Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
75 commits
Select commit Hold shift + click to select a range
f26e71c
#15824 Include sources and Javadoc of subprojects of spark-runtime-4.…
schabch Jun 19, 2026
8299feb
Merge branch 'apache:main' into main
schabch Jun 19, 2026
40175bf
Build: Remove duplicate jackson.databind declaration (#16879)
Fezinvirtual Jun 19, 2026
722a073
Flink: Backport: Add equality delete conversion DV resolution and wri…
mxm Jun 19, 2026
41c8ee4
Docs: Clarify geography type serialization (#16799)
kevinjqliu Jun 19, 2026
8d1f973
Flink: Add equality delete conversion committer (#16874)
mxm Jun 20, 2026
2a2d5c0
Flink: Backport: Add equality delete conversion committer (#16874) (#…
mxm Jun 20, 2026
9bf1b25
Aliyun: Pass known file length through OSSFileIO.newInputFile (#16870)
thswlsqls Jun 20, 2026
56b1e19
Parquet: Fix variant metrics crash when value column has no stats (#1…
nssalian Jun 20, 2026
55e025f
Build: Bump com.google.cloud.gcs.analytics:gcs-analytics-core (#16904)
dependabot[bot] Jun 21, 2026
e4d4980
Build: Bump org.openapitools:openapi-generator-gradle-plugin (#16903)
dependabot[bot] Jun 21, 2026
d0a05b0
Build: Bump io.grpc:grpc-netty-shaded from 1.81.0 to 1.82.0 (#16902)
dependabot[bot] Jun 21, 2026
926368f
Build: Bump software.amazon.awssdk:bom from 2.46.5 to 2.46.10 (#16901)
dependabot[bot] Jun 21, 2026
ebcb902
Build: Bump com.google.errorprone:error_prone_annotations (#16900)
dependabot[bot] Jun 21, 2026
72c226a
Build: Bump gradle/actions from 5.0.2 to 6.2.0 (#16899)
dependabot[bot] Jun 21, 2026
afedbb1
Build: Bump nessie from 0.107.9 to 0.108.0 (#16897)
dependabot[bot] Jun 21, 2026
d5c86d6
Build: Bump pymarkdownlnt from 0.9.37 to 0.9.38 (#16895)
dependabot[bot] Jun 21, 2026
b0977bb
Build: Bump datamodel-code-generator from 0.60.0 to 0.63.0 (#16907)
ebyhr Jun 21, 2026
0b30919
Docs: Clarify test method naming guidance (#16866)
manuzhang Jun 21, 2026
fa072cc
Spark 4.1: Throw on unsupported complex types in SparkValueConverter …
thswlsqls Jun 22, 2026
fb6bb97
Spark 3.5, 4.0: Throw on unsupported complex types in SparkValueConve…
ebyhr Jun 22, 2026
902ed1b
Revert "Spark: Spark tests cache rewrite input (#16740)" (#16912)
laskoviymishka Jun 22, 2026
02631cd
CI: Check ASF action allowlist on every PR (#16926)
manuzhang Jun 22, 2026
ac874e8
Kafka Connect: evolve table schema when record schema is updated but …
twthorn Jun 22, 2026
7c13104
Core: Introduce builder for TrackedFile (#16769)
gaborkaszab Jun 22, 2026
ef07755
ORC: Fix lower/upper bounds for timestamp_ns columns in OrcMetrics (#…
thswlsqls Jun 23, 2026
d7612ae
Data: Add TCK for Encrypt in FileFormat API (#16724)
Guosmilesmile Jun 23, 2026
df6ea08
Data: Add metrics reporter to generic scan builder (#16664)
alexandrefimov Jun 23, 2026
f07b404
Parquet: Skip geo footer bounds (#16850)
huan233usc Jun 24, 2026
47148f3
AWS: Handle duplicate column names in IcebergToGlueConverter comment …
Wyatt-Hawes Jun 24, 2026
6bef83a
Flink: Add equality delete conversion planner (#16889)
mxm Jun 24, 2026
aa4abed
Build: Bump com.google.cloud:libraries-bom from 26.83.0 to 26.84.0 (#…
ebyhr Jun 24, 2026
534c3fd
Core: Migrate switch statements to switch expressions (#16881)
nssalian Jun 24, 2026
0474d66
Flink: Fix file offset mismatch in DataIterator.seek() when files are…
zhongyujiang Jun 24, 2026
729aead
ORC: Remove unused conf field from OrcFileAppender (#16345)
wombatu-kun Jun 24, 2026
d5c427b
Flink: Backport: Add equality delete conversion planner (#16889) (#16…
mxm Jun 24, 2026
6174dfa
Revert "Core: Migrate switch statements to switch expressions (#16881…
nastra Jun 24, 2026
1ba42d4
Remove encryption key from keysById first to avoid removeIf (#16860)
tom-s-powell Jun 24, 2026
d3daeef
Build: Align Jackson versions to fix CVE (#16954)
nastra Jun 24, 2026
2a6c556
Core: Rename TrackedFile writer_format_version to format_version (#16…
gaborkaszab Jun 24, 2026
b27930e
Flink: SQL: Pass only white-listed Catalog properties for Table LIKE …
swapna267 Jun 25, 2026
3c604fb
Kafka Connect: Fix avro schema conversion for UUID (#16828)
twthorn Jun 25, 2026
33bd101
Flink: Improve error message for unsupported table kinds in createTab…
rmoff Jun 25, 2026
d1f789e
Flink: Backport fix file offset mismatch in DataIterator.seek() when …
zhongyujiang Jun 25, 2026
b99389b
Core: Set scan planning mode when initializing client (#15903)
gaborkaszab Jun 25, 2026
6c5f9f2
Flink: Add equality delete conversion API and integration tests (#16948)
mxm Jun 25, 2026
cfebc8e
Flink: Backport improved createTable error message to 1.20 and 2.0 (#…
rmoff Jun 25, 2026
66150ef
Flink: Backport Pass only white-listed Catalog properties to 1.20,2.0…
swapna267 Jun 26, 2026
7269fc1
Flink: Backport: Add equality delete conversion API and integration t…
mxm Jun 26, 2026
4af3ebe
