Re: Github PR actions'/events

2021-10-29 Thread Jacques Le Roux 

As I want to fix it, I need it active, sorry for that

Le 29/10/2021 à 14:09, Pierre Smits a écrit :

Jacques,

Though not an issue/concern for you personally, can we have this feature
disabled?

These failures may give a false impression to contributors submitting PRs.
Which can potentially lead to them wasting time chasing a non-issue, or
worse: get annoyed and leave the project.

Best regards,

Pierre

Op vr 29 okt. 2021 11:24 schreef Jacques Le Roux <
jacques.le.r...@les7arts.com>:


Please see the request change, I can't edit the file

Le 29/10/2021 à 11:15, Jacques Le Roux a écrit :

Hi Pierre,

Ah indeed:

https://github.com/apache/ofbiz-framework/runs/4037388858?check_suite_focus=true

That's new and was reported by Mart Naum today at  OFBIZ-12351 "Builds

fail due to unauthorized access to repo.spring.io/plugins-release"

It appears only when you clean the Gradle cache (can't reproduce locally

with a build after a clean). That's obviously a situation we get with GH

actions where all is new. I'm not sure yet it's the same situation with

Buildbot. I'll check that pushing your PR.

I'm not sure if this relates:

https://markmail.org/message/skxini7ytetn23ub or if it's a completely new
situation.

HTH

Jacques

Le 28/10/2021 à 19:24, Pierre Smits a écrit :


Hi Jacques,

Everything is going well?

As an example: https://github.com/apache/ofbiz-framework/pull/323

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz 

since

2008 (without privileges)

*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Thu, Oct 28, 2021 at 7:21 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:


Pierre,

Inline...

Le 28/10/2021 à 13:41, Pierre Smits a écrit :

When posting a PR to the GitHub repo, following events are triggered:

  1. CodeCL / Analyze (java) (pull_request)
  2. Java CI with Gradle / build (pull_request
  3. CodeCL / Analyse (javascript) (pull_request)
  4. etc.

Of the actions/events listed, #1 and #2 fail.

Is this something that is configurable?

Actually OFBiz (Java files) is too big for CodeCL. We need to pass less
data. I'm not yet sure how to handle that (not a priority to me, it

does

not
prevent anything but itself):



https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true



https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning



https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan


AFAIK we have no issue with your option 2. Have you an example?

Jacques


It seems to me that this should not happen when:
a. the change is only in an xml file
b. the pull request has no conflicts with the base branche (and the

base

branch should always build, right?)

Can this be looked into?



Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz

since

2008 (without privileges)

*Apache Directory, PMC Member*
Apache Incubator, committer
Apache Steve, committer

Re: Github PR actions'/events

2021-10-29 Thread Pierre Smits 
Jacques,

Though not an issue/concern for you personally, can we have this feature
disabled?

These failures may give a false impression to contributors submitting PRs.
Which can potentially lead to them wasting time chasing a non-issue, or
worse: get annoyed and leave the project.

Best regards,

Pierre

Op vr 29 okt. 2021 11:24 schreef Jacques Le Roux <
jacques.le.r...@les7arts.com>:

