Skip to content

HADOOP-19868: ci: add comments from security review of new actions#8450

Open
ajfabbri wants to merge 1 commit intoapache:trunkfrom
ajfabbri:af/hadoop-19868
Open

HADOOP-19868: ci: add comments from security review of new actions#8450
ajfabbri wants to merge 1 commit intoapache:trunkfrom
ajfabbri:af/hadoop-19868

Conversation

@ajfabbri
Copy link
Copy Markdown
Contributor

@ajfabbri ajfabbri commented Apr 22, 2026

Description of PR

No code change; comments only.

Following up on HADOOP-19858, this PR adds # Security: comments to add to our
github actions to explain why each workflow is safe.

How was this patch tested?

Comments only, but CodeQL scanning is now enabled for changes within the .github directory.

For code changes:

  • Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
  • [na] Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
  • [na] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
  • [na] If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

AI Tooling

If an AI tool was used:

@ajfabbri ajfabbri changed the title HADOOP-19858: ci: add comments from security review of new actions HADOOP-19868: ci: add comments from security review of new actions Apr 22, 2026
@ajfabbri ajfabbri marked this pull request as ready for review April 22, 2026 04:50
@ajfabbri ajfabbri requested a review from pan3793 April 22, 2026 04:50
@ajfabbri ajfabbri mentioned this pull request Apr 22, 2026
Merged
4 tasks
@pan3793
Copy link
Copy Markdown
Member

pan3793 commented Apr 22, 2026

@ajfabbri, thanks for the follow-up. this is the first PR from the forked repo to verify that workflow, and it's good to see it works by design.

Could you convert the Jira ticket to sub-task of HADOOP-19857 so we can collect all GitHub Actions work?

And I just opened another PR (#8451) as promised - leverage cache to speed up the image building. e.g.,

I guess you also want to add such comments to those new YAML files

@hadoop-yetus
Copy link
Copy Markdown

hadoop-yetus commented Apr 22, 2026

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 5m 10s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+0 🆗 yamllint 0m 0s yamllint was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
_ trunk Compile Tests _
+1 💚 shadedclient 38m 17s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 shadedclient 33m 8s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 asflicense 0m 36s The patch does not generate ASF License warnings.
78m 57s
Subsystem Report/Notes
Docker ClientAPI=1.54 ServerAPI=1.54 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8450/1/artifact/out/Dockerfile
GITHUB PR #8450
Optional Tests dupname asflicense codespell detsecrets yamllint
uname Linux c603ae53ef08 5.15.0-174-generic #184-Ubuntu SMP Fri Mar 13 18:41:50 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / e823d4f
Max. process+thread count 581 (vs. ulimit of 10000)
modules C: . U: .
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8450/1/console
versions git=2.43.0 maven=3.9.11
Powered by Apache Yetus 0.14.1 https://yetus.apache.org

This message was automatically generated.

@hadoop-yetus
Copy link
Copy Markdown

hadoop-yetus commented Apr 22, 2026

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 4m 7s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+0 🆗 yamllint 0m 0s yamllint was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
_ trunk Compile Tests _
+1 💚 shadedclient 38m 25s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 shadedclient 33m 0s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 asflicense 0m 36s The patch does not generate ASF License warnings.
77m 59s
Subsystem Report/Notes
Docker ClientAPI=1.54 ServerAPI=1.54 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8450/2/artifact/out/Dockerfile
GITHUB PR #8450
Optional Tests dupname asflicense codespell detsecrets yamllint
uname Linux b29d77835a87 5.15.0-174-generic #184-Ubuntu SMP Fri Mar 13 18:41:50 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / e823d4f
Max. process+thread count 571 (vs. ulimit of 10000)
modules C: . U: .
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8450/2/console
versions git=2.43.0 maven=3.9.11
Powered by Apache Yetus 0.14.1 https://yetus.apache.org

This message was automatically generated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pan3793 pan3793 Awaiting requested review from pan3793

@slfan1989 slfan1989 Awaiting requested review from slfan1989

@steveloughran steveloughran Awaiting requested review from steveloughran

Assignees

No one assigned

Labels

Infra trunk

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ajfabbri @pan3793 @hadoop-yetus