CI: prevent cache poisoning on pull_request events#7238
Conversation
echoix
left a comment
echoix
left a comment
There was a problem hiding this comment.
Apart from the changed beginning and end of the file, it seems like a reasonable restriction to only save the cache when it's the main branch.
SyedAhad01
changed the title
SyedAhad01
force-pushed
the
#1-issue-fix
branch
from
a7c9450 to
ce00f30
Compare
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
echoix
left a comment
echoix
left a comment
There was a problem hiding this comment.
Please review manually, as a human, the diff of this PR in the GitHub interface, and get back to us when you think it is really ready to review
|
Sir, I have reviewed the diff manually. The changes look correct:
|
|
Thank you @rouault for referencing this PR in GDAL! I will address the requested changes shortly. |
…soning [ci skip] Inspired by OSGeo/grass#7238
…soning [ci skip] Inspired by OSGeo/grass#7238
…soning [ci skip] Inspired by OSGeo/grass#7238
…soning [ci skip] Inspired by OSGeo/grass#7238
…soning [ci skip] Inspired by OSGeo/grass#7238
…soning [ci skip] Inspired by OSGeo/grass#7238
|
Hi @echoix, all 27 CI checks are now passing. |
|
@echoix unless I made a mistake, it looks like this is somehow breaking the documentation, see e.g: I downloaded the documentation builds before and after this PR and this seems to break it. |
|
I'll take a Quick look, but did you download the artifact or from the server? Markus updated the server to Debian 13, that is missing pdal, and he removed it from the configure step. Does r.clump use pdal? |
|
It doesn't make sense how the docs could be affected, its not the same workflow, and it doesn't touch code. |
|
The updated sever perhaps miss markdown code recognition (in doxygen). |
|
Any pointer which missing Debian package that could be? |
|
Its not in doxygen, in mkdocs, python. See https://github.com/OSGeo/grass/actions/runs/23842115846, the commit before, it has the same content as the artifact that is "broken" ad04bd6 |
|
I did not compare the doxygen artifacts yet |
You could take a look at what is installed in CI to make a full build of doxygen docs, because the artifact is built there |
|
In this artifact, https://github.com/OSGeo/grass/actions/runs/23748765851 from commit 6284bd5 the day before the change, it seems r.clump is wrong too 
So, this isn't related to the server change, nor this PR. Its before |
|
The artifacts before that are expired, so if we want to see something, we could rerun an older commit, but it wont reproduce exactly what was there at that time, (it won't be a definitive test) |
|
No, doxygen is only generating API docs. |
|
Sorry for the noise then... |
5 participants
Prevent cache poisoning by skipping the cache save step on pull_request events.
Only push events to main/releasebranch_* are allowed to write to the cache.
Fixes the zizmor security audit finding in ubuntu.yml.