> Please see the request change, I can't edit the file
>
> Le 29/10/2021 à 11:15, Jacques Le Roux a écrit :
> > Hi Pierre,
> >
> > Ah indeed:
> https://github.com/apache/ofbiz-framework/runs/4037388858?check_suite_focus=true
> >
> > That's new and was reported by Mart Naum today at  OFBIZ-12351 "Builds
> fail due to unauthorized access to repo.spring.io/plugins-release"
> >
> > It appears only when you clean the Gradle cache (can't reproduce locally
> with a build after a clean). That's obviously a situation we get with GH
> > actions where all is new. I'm not sure yet it's the same situation with
> Buildbot. I'll check that pushing your PR.
> >
> > I'm not sure if this relates:
> https://markmail.org/message/skxini7ytetn23ub or if it's a completely new
> situation.
> >
> > HTH
> >
> > Jacques
> >
> > Le 28/10/2021 à 19:24, Pierre Smits a écrit :
> >
> >> Hi Jacques,
> >>
> >> Everything is going well?
> >>
> >> As an example: https://github.com/apache/ofbiz-framework/pull/323
> >>
> >> Met vriendelijke groet,
> >>
> >> Pierre Smits
> >> *Proud* *contributor** of* Apache OFBiz 
> since
> >> 2008 (without privileges)
> >>
> >> *Apache Directory , PMC Member*
> >> Apache Incubator , committer
> >> Apache Steve , committer
> >>
> >>
> >> On Thu, Oct 28, 2021 at 7:21 PM Jacques Le Roux <
> >> jacques.le.r...@les7arts.com> wrote:
> >>
> >>> Pierre,
> >>>
> >>> Inline...
> >>>
> >>> Le 28/10/2021 à 13:41, Pierre Smits a écrit :
>  When posting a PR to the GitHub repo, following events are triggered:
> 
>   1. CodeCL / Analyze (java) (pull_request)
>   2. Java CI with Gradle / build (pull_request
>   3. CodeCL / Analyse (javascript) (pull_request)
>   4. etc.
> 
>  Of the actions/events listed, #1 and #2 fail.
> 
>  Is this something that is configurable?
> >>> Actually OFBiz (Java files) is too big for CodeCL. We need to pass less
> >>> data. I'm not yet sure how to handle that (not a priority to me, it
> does
> >>> not
> >>> prevent anything but itself):
> >>>
> >>>
> https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true
> >>>
> >>>
> https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
> >>>
> >>>
> https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan
> >>>
> >>>
> >>> AFAIK we have no issue with your option 2. Have you an example?
> >>>
> >>> Jacques
> >>>
>  It seems to me that this should not happen when:
>  a. the change is only in an xml file
>  b. the pull request has no conflicts with the base branche (and the
> base
>  branch should always build, right?)
> 
>  Can this be looked into?
> 
> 
> 
>  Met vriendelijke groet,
> 
>  Pierre Smits
>  *Proud* *contributor** of* Apache OFBiz
> >>> since
>  2008 (without privileges)
> 
>  *Apache Directory, PMC Member*
>  Apache Incubator, committer
>  Apache Steve, committer
> >
>

Re: Github PR actions'/events

2021-10-29 Thread Jacques Le Roux 

Please see the request change, I can't edit the file

Le 29/10/2021 à 11:15, Jacques Le Roux a écrit :

Hi Pierre,

Ah indeed: 
https://github.com/apache/ofbiz-framework/runs/4037388858?check_suite_focus=true

That's new and was reported by Mart Naum today at  OFBIZ-12351 "Builds fail due to 
unauthorized access to repo.spring.io/plugins-release"

It appears only when you clean the Gradle cache (can't reproduce locally with a build after a clean). That's obviously a situation we get with GH 
actions where all is new. I'm not sure yet it's the same situation with Buildbot. I'll check that pushing your PR.


I'm not sure if this relates: https://markmail.org/message/skxini7ytetn23ub or 
if it's a completely new situation.

HTH

Jacques

Le 28/10/2021 à 19:24, Pierre Smits a écrit :


Hi Jacques,

Everything is going well?

As an example: https://github.com/apache/ofbiz-framework/pull/323

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Thu, Oct 28, 2021 at 7:21 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:


Pierre,

Inline...

Le 28/10/2021 à 13:41, Pierre Smits a écrit :

When posting a PR to the GitHub repo, following events are triggered:

 1. CodeCL / Analyze (java) (pull_request)
 2. Java CI with Gradle / build (pull_request
 3. CodeCL / Analyse (javascript) (pull_request)
 4. etc.

Of the actions/events listed, #1 and #2 fail.

Is this something that is configurable?

Actually OFBiz (Java files) is too big for CodeCL. We need to pass less
data. I'm not yet sure how to handle that (not a priority to me, it does
not
prevent anything but itself):

https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning

https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan 



AFAIK we have no issue with your option 2. Have you an example?

Jacques


It seems to me that this should not happen when:
a. the change is only in an xml file
b. the pull request has no conflicts with the base branche (and the base
branch should always build, right?)

Can this be looked into?



Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz

since

2008 (without privileges)

*Apache Directory, PMC Member*
Apache Incubator, committer
Apache Steve, committer

Re: Github PR actions'/events

2021-10-29 Thread Jacques Le Roux 

Hi Pierre,

Ah indeed: 
https://github.com/apache/ofbiz-framework/runs/4037388858?check_suite_focus=true

That's new and was reported by Mart Naum today at  OFBIZ-12351 "Builds fail due to 
unauthorized access to repo.spring.io/plugins-release"

It appears only when you clean the Gradle cache (can't reproduce locally with a build after a clean). That's obviously a situation we get with GH 
actions where all is new. I'm not sure yet it's the same situation with Buildbot. I'll check that pushing your PR.


