Steve Lawrence created DAFFODIL-3069:
----------------------------------------
Summary: GitHub actions workflows ASF policy violations
Key: DAFFODIL-3069
URL: https://issues.apache.org/jira/browse/DAFFODIL-3069
Project: Daffodil
Issue Type: Bug
Components: Infrastructure
Reporter: Steve Lawrence
>From an email from ASF:
Greetings Daffodil PMC!
The repository: daffodil has been scanned.
Our analysis has found that the following GitHub Actions workflows need
remediation:
CI: `max-parallel: 20` is required for job matrices. see
https://s.apache.org/max-parallel for more details
PR Labeler: `pull_request_target` was found as a workflow trigger. see
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=321719166#GitHubActionsSecurity-Buildstriggeredwithpull_request_target,
for more details
For more information on the GitHub Actions workflow policy, visit:
https://infra.apache.org/github-actions-policy.html
Please remediate the above as soon as possible.
If after after 60 days these problems are not addressed, we will turn off builds
Cheers,
ASF Infrastructure
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
