ppkarwasz commented on PR #469: URL: https://github.com/apache/logging-parent/pull/469#issuecomment-4352001893
Let's take this a step at a time. There are two distinct CI problems: 1. **Workflows don't start on `logging-log4j2` and `logging-parent/main`.** Since the `trivy-action` incident, INFRA policy requires all third-party actions to be allow-listed in `apache/infrastructure-actions`. Develocity is one such action. Either removing it *or* bumping it to an allow-listed version fixes this: this PR does the latter. 2. **PRs can't be merged into `logging-parent/gha/v0`.** #455 updated the ruleset to require `CodeQL` and `build / build (ubuntu-latest)` on this branch, but no such workflows exist here. We missed that. This PR adds them. We can not modify the rulesets until apache/infrastructure-asfyaml#93 is merged. This PR is a minimal fix for both. Whatever we decide about Develocity and rulesets longer term (#467, #468), we can do without the time pressure of a blocked Log4j release. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
