Skip to content

RATIS-2586. zizmor check should reflect failure in fork#1504

Open
adoroszlai wants to merge 1 commit into
apache:masterfrom
adoroszlai:RATIS-2586
Open

RATIS-2586. zizmor check should reflect failure in fork#1504
adoroszlai wants to merge 1 commit into
apache:masterfrom
adoroszlai:RATIS-2586

Conversation

@adoroszlai

Copy link
Copy Markdown
Contributor

What changes were proposed in this pull request?

Same as apache/ratis-thirdparty#138, for apache/ratis.

zizmor workflow added in RATIS-2493 provides feedback via "Code scanning results". The workflow itself passes even if it finds issues to be fixed. This does not work well in forks where code scanning is disabled.

To provide better feedback, the workflow should reflect scan results in forks.

Also:

  • skip zizmor check for changes that do not touch workflows
  • cancel run for obsolete commit (if new commit is pushed to the branch, but only in forks/PR)

https://issues.apache.org/jira/browse/RATIS-2586

How was this patch tested?

Tested the same in apache/ozone:

Without the patch passes despite intentional violation:
https://github.com/adoroszlai/ozone/actions/runs/28570405264/job/84706670204#step:3:1058

Same violation with the patch fails:
https://github.com/adoroszlai/ozone/actions/runs/28570585965/job/84707233189#step:3:208

The patch without intentional violation passes (also in this repo):
https://github.com/adoroszlai/ozone/actions/runs/28570809169/job/84707932173#step:3:107
https://github.com/adoroszlai/ratis/actions/runs/28617573739

@adoroszlai adoroszlai self-assigned this Jul 2, 2026
@adoroszlai adoroszlai added the CI label Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant