[
https://issues.apache.org/jira/browse/DAFFODIL-3069?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Lawrence updated DAFFODIL-3069:
-------------------------------------
Priority: Critical (was: Major)
> GitHub actions workflows ASF policy violations
> ----------------------------------------------
>
> Key: DAFFODIL-3069
> URL: https://issues.apache.org/jira/browse/DAFFODIL-3069
> Project: Daffodil
> Issue Type: Bug
> Components: Infrastructure
> Reporter: Steve Lawrence
> Priority: Critical
>
> From an email from ASF:
> Greetings Daffodil PMC!
> The repository: daffodil has been scanned.
> Our analysis has found that the following GitHub Actions workflows need
> remediation:
> CI: `max-parallel: 20` is required for job matrices. see
> https://s.apache.org/max-parallel for more details
> PR Labeler: `pull_request_target` was found as a workflow trigger. see
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=321719166#GitHubActionsSecurity-Buildstriggeredwithpull_request_target,
> for more details
> For more information on the GitHub Actions workflow policy, visit:
> https://infra.apache.org/github-actions-policy.html
> Please remediate the above as soon as possible.
> If after after 60 days these problems are not addressed, we will turn off
> builds
> Cheers,
> ASF Infrastructure
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
