|
| 1 | +# |
| 2 | +# Licensed to the Apache Software Foundation (ASF) under one |
| 3 | +# or more contributor license agreements. See the NOTICE file |
| 4 | +# distributed with this work for additional information |
| 5 | +# regarding copyright ownership. The ASF licenses this file |
| 6 | +# to you under the Apache License, Version 2.0 (the |
| 7 | +# "License"); you may not use this file except in compliance |
| 8 | +# with the License. You may obtain a copy of the License at |
| 9 | +# |
| 10 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | +# |
| 12 | +# Unless required by applicable law or agreed to in writing, |
| 13 | +# software distributed under the License is distributed on an |
| 14 | +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| 15 | +# KIND, either express or implied. See the License for the |
| 16 | +# specific language governing permissions and limitations |
| 17 | +# under the License. |
| 18 | +# |
| 19 | + |
| 20 | +# Verifies all GitHub Actions refs are on the ASF allowlist. |
| 21 | +# Actions not on the allowlist silently fail with "Startup failure" — no logs, |
| 22 | +# no notifications, and PRs may appear green because no checks ran. |
| 23 | +# See https://github.com/apache/infrastructure-actions/issues/574 |
| 24 | +name: "ASF Allowlist Check" |
| 25 | + |
| 26 | +on: |
| 27 | + pull_request: |
| 28 | + paths: |
| 29 | + - ".github/**" |
| 30 | + push: |
| 31 | + branches: |
| 32 | + - main |
| 33 | + paths: |
| 34 | + - ".github/**" |
| 35 | + |
| 36 | +permissions: |
| 37 | + contents: read |
| 38 | + |
| 39 | +jobs: |
| 40 | + asf-allowlist-check: |
| 41 | + runs-on: ubuntu-24.04 |
| 42 | + steps: |
| 43 | + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
| 44 | + with: |
| 45 | + persist-credentials: false |
| 46 | + # Intentionally unpinned to always use the latest allowlist from the ASF. |
| 47 | + - uses: apache/infrastructure-actions/allowlist-check@main # zizmor: ignore[unpinned-uses] |
0 commit comments