Build: Support toggling log levels in iceberg-rest-fixture Docker ima…
sejal-gupta-ksolves Jun 26, 2026
8e46f49
API, Parquet: Map geometry and geography to Parquet logical types (#1…
huan233usc Jun 26, 2026
874e409
Core, Spark: Ensure correct delete file sizes in rewrite table action…
mbutrovich Jun 27, 2026
9ca2a4b
Flink: Fix monitor source rate limit for sub-second intervals (#16979)
mxm Jun 28, 2026
ff11087
Build: Bump org.codehaus.jettison:jettison from 1.5.5 to 1.5.6 (#16988)
dependabot[bot] Jun 28, 2026
45975ec
Build: Bump actions/checkout from 6.0.3 to 7.0.0 (#16986)
dependabot[bot] Jun 28, 2026
ce92c46
Build: Bump actions/setup-java from 5.2.0 to 5.3.0 (#16991)
dependabot[bot] Jun 28, 2026
839b226
Build: Bump com.diffplug.spotless:spotless-plugin-gradle (#16990)
dependabot[bot] Jun 28, 2026
9588641
Flink: Backport: Fix monitor source rate limit for sub-second interva…
mxm Jun 28, 2026
2dbe96b
Build: Bump datamodel-code-generator from 0.63.0 to 0.64.1 (#16993)
drexler-sky Jun 29, 2026
535d032
Build: Bump software.amazon.awssdk:bom from 2.46.10 to 2.46.15 (#16989)
dependabot[bot] Jun 29, 2026
a2fb64b
Spec: Add spec for expressions (#16652)
rdblue Jun 29, 2026
8c1ee9d
Core, Spark: Migrate Spark table properties to Spark module (#15875)
szehon-ho Jun 30, 2026
be27af4
REST: Fix schema of data-access object in REST spec (#16594)
adutra Jun 30, 2026
c9e61fa
CVE Scan: Test PR failure reporting UI (#16962)
kevinjqliu Jul 1, 2026
f1ed57c
Core: Include row lineage and key-id in snapshot value methods (#17015)
manuzhang Jul 1, 2026
e407470
API: Add indexStatsNames to create field names for content stats (#17…
rdblue Jul 1, 2026
41113b1
Core: Remove unused TestTrackedFileStruct.CONTENT_STATS_ORDINAL (#17031)
gaborkaszab Jul 1, 2026
d6aa0bf
Spec: Add optional specific-name to UDF definition model (#16727)
szehon-ho Jul 1, 2026
da8ff44
Docs: Document nightly snapshots (#16544)
wombatu-kun Jul 2, 2026
744e811
Parquet: Read and write geometry and geography WKB values (#16982)
huan233usc Jul 3, 2026
035fc1e
Spark 4.1: Map geo Spark types (#16851)
huan233usc Jul 3, 2026
49b89a8
Flink: Hold back equality delete converter watermark until completion…
mxm Jul 3, 2026
11706a2
Flink: Backport: Hold back equality delete converter watermark until …
mxm Jul 3, 2026
8af1339
#15824 Include sources and Javadoc of subprojects of spark-runtime-4.…
schabch Jun 19, 2026
b2a5aa4
Merge remote-tracking branch 'origin/main'
schabch Jul 3, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions .github/trivyignore/kafka-connect-runtime.trivyignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# Trivy ignore file for the Kafka Connect runtime distribution.
#
# The Kafka Connect runtime's own jackson-databind is already aligned to the
# project version (2.22.x). The remaining finding comes from parquet-jackson,
# which ships its own shaded copy of jackson-databind (relocated under
# shaded.parquet.*). That copy cannot be upgraded independently of Apache
# Parquet, and 1.17.1 still bundles a vulnerable version.
#
# jackson-databind CVEs shaded into parquet-jackson, only fixed in jackson
# >= 2.21.4 / 2.18.8.
CVE-2026-54512
CVE-2026-54513
27 changes: 27 additions & 0 deletions .github/trivyignore/spark-runtime-3.5.trivyignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# Trivy ignore file for the Spark 3.5 runtime bundle.
#
# The Spark 3.5 runtime bundles the Jackson version provided by Spark 3.5
# (jackson 2.15.x), which cannot be safely upgraded without breaking
# compatibility with Spark 3.5. Newer Spark lines (4.0, 4.1) align Jackson to a
# fixed version instead of ignoring the finding.
#
# jackson-databind CVEs that are only fixed in jackson >= 2.18.8.
CVE-2026-54512
CVE-2026-54513
6 changes: 3 additions & 3 deletions .github/workflows/api-binary-compatibility.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
revapi:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
# fetch-depth of zero ensures that the tags are pulled in and we're not in a detached HEAD state
# revapi depends on the tags, specifically the tag from git describe, to find the relevant override
Expand All @@ -55,11 +55,11 @@ jobs:
# See https://github.com/actions/checkout/issues/124
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
- uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
with:
distribution: zulu
java-version: 17
- uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
- uses: gradle/actions/setup-gradle@3f131e8634966bd73d06cc69884922b02e6faf92 # v6.2.0
with:
# Read-only: small job; restore opportunistically from other jobs' caches but never write.
cache-read-only: true
Expand Down
6 changes: 1 addition & 5 deletions .github/workflows/asf-allowlist-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,9 @@ name: "ASF Allowlist Check"

