRs.
> `sonar-pr-from-fork-scan.yml` needs privileges to access the
> `SONARCLOUD_TOKEN` and to update the status of the PR check.
> To avoid a malicious PR from accessing those privileges, Ignite requires
> approval for GitHub Actions, and reviews the PR to catch any malicious code
> before approving the workflow.
> Some changes to the workflow are needed to make sure the privileged workflow
> is ran against the commit that was approved, and does not pull in any changes
> that may have been added to the PR after approval.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
