btw, I didn't get what you changed comparing to the original pr... If a re-trigger can work, then it is quite amazing, as several actions all died but they all die because of just false failed build? Not very likely IMO...
Xeno Amess <xenoam...@gmail.com> 于2022年1月1日周六 00:42写道: > > any reason pr's have to be manually approved before the ci jobs execute? > > 2 reasons. > > 1. github actions is free but only under some rate liminition. > > So if there is no such rule, some bad guys can create 1000000 accounts > and drain every open-source repo's github actions account. > > 2. some repos using github actions with cache, and use it to auto-deploy > > which means there is a chance for some bad guys to inject the repo's > auto-deploy artifact by creating pr and inject something in cache. > > John Patrick <nhoj.patr...@gmail.com> 于2022年1月1日周六 00:27写道: > >> so wanted to try and help out but unable to as pr won't build until it's >> approved by maintainer. >> from what i can tell it should have worked. tried that branch and master >> and both pass locally >> tried to kick off another build to see if just false failed build, so >> created new branch but it linked to previous commit, so added and remove a >> file to trick github to try and do a new build again. >> any reason pr's have to be manually approved before the ci jobs execute? >> >> John >> >> >> On Fri, 31 Dec 2021 at 13:50, Xeno Amess <xenoam...@gmail.com> wrote: >> >> > need sleep now,will have a look 10 hours later >> > >> > XenoAmess >> > ________________________________ >> > From: Gary Gregory <garydgreg...@gmail.com> >> > Sent: Friday, December 31, 2021 9:28:36 PM >> > To: Commons Developers List <dev@commons.apache.org> >> > Subject: [commons-vfs] Failure in bump ftpserver-core from 1.1.1 to >> 1.1.2 >> > >> > Does anyone have any free time to look at this failure? >> > >> > I'm still dealing with Log4j fallout... >> > >> > Gary >> > >> > ---------- Forwarded message --------- >> > From: GitBox <g...@apache.org> >> > Date: Fri, Dec 31, 2021 at 6:05 AM >> > Subject: [GitHub] [commons-vfs] dependabot[bot] opened a new pull >> request >> > #231: Bump ftpserver-core from 1.1.1 to 1.1.2 >> > To: <iss...@commons.apache.org> >> > >> > >> > >> > dependabot[bot] opened a new pull request #231: >> > URL: https://github.com/apache/commons-vfs/pull/231 >> > >> > >> > Bumps [ftpserver-core](https://github.com/apache/mina-ftpserver) >> from >> > 1.1.1 to 1.1.2. >> > <details> >> > <summary>Commits</summary> >> > <ul> >> > <li><a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/commit/a04a44d756e9ae18d0461326c761a851b8346d3d >> > "><code>a04a44d</code></a> >> > [maven-release-plugin] prepare release ftpserver-parent-1.1.2</li> >> > <li><a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/commit/d7fdad2429cf7b2ae433e10fa7df3b7961fe3704 >> > "><code>d7fdad2</code></a> >> > Fixed the javadoc failures</li> >> > <li><a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/commit/b4e8d0e39622ce5b121c183f070fe1ad67b41c4f >> > "><code>b4e8d0e</code></a> >> > [maven-release-plugin] rollback the release of >> ftpserver-parent-1.1.2</li> >> > <li><a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/commit/59947ea85dc7db2529f619886fd901fd0284bd42 >> > "><code>59947ea</code></a> >> > [maven-release-plugin] prepare for next development iteration</li> >> > <li><a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/commit/92c6af05cdf0eddd3d2e613b52def57984d78d33 >> > "><code>92c6af0</code></a> >> > [maven-release-plugin] prepare release ftpserver-parent-1.1.2</li> >> > <li><a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/commit/455a4336a4e9b319e1f6b5836b29dc095467c091 >> > "><code>455a433</code></a> >> > Fixed the outputStatement to make Javadoc plugin happy"</li> >> > <li><a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/commit/94fabe3c1e4776a1754e20403f9c5830231542f7 >> > "><code>94fabe3</code></a> >> > [maven-release-plugin] rollback the release of >> ftpserver-parent-1.1.2</li> >> > <li><a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/commit/fd1a0d89870c89a7a7c619d1b8f19786e7ce75fb >> > "><code>fd1a0d8</code></a> >> > [maven-release-plugin] prepare for next development iteration</li> >> > <li><a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/commit/990a5cebd692361b41e99d1bdf9cd2a9b1eed38a >> > "><code>990a5ce</code></a> >> > [maven-release-plugin] prepare release ftpserver-parent-1.1.2</li> >> > <li><a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/commit/402dbb1298aa897ec15ef854d3c2493a0c766141 >> > "><code>402dbb1</code></a> >> > [maven-release-plugin] rollback the release of ftpserver-1.1.3</li> >> > <li>Additional commits viewable in <a href=" >> > >> > >> https://github.com/apache/mina-ftpserver/compare/ftpserver-1.1.1...ftpserver-parent-1.1.2 >> > ">compare >> > view</a></li> >> > </ul> >> > </details> >> > <br /> >> > >> > >> > [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores >> > ) >> > >> > Dependabot will resolve any conflicts with this PR as long as you >> don't >> > alter it yourself. You can also trigger a rebase manually by commenting >> > `@dependabot rebase`. >> > >> > [//]: # (dependabot-automerge-start) >> > [//]: # (dependabot-automerge-end) >> > >> > --- >> > >> > <details> >> > <summary>Dependabot commands and options</summary> >> > <br /> >> > >> > You can trigger Dependabot actions by commenting on this PR: >> > - `@dependabot rebase` will rebase this PR >> > - `@dependabot recreate` will recreate this PR, overwriting any edits >> > that have been made to it >> > - `@dependabot merge` will merge this PR after your CI passes on it >> > - `@dependabot squash and merge` will squash and merge this PR after >> > your CI passes on it >> > - `@dependabot cancel merge` will cancel a previously requested merge >> > and block automerging >> > - `@dependabot reopen` will reopen this PR if it is closed >> > - `@dependabot close` will close this PR and stop Dependabot >> recreating >> > it. You can achieve the same result by closing it manually >> > - `@dependabot ignore this major version` will close this PR and stop >> > Dependabot creating any more for this major version (unless you reopen >> the >> > PR or upgrade to it yourself) >> > - `@dependabot ignore this minor version` will close this PR and stop >> > Dependabot creating any more for this minor version (unless you reopen >> the >> > PR or upgrade to it yourself) >> > - `@dependabot ignore this dependency` will close this PR and stop >> > Dependabot creating any more for this dependency (unless you reopen the >> PR >> > or upgrade to it yourself) >> > >> > >> > </details> >> > >> > >> > -- >> > This is an automated message from the Apache Git Service. >> > To respond to the message, please log on to GitHub and use the >> > URL above to go to the specific comment. >> > >> > To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org >> > >> > For queries about this service, please contact Infrastructure at: >> > us...@infra.apache.org >> > >> >