I'm not sure if this relates: https://markmail.org/message/skxini7ytetn23ub or 
if it's a completely new situation.

HTH

Jacques

Le 28/10/2021 à 19:24, Pierre Smits a écrit :


Hi Jacques,

Everything is going well?

As an example: https://github.com/apache/ofbiz-framework/pull/323

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Thu, Oct 28, 2021 at 7:21 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:


Pierre,

Inline...

Le 28/10/2021 à 13:41, Pierre Smits a écrit :

When posting a PR to the GitHub repo, following events are triggered:

 1. CodeCL / Analyze (java) (pull_request)
 2. Java CI with Gradle / build (pull_request
 3. CodeCL / Analyse (javascript) (pull_request)
 4. etc.

Of the actions/events listed, #1 and #2 fail.

Is this something that is configurable?

Actually OFBiz (Java files) is too big for CodeCL. We need to pass less
data. I'm not yet sure how to handle that (not a priority to me, it does
not
prevent anything but itself):

https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning

https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan

AFAIK we have no issue with your option 2. Have you an example?

Jacques


It seems to me that this should not happen when:
a. the change is only in an xml file
b. the pull request has no conflicts with the base branche (and the base
branch should always build, right?)

Can this be looked into?



Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz

since

2008 (without privileges)

*Apache Directory, PMC Member*
Apache Incubator, committer
Apache Steve, committer

Re: Github PR actions'/events

2021-10-28 Thread Pierre Smits 
Hi Jacques,

Everything is going well?

As an example: https://github.com/apache/ofbiz-framework/pull/323

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Thu, Oct 28, 2021 at 7:21 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:

> Pierre,
>
> Inline...
>
> Le 28/10/2021 à 13:41, Pierre Smits a écrit :
> > When posting a PR to the GitHub repo, following events are triggered:
> >
> > 1. CodeCL / Analyze (java) (pull_request)
> > 2. Java CI with Gradle / build (pull_request
> > 3. CodeCL / Analyse (javascript) (pull_request)
> > 4. etc.
> >
> > Of the actions/events listed, #1 and #2 fail.
> >
> > Is this something that is configurable?
>
> Actually OFBiz (Java files) is too big for CodeCL. We need to pass less
> data. I'm not yet sure how to handle that (not a priority to me, it does
> not
> prevent anything but itself):
>
> https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true
>
> https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
>
> https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan
>
> AFAIK we have no issue with your option 2. Have you an example?
>
> Jacques
>
> > It seems to me that this should not happen when:
> > a. the change is only in an xml file
> > b. the pull request has no conflicts with the base branche (and the base
> > branch should always build, right?)
> >
> > Can this be looked into?
> >
> >
> >
> > Met vriendelijke groet,
> >
> > Pierre Smits
> > *Proud* *contributor** of* Apache OFBiz
> since
> > 2008 (without privileges)
> >
> > *Apache Directory, PMC Member*
> > Apache Incubator, committer
> > Apache Steve, committer
>

Re: Github PR actions'/events

2021-10-28 Thread Jacques Le Roux 

Pierre,

Inline...

Le 28/10/2021 à 13:41, Pierre Smits a écrit :

When posting a PR to the GitHub repo, following events are triggered:

1. CodeCL / Analyze (java) (pull_request)
2. Java CI with Gradle / build (pull_request
3. CodeCL / Analyse (javascript) (pull_request)
4. etc.

Of the actions/events listed, #1 and #2 fail.

Is this something that is configurable?


Actually OFBiz (Java files) is too big for CodeCL. We need to pass less data. I'm not yet sure how to handle that (not a priority to me, it does not 
prevent anything but itself):

https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true
https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan

AFAIK we have no issue with your option 2. Have you an example?

Jacques


It seems to me that this should not happen when:
a. the change is only in an xml file
b. the pull request has no conflicts with the base branche (and the base
branch should always build, right?)

Can this be looked into?



Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Directory, PMC Member*
Apache Incubator, committer
Apache Steve, committer