pingtimeout opened a new issue, #3290: URL: https://github.com/apache/polaris/issues/3290
### Describe the bug The 4th release workflow, which publishes release artifacts, is run against a branch, as per Github Action UI. It contains a check that verifies it is running against a `release/[major].[minor].x` branch, but it does not contain a check that verifies it is running against the latest RC tag of that version. So it is technically possible to add commits to the release branch after the binaries have been packaged and the vote thread has started, and misuse the publication workflow. The consequences would be that the binaries published to Nexus and Apache dist would be those of the tag, But the Docker image would be that of the branch HEAD. The workflow should contain a check that verifies it is running against the tag corresponding to the last RC, to prevent this from happening. ### To Reproduce _No response_ ### Actual Behavior _No response_ ### Expected Behavior _No response_ ### Additional context _No response_ ### System information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
