database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
17,275 Commits 1 Branch 0 Tags
6b2af74a63fa5ce8fe2ff7fe6ff33dc021b7152a
Commit Graph

20 Commits

Author SHA1 Message Date
Calvin Kirs
8deeaef61b [Chore](workflow)delete auto-reply workflow (#30626) 
auto-reply not working due to permission issue
Comments on the fork repository failed due to permission issues
We will instead use Github App to listen for events and then comment.
 2024-01-31 23:53:39 +08:00
Calvin Kirs
ab739a6cdc [Chore](workflow)Fix Pr comment not worker (#27400) 2023-11-23 18:17:31 +08:00
Mingyu Chen
e7a2b7b862 [comm](github) add submodule create-or-update-comment (#27301) 2023-11-22 10:24:38 +08:00
Adonis Ling
f4cbbe6429 [chore](workflow) Fix security issues with pull_request_target (#26525) 
In the workflow Code Checks, we use the event pull_request_target which has write permission to enable the actions to comment on our PRs. We should be careful with the write permission and must forbid from running any user code. The previous PR #24761 tried its best to achieve this goal.
However, there is a scenario lacking of consideration (See #26494). #26494 attacks the workflow by git submodule way. This PR fixes this scenario by checkouting the external action explicitly in the workflow.
 2023-11-08 11:23:13 +08:00
Pxl
5ba2a19cd2 [Chore](check) change sonarcloud github action to c/cpp action (#24433) 
change sonarcloud github action to c/cpp action
 2023-09-15 14:55:36 +08:00
Pxl
a68ed24d20 [Chore](workflow) add sonar cloud on cpp workflow (#24189) 
add sonar cloud on cpp workflow
 2023-09-14 15:14:05 +08:00
airborne12
f32deb18e9 [Update](build) change clucene from thirdparty to git module (#19352) 2023-05-19 08:25:51 +08:00
Qi Chen
2209b714d1 [chore](orc) Update orc lib to third party lib(1.8.3) using git submodule. (#18531) 2023-04-12 10:37:50 +08:00
Pxl
c804024e5d [Chore](workflow) add clang-tidy workflow (#14737) 
add clang-tidy workflow
 2022-12-02 14:10:29 +08:00
Adonis Ling
4fa53b4cdb [chore](workflow) Add shellcheck to check shell scripts (#11744) 2022-08-18 16:07:28 +08:00
Adonis Ling
5215d95064 [enhancement](workflow) Use ccache to speed the BE UT (Clang) up (#11339) 2022-07-29 21:19:26 +08:00
jakevin
14bb6088da [community](actions): add action to check PR title (#11304) 2022-07-29 14:49:44 +08:00
Adonis Ling
9013d5cc09 [enhancement](workflow) Optimize workflows (#11145) 
1. Fine tune the trigger conditions for workflows.
2. Introduce concurrency group to cancel previous workflow trigged by the same pr.
 2022-07-28 08:32:33 +08:00
morrySnow
c62c2e308f [chore]replace checkstyle action with mvn checkstyle:check (#10474) 2022-06-30 11:20:50 +08:00
morrySnow
784681f106 [FE Code Style][step 0]add github action to check incremental code in pr (#9328) 
1. add rules to checkstyle
2. add github action to check incremental code in pr
 2022-05-01 17:30:29 +08:00
jakevin
ebc27a40d7 [docs] Split the FAQ And Revert auto-label action (#7770) 2022-01-17 10:34:56 +08:00
jakevin
3da4425af5 [fix](github-action) fix the action of set-label-based-on-pr-title (#7757) 2022-01-13 23:35:00 +08:00
jakevin
b51121fe86 [chore](github-action) Add label auto for pull requests (#7663) 2022-01-13 20:07:16 +08:00
kezhenxu94
270bebe196 [chore](github) Add third-party GitHub Action as submodule to allow it to run (#7280) 
Add the 3rd-party GHA as submodule so that it can be run without asking to add it into allow list.
 2021-12-04 19:43:30 +08:00
Tobiasz Kędzierski
8d1c1ef1e6 [Community] Fix PR labeling github action workflow (#6279) 
My change is the fix and improvement for github action which labels approved PRs (introduced in this [PR](https://github.com/apache/incubator-doris/pull/6239)).

It is inspired by solution introduced and tested in [Apache Airflow](https://github.com/apache/airflow) (thanks @potiuk @ashb 🚀 )

Corresponding Apache Airflow workflows on which I based this PR:
 - https://github.com/apache/airflow/blob/main/.github/workflows/label_when_reviewed.yml
 - https://github.com/apache/airflow/blob/main/.github/workflows/label_when_reviewed_workflow_run.yml

Problems which were solved in this PR:

 - **Permissions**.
  @morningman opened a related bug: [[Help] Error: Resource not accessible by integration](https://github.com/TobKed/label-when-approved-action/issues/7). It is related to limited permissions of workflows being triggered by `pull_request_review` (`GITHUB_TOKEN` has read-only permissions). More information about it you can find in the article:  [Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).
   TL;DR:  On pull request review event (`on: pull_request_review` ) "dummy" workflow `Label when reviewed` triggers another workflow `Label when approved workflow run` which has sufficient permissions (`on:  workflow_run:  workflows: ["Label when reviewed"]`).

 - **Safe use of 3rd-party Github Actions by using submodules pattern.**  It is decribed in:    
 https://cwiki.apache.org/confluence/display/BUILDS/GitHub+Actions+status

    >  NEVER use 3rd-party actions directly in your workflows - use the "submodule" pattern.
    
    This pattern is successfully used by projects like:
     - [Apache Airflow](https://github.com/apache/airflow) ([PR](https://github.com/apache/airflow/pull/13514#))
     - [Apache Beam](https://github.com/apache/beam) ([PR](https://github.com/apache/beam/pull/13736))
     - [Apache Superset](https://github.com/apache/superset) ([PR](https://github.com/apache/superset/pull/12709))
 2021-07-25 22:22:09 +08:00