on:
pull_request:
paths:
- ".github/**"
push:
branches:
- main
paths:
- ".github/**"

permissions:
contents: read
Expand All @@ -40,7 +36,7 @@ jobs:
asf-allowlist-check:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: apache/infrastructure-actions/allowlist-check@4e9c961f587f72b170874b6f5cd4ac15f7f26eb8 # main
2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false

Expand Down
128 changes: 111 additions & 17 deletions .github/workflows/cve-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ on:
- '**'
- '!.github/**'
- '.github/workflows/cve-scan.yml'
- '.github/trivyignore/**'
- '!.baseline/**'
- '!.palantir/**'
- '!.gitignore'
Expand All @@ -54,6 +55,7 @@ on:
- '**'
- '!.github/**'
- '.github/workflows/cve-scan.yml'
- '.github/trivyignore/**'
- '!.baseline/**'
- '!.palantir/**'
- '!.gitignore'
Expand Down Expand Up @@ -86,12 +88,13 @@ jobs:
# Trivy CVE scan — scans bundled jars for known vulnerabilities.
#
# Behaviour:
# - On PRs: the scan blocks CI if CVEs are found (exit-code 1).
# SARIF upload is skipped because GitHub's Security tab only
# accepts results from default/protected branches.
# - On push to main/release branches: the scan is informational
# (exit-code 0) and results are uploaded as SARIF to the GitHub
# Security tab for ongoing tracking.
# - Trivy always writes SARIF with exit-code 0. The reporting step owns
# finding-based failures so GitHub opens the step with actionable details.
# - On PRs: the reporting step blocks CI if HIGH/CRITICAL CVEs are found.
# - On push to main/release branches and release tags: findings are
# informational, then SARIF is uploaded to the GitHub Security tab.
# - Missing or unparseable SARIF is still a failure on every event because
# it means the scan did not produce usable results.
# ------------------------------------------------------------------
cve-scan:
runs-on: ubuntu-24.04
Expand All @@ -113,6 +116,7 @@ jobs:
:iceberg-kafka-connect:iceberg-kafka-connect-runtime:distZip
scan-path: kafka-connect/kafka-connect-runtime/build/distributions
unpack: true
trivyignores: .github/trivyignore/kafka-connect-runtime.trivyignore
- distribution: aws-bundle
build-task: :iceberg-aws-bundle:shadowJar
scan-path: aws-bundle/build/libs
Expand All @@ -131,6 +135,7 @@ jobs:
:iceberg-spark:iceberg-spark-runtime-3.5_2.12:shadowJar
scan-path: spark/v3.5/spark-runtime/build/libs
unpack: false
trivyignores: .github/trivyignore/spark-runtime-3.5.trivyignore
- distribution: spark-runtime-4.0_2.13
build-task: >-
-DsparkVersions=4.0
Expand Down Expand Up @@ -167,14 +172,14 @@ jobs:
unpack: false
name: ${{ matrix.distribution }}
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
- uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
with:
distribution: zulu
java-version: 21
- uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
- uses: gradle/actions/setup-gradle@3f131e8634966bd73d06cc69884922b02e6faf92 # v6.2.0
with:
# Read-only: small job; restore opportunistically from other jobs' caches but never write.
cache-read-only: true
Expand Down Expand Up @@ -214,20 +219,109 @@ jobs:
scan-ref: '/tmp/cve-scan'
scanners: 'vuln'
severity: 'HIGH,CRITICAL'
trivyignores: ${{ matrix.trivyignores }}
limit-severities-for-sarif: true
# Block PRs on CVE findings; on main/release branches report without failing
exit-code: ${{ github.event_name == 'pull_request' && '1' || '0' }}
# Let Trivy generate SARIF without failing on findings. GitHub opens the
# failed step by default, so PRs fail later in the reporting step that
# prints the actionable CVE details.
exit-code: '0'
format: 'sarif'
output: 'trivy-results.sarif'
trivy-image: ${{ env.TRIVY_IMAGE }}
- name: Print Trivy scan results
- name: Report Trivy scan results
if: always()
env:
# PRs block on findings; push runs report findings without failing so
# SARIF can be uploaded to GitHub Security for tracking.
FAIL_ON_FINDINGS: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
run: |
if [ -f trivy-results.sarif ]; then
echo "## Trivy CVE Scan Results — ${{ matrix.distribution }}"
jq -r '.runs[].results[] | "- \(.ruleId): \(.message.text)"' trivy-results.sarif 2>/dev/null || echo "No findings or unable to parse SARIF."
else
echo "No SARIF file found — scan may have failed to install."
results_file="trivy-results.sarif"
summary="${GITHUB_STEP_SUMMARY:-/dev/null}"

log() {
printf '%s\n' "$*" | tee -a "${summary}"
}

markdown_escape() {
value="$1"
value="${value//|/\\|}"
printf '%s' "${value}"
}

escape_annotation() {
value="$1"
value="${value//'%'/%25}"
value="${value//$'\r'/%0D}"
value="${value//$'\n'/%0A}"
printf '%s' "${value}"
}

extract_findings() {
jq -r '
def field($prefix):
(.message.text | split("\n") | map(select(startswith($prefix))) | first // "")
| ltrimstr($prefix);

.runs[].results[]?
| [
.ruleId,
field("Severity: "),
field("Package: "),
field("Installed Version: "),
field("Fixed Version: "),
field("Link: ")
]
| @tsv
' "${results_file}"
}

report_findings() {
log "Found ${finding_count} HIGH/CRITICAL vulnerabilities."
log ""
log "| CVE | Severity | Package | Installed | Fixed | Link |"
log "| --- | --- | --- | --- | --- | --- |"

while IFS=$'\t' read -r cve severity package installed fixed link; do
cve="$(markdown_escape "${cve}")"
severity="$(markdown_escape "${severity}")"
package="$(markdown_escape "${package}")"
installed="$(markdown_escape "${installed}")"
fixed="$(markdown_escape "${fixed}")"
link="$(markdown_escape "${link}")"
log "| ${cve} | ${severity} | \`${package}\` | \`${installed}\` | ${fixed} | ${link} |"
done <<< "${findings}"
}

if [ ! -f "${results_file}" ]; then
log "No SARIF file found — scan may have failed to run."
exit 1
fi

if ! findings="$(extract_findings)"; then
log "Unable to parse Trivy SARIF results."
exit 1
fi

log "## Trivy CVE Scan Results — ${{ matrix.distribution }}"

if [ -z "${findings}" ]; then
log "No HIGH or CRITICAL vulnerabilities found."
exit 0
fi

finding_count="$(printf '%s\n' "${findings}" | awk 'END { print NR }')"
finding_ids="$(printf '%s\n' "${findings}" | cut -f1 | awk 'BEGIN { sep="" } { printf "%s%s", sep, $0; sep=", " } END { print "" }')"

report_findings

if [ "${FAIL_ON_FINDINGS}" = "true" ]; then
# Surface findings in the PR checks UI, not just in the workflow logs.
annotation_message="Trivy found ${finding_count} HIGH/CRITICAL vulnerabilities in ${{ matrix.distribution }}: ${finding_ids}. See the 'Report Trivy scan