anton-vinogradov opened a new pull request, #13287:
URL: https://github.com/apache/ignite/pull/13287
## Problem
The code style (checkstyle) check is not dispatched for a pull request that
conflicts with the base branch — the status check never appears, so a
contributor whose PR is temporarily in conflict gets no code-style feedback
until the conflict is resolved.
**Root cause:** the check lives in `commit-check.yml` and is triggered by
the `pull_request` event, which GitHub dispatches against the *test-merge
commit*. When the PR conflicts with the base branch (mergeable state `DIRTY`),
GitHub cannot compute that merge commit, so no run is created. (The
`pull_request_target`-based "Rolling Upgrade / Protected Classes" check runs
fine on conflicting PRs for exactly this reason.)
Checkstyle does not conceptually need a clean merge — only the PR sources.
The limitation is inherited purely from the `pull_request` event semantics.
## Change
* New `.github/workflows/code-style.yml` runs code style + licenses on
`pull_request_target` (plus `push` for master/release branches), so it is
dispatched regardless of merge conflicts.
* Hardened to be no less safe than the `pull_request` event:
* `permissions: contents: read` (no write token);
* no `secrets.*` referenced;
* checks out `pull_request.head.sha` and only **compiles** the PR sources
(`mvnw test-compile`), never executes tests.
With write permissions and secrets removed, building untrusted fork code
grants no privilege beyond what the existing `pull_request` job already allowed
— no new attack surface.
* `commit-check.yml` loses the code-style step (moved out); the
abandoned-tests step, which **executes** PR code, intentionally stays on
`pull_request`.
## Follow-ups for Infra / committers
* The status check name changes from `Check java code on JDK 17` to `Check
java code style on JDK 17`; branch-protection required checks must be updated
accordingly.
* `pull_request_target` that builds fork code is sensitive — worth a sanity
check with ASF Infra.
JIRA: https://issues.apache.org/jira/browse/IGNITE-28827
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]