Hi Pierre,
Ah indeed:
https://github.com/apache/ofbiz-framework/runs/4037388858?check_suite_focus=true
That's new and was reported by Mart Naum today at OFBIZ-12351 "Builds fail due to
unauthorized access to repo.spring.io/plugins-release"
It appears only when you clean the Gradle cache (can't reproduce locally with a build after a clean). That's obviously a situation we get with GH
actions where all is new. I'm not sure yet it's the same situation with Buildbot. I'll check that pushing your PR.
I'm not sure if this relates: https://markmail.org/message/skxini7ytetn23ub or
if it's a completely new situation.
HTH
Jacques
Le 28/10/2021 à 19:24, Pierre Smits a écrit :
Hi Jacques,
Everything is going well?
As an example: https://github.com/apache/ofbiz-framework/pull/323
Met vriendelijke groet,
Pierre Smits
*Proud* *contributor** of* Apache OFBiz <https://ofbiz.apache.org/> since
2008 (without privileges)
*Apache Directory <https://directory.apache.org>, PMC Member*
Apache Incubator <https://incubator.apache.org>, committer
Apache Steve <https://steve.apache.org>, committer
On Thu, Oct 28, 2021 at 7:21 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
Pierre,
Inline...
Le 28/10/2021 à 13:41, Pierre Smits a écrit :
When posting a PR to the GitHub repo, following events are triggered:
1. CodeCL / Analyze (java) (pull_request)
2. Java CI with Gradle / build (pull_request
3. CodeCL / Analyse (javascript) (pull_request)
4. etc.
Of the actions/events listed, #1 and #2 fail.
Is this something that is configurable?
Actually OFBiz (Java files) is too big for CodeCL. We need to pass less
data. I'm not yet sure how to handle that (not a priority to me, it does
not
prevent anything but itself):
https://github.com/apache/ofbiz-framework/runs/3928683199?check_suite_focus=true
https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
https://docs-dot-github-dotcom.gateway.web.tr/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan
AFAIK we have no issue with your option 2. Have you an example?
Jacques
It seems to me that this should not happen when:
a. the change is only in an xml file
b. the pull request has no conflicts with the base branche (and the base
branch should always build, right?)
Can this be looked into?
Met vriendelijke groet,
Pierre Smits
*Proud* *contributor** of* Apache OFBiz<https://ofbiz.apache.org/>
since
2008 (without privileges)
*Apache Directory<https://directory.apache.org>, PMC Member*
Apache Incubator<https://incubator.apache.org>, committer
Apache Steve<https://steve.apache.org>, committer
