This is an automated email from the ASF dual-hosted git repository. reta pushed a commit to branch 4.1.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit fa70fd406baaebecce589b3f4e808152335a182d Author: Andriy Redko <[email protected]> AuthorDate: Sat Nov 22 15:23:03 2025 -0500 Cut 4.1.x-fixes release branch --- .github/workflows/codeql-analysis.yml | 4 +-- .github/workflows/pull-request-build.yml | 2 +- .github/workflows/scorecards.yml | 62 -------------------------------- .gitmergeinfo | 1 + README.md | 2 +- 5 files changed, 5 insertions(+), 66 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c6bf640005..f1537637db 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -7,10 +7,10 @@ name: "CodeQL" on: push: - branches: ['main', '4.0.x-fixes', '3.6.x-fixes'] + branches: ['main', '4.1.x-fixes', '4.0.x-fixes', '3.6.x-fixes'] pull_request: # The branches below must be a subset of the branches above - branches: ['main', '4.0.x-fixes', '3.6.x-fixes'] + branches: ['main', '4.1.x-fixes', '4.0.x-fixes', '3.6.x-fixes'] #schedule: #- cron: '0 18 * * 5' diff --git a/.github/workflows/pull-request-build.yml b/.github/workflows/pull-request-build.yml index 97c9c5aa8e..5a7d5c4382 100644 --- a/.github/workflows/pull-request-build.yml +++ b/.github/workflows/pull-request-build.yml @@ -2,7 +2,7 @@ name: "Build and Test" on: pull_request: - branches: ['main', '3.6.x-fixes', '3.5.x-fixes', '3.4.x-fixes'] + branches: ['4.1.x-fixes', '3.6.x-fixes', '3.5.x-fixes', '3.4.x-fixes'] permissions: contents: read diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml deleted file mode 100644 index 5d02223ec3..0000000000 --- a/.github/workflows/scorecards.yml +++ /dev/null @@ -1,62 +0,0 @@ -name: Scorecards supply-chain security -on: - # Only the default branch is supported. - branch_protection_rule: - schedule: - - cron: '43 19 * * 1' - push: - branches: [ "main" ] - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecards analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Used to receive a badge. - id-token: write - # Needs for private repositories. - contents: read - actions: read - - steps: - - name: "Checkout code" - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # tag=v3.0.0 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a #tag=2.4.3 - with: - results_file: results.sarif - results_format: sarif - # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecards on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - - # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # tag=v5.0.0 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee #tag=v2 - with: - sarif_file: results.sarif diff --git a/.gitmergeinfo b/.gitmergeinfo new file mode 100644 index 0000000000..1a99750f01 --- /dev/null +++ b/.gitmergeinfo @@ -0,0 +1 @@ +origin/main \ No newline at end of file diff --git a/README.md b/README.md index eb7217d88f..d306e5e885 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[](https://ci-builds.apache.org/job/CXF/job/pipeline/job/main/) +[](https://ci-builds.apache.org/job/CXF/job/pipeline/job/4.1.x-fixes/) [](https://maven-badges.herokuapp.com/maven-central/org.apache.cxf/cxf) [](https://api.securityscorecards.dev/projects/github.com/apache/cxf) [](https://bestpractices.coreinfrastructure.org/projects/6978)
