-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IGNITE-23820 Restore 'checkout' in sonar-pr-from-fork-build.yml
#11721
base: master
Are you sure you want to change the base?
IGNITE-23820 Restore 'checkout' in sonar-pr-from-fork-build.yml
#11721
Conversation
Hi Arnout Engelen, Thanks! Now it does the build. I think we still need to return back the fetch of the PR's base branch (which is master in fact) from the upstream (main ignite) repo. Otherwise the Sonar would fail to detect the "new lines of code" if fork's master is not synchronized with main repo. See details at https://community.sonarsource.com/t/how-to-use-sonarcloud-with-a-forked-repository-on-github/7363/32 Do you see any security risks in fetching of the master branch from the main ignite repo? I mean the following section
|
I think that should be OK, as we trust |
Yes we may hardcode the As far as the |
Follow-up on 964dc48 which removed the checkout from the pull-request workflow entirely. This should now check out the default rev (which should be the code from the PR as it was when the workflow was approved).
366fceb
to
ee9510e
Compare
Quality Gate passedIssues Measures |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good for me now
Follow-up on 964dc48 which removed the checkout from the pull-request workflow entirely. This should now check out the default rev (which should be the code from the PR as it was when the workflow was approved).
Thank you for submitting the pull request to the Apache Ignite.
In order to streamline the review of the contribution
we ask you to ensure the following steps have been taken:
The Contribution Checklist
The description explains WHAT and WHY was made instead of HOW.
The following pattern must be used:
IGNITE-XXXX Change summary
whereXXXX
- number of JIRA issue.(see the Maintainers list)
the
green visa
attached to the JIRA ticket (see TC.Bot: Check PR)Notes
If you need any help, please email [email protected] or ask anу advice on http://asf.slack.com #ignite channel.