Disable commit signatures (#95)

vy · ppkarwasz · web-flow · commit afca6602e2da · 2025-12-01T10:08:48.000+01:00
Co-authored-by: Piotr P. Karwasz &lt;piotr.github@karwasz.org&gt;
diff --git a/.asf.yaml b/.asf.yaml
@@ -46,7 +46,15 @@ github:
     - logger
     - scala
 
-  del_branch_on_merge: true
+  # Pull Request settings:
+  # https://github.com/apache/infrastructure-asfyaml#pull-request-settings
+  pull_requests:
+    # allow auto-merge
+    allow_auto_merge: true
+    # enable updating head branches of pull requests
+    allow_update_branch: true
+    # auto-delete head branches after being merged
+    del_branch_on_merge: true
 
   # Enforce squashing while merging PRs.
   # Otherwise, the git log gets polluted severely.
@@ -60,4 +68,17 @@ github:
 
   protected_branches:
     main:
-      required_signatures: true
+      # All reviews must be addressed before merging
+      required_conversation_resolution: true
+      # Require checks to pass before merging
+      required_status_checks:
+        checks:
+          # The GitHub Actions app: 15368
+          - app_id: 15368
+            context: "build / build (ubuntu-latest)"
+          # The GitHub Advanced Security app: 57789
+          - app_id: 57789
+            context: "CodeQL"
+      # At least one positive review must be present
+      required_pull_request_reviews:
+        required_approving_review_count: 1
diff --git a/pom.xml b/pom.xml
@@ -160,7 +160,7 @@
 
     <!-- dependency version -->
     <junit.version>4.13.2</junit.version>
-    <log4j.version>2.24.3</log4j.version>
+    <log4j.version>2.25.2</log4j.version>
     <mockito.version>4.11.0</mockito.version>
     <scalatest.version>3.2.10</scalatest.version>
     <scalatestplus.version>3.2.10.0</scalatestplus.version>
