Skip to content

chore: Perform ASF allowlist checks on CI changes#69

Merged
kou merged 5 commits into
apache:mainfrom
Benjamin-Philip:bp/allow-list-checks
Jul 1, 2026
Merged

chore: Perform ASF allowlist checks on CI changes#69
kou merged 5 commits into
apache:mainfrom
Benjamin-Philip:bp/allow-list-checks

Conversation

@Benjamin-Philip

@Benjamin-Philip Benjamin-Philip commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

What issue does this PR close?

Closes #70.

Dependabot updates do not respect the ASF allowlist. Thus, some dependabot PRs
can silently break workflows as seen in #63.

What's changed

A workflow to perform to ASF allowlist checks on changes to .github has been
added. Any breakages introduced by dependabot updates (or any other changes)
will be highlighted.

Copied verbatim from https://github.com/apache/arrow-adbc/blob/main/.github/workflows/asf-allowlist-check.yml.

Copilot AI review requested due to automatic review settings June 30, 2026 07:08

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new GitHub Actions workflow intended to validate ASF allowlist compliance when .github/** changes, helping catch workflow breakages (including those introduced by Dependabot) early in CI.

Changes:

  • Introduces a new .github/workflows/asf-allowlist-check.yml workflow that runs on PRs and pushes affecting .github/**.
  • Runs ASF allowlist checks and a zizmor workflow analysis step as part of the job.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/asf-allowlist-check.yml Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Comment thread .github/workflows/asf-allowlist-check.yml Outdated
@Benjamin-Philip
Benjamin-Philip requested a review from Copilot June 30, 2026 07:18

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@Benjamin-Philip
Benjamin-Philip requested a review from kou June 30, 2026 07:21
@Benjamin-Philip

Copy link
Copy Markdown
Collaborator Author

I'm thinking we can merge this PR (since the workflow itself is working) and fix the linting errors in later PRs.

@kou kou left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you open an issue for this?
See also: https://github.com/apache/arrow-erlang/blob/main/CONTRIBUTING.md#minor-fixes

How about removing the zizmor change from this PR?
If we remove the zizmor change, the CI job isn't failed, right?
How about working on adding the zizmor job and fixing failures in a separated PR?

Comment thread .github/workflows/asf-allowlist-check.yml Outdated
Copilot AI review requested due to automatic review settings June 30, 2026 10:27

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@Benjamin-Philip
Benjamin-Philip requested a review from kou June 30, 2026 10:28
@kou

kou commented Jul 1, 2026

Copy link
Copy Markdown
Member

Could you open an issue for this?
See also: https://github.com/apache/arrow-erlang/blob/main/CONTRIBUTING.md#minor-fixes

I've opened #70.

@kou kou left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@kou
kou merged commit 7487e8c into apache:main Jul 1, 2026
8 checks passed
@Benjamin-Philip
Benjamin-Philip deleted the bp/allow-list-checks branch July 8, 2026 08:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add a CI workflow that checks whether used GitHub Actions are allowed

3 participants