You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@beam.apache.org by "Jarek Potiuk (Jira)" <ji...@apache.org> on 2021/01/05 21:28:00 UTC

[jira] [Commented] (BEAM-11569) Github actions are failing on Beam repo

    [ https://issues.apache.org/jira/browse/BEAM-11569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17259217#comment-17259217 ] 

Jarek Potiuk commented on BEAM-11569:
-------------------------------------

See https://lists.apache.org/x/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65@%3Cbuilds.apache.org%3E . This was security incident reaction of Apache infrastructure.

They disabled.rhe actions outside of the apache repositories due to potential security vulnerabilities. They are still working on more long term solution but for the moment you have to switch to apache-organisation owned repos. 

You can either create your own repository (apache/beam-nnnn ) or use clones i made for 
airflow: https://github.com/apache/airflow-cancel-workflow-runs, https://github.com/apache/airflow-github-push-action ). Just remember to use commit SHA for maximum security. 
Follow those recommendation from GitHub: 
https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions

 You need to clone the repositories where e

> Github actions are failing on Beam repo
> ---------------------------------------
>
>                 Key: BEAM-11569
>                 URL: https://issues.apache.org/jira/browse/BEAM-11569
>             Project: Beam
>          Issue Type: Bug
>          Components: testing
>    Affects Versions: 2.27.0
>            Reporter: Ahmet Altay
>            Assignee: Pablo Estrada
>            Priority: P0
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> As a result of https://issues.apache.org/jira/browse/INFRA-21234 github actions on Beam repo are failing.
> This is currently blocking 2.27.0 release because building wheel files depend on github actions. So far we identified 2 github actions that may need to be addressed:
> ad-m/github-push-action
> potiuk/cancel-workflow-runs
> Error looks like https://github.com/apache/beam/actions/runs/458287140
> """
> ad-m/github-push-action@master is not allowed to be used in apache/beam. Actions in this workflow must be: created by GitHub, verified in the GitHub Marketplace, within a repository owned by apache or match the following: apache/, gradle/wrapper-validation-action, gradle/wrapper-validation-action@, peter-evans/create-pull-request@, dawidd6/action-download-artifact@, scacap/action-surefire-report@*. 
> """
> /cc [~potiuk] [~tysonjh]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)