Skip to content

RATIS-2588. (addendum) Tweak allowlist-check glob pattern to match .yaml files#141

Merged
adoroszlai merged 2 commits into
apache:masterfrom
adoroszlai:RATIS-2588-add
Jul 6, 2026
Merged

RATIS-2588. (addendum) Tweak allowlist-check glob pattern to match .yaml files#141
adoroszlai merged 2 commits into
apache:masterfrom
adoroszlai:RATIS-2588-add

Conversation

@adoroszlai

Copy link
Copy Markdown
Contributor

What changes were proposed in this pull request?

Addendum for RATIS-2588. Just noticed after merging #139 that the new workflow only checked zizmor.yml:

Checking 2 unique action ref(s) against the ASF allowlist:

  ✅ actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 — trusted owner (actions)  (.github/workflows/zizmor.yml)
  ✅ zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa — matches allowlist  (.github/workflows/zizmor.yml)
All 2 unique action refs are on the ASF allowlist

It turned out that allowlist-check only looks at .yml files by default, ignoring .yaml files.

https://github.com/apache/infrastructure-actions/blob/5d6d53e66c7f6f831d4fd0c8fd1a610054ed8a26/allowlist-check/action.yml#L29-L31

This PR configures the action to check both extensions. Also, rename zizmor.yml to .yaml to match naming convention.

https://issues.apache.org/jira/browse/RATIS-2588

How was this patch tested?

Before rename:

Checking 8 unique action ref(s) against the ASF allowlist:
  ✅ actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 — trusted owner (actions)  (.github/workflows/asf-allowlist-check.yaml, .github/workflows/reusable-check.yaml, .github/workflows/zizmor.yml)
  ✅ actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c — trusted owner (actions)  (.github/workflows/reusable-check.yaml)
  ✅ actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 — trusted owner (actions)  (.github/workflows/reusable-check.yaml)
  ✅ actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a — trusted owner (actions)  (.github/workflows/reusable-check.yaml, .github/workflows/reusable-check.yaml)
  ✅ apache/infrastructure-actions/allowlist-check@775350a154e610e84c460cb1bbe2d2ab26c15cb3 — trusted owner (apache)  (.github/workflows/asf-allowlist-check.yaml)
  ✅ apache/infrastructure-actions/stash/restore@2245ffcb262ea1723462729b032d1d5c71290dfc — trusted owner (apache)  (.github/workflows/reusable-check.yaml)
  ✅ apache/infrastructure-actions/stash/save@2245ffcb262ea1723462729b032d1d5c71290dfc — trusted owner (apache)  (.github/workflows/reusable-check.yaml)
  ✅ zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa — matches allowlist  (.github/workflows/zizmor.yml)
All 8 unique action refs are on the ASF allowlist

After rename:

Checking 8 unique action ref(s) against the ASF allowlist:

  ✅ actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 — trusted owner (actions)  (.github/workflows/asf-allowlist-check.yaml, .github/workflows/reusable-check.yaml, .github/workflows/zizmor.yaml)
  ✅ actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c — trusted owner (actions)  (.github/workflows/reusable-check.yaml)
  ✅ actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 — trusted owner (actions)  (.github/workflows/reusable-check.yaml)
  ✅ actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a — trusted owner (actions)  (.github/workflows/reusable-check.yaml, .github/workflows/reusable-check.yaml)
  ✅ apache/infrastructure-actions/allowlist-check@775350a154e610e84c460cb1bbe2d2ab26c15cb3 — trusted owner (apache)  (.github/workflows/asf-allowlist-check.yaml)
  ✅ apache/infrastructure-actions/stash/restore@2245ffcb262ea1723462729b032d1d5c71290dfc — trusted owner (apache)  (.github/workflows/reusable-check.yaml)
  ✅ apache/infrastructure-actions/stash/save@2245ffcb262ea1723462729b032d1d5c71290dfc — trusted owner (apache)  (.github/workflows/reusable-check.yaml)
  ✅ zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa — matches allowlist  (.github/workflows/zizmor.yaml)
All 8 unique action refs are on the ASF allowlist

@adoroszlai adoroszlai requested a review from szetszwo July 3, 2026 16:39
@adoroszlai adoroszlai self-assigned this Jul 3, 2026
@adoroszlai adoroszlai changed the title RATIS-2588. (addendum) Tweak glob pattern to match .yaml files RATIS-2588. (addendum) Tweak allowlist-check glob pattern to match .yaml files Jul 3, 2026
@adoroszlai

Copy link
Copy Markdown
Contributor Author

@szetszwo please take a look

@szetszwo szetszwo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 the change looks good.

@adoroszlai adoroszlai merged commit d0a6fa3 into apache:master Jul 6, 2026
6 checks passed
@adoroszlai adoroszlai deleted the RATIS-2588-add branch July 6, 2026 19:03
@adoroszlai

Copy link
Copy Markdown
Contributor Author

Thanks @szetszwo for the review.

adoroszlai added a commit to adoroszlai/ratis-thirdparty that referenced this pull request Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants