Copilot commented on code in PR #4548:
URL: https://github.com/apache/polaris/pull/4548#discussion_r3303197579
##########
.github/workflows/ci.yml:
##########
@@ -229,6 +229,7 @@ jobs:
docker-image-scan:
name: Polaris Docker Image Scan
+ if: github.repository_owner == 'apache'
runs-on: ubuntu-latest
Review Comment:
The new job-level condition gates on `github.repository_owner == 'apache'`,
which still allows this job to run in *any* repository under the `apache` org
(not just `apache/polaris`). This is looser than the PR title/intent (“restrict
… to Polaris repo”) and is also inconsistent with other jobs in this workflow
that use `github.repository == 'apache/polaris'` (e.g., `markdown-link-check`).
Consider switching to `github.repository == 'apache/polaris'` (or combining
both checks) to ensure scans only run in the intended repository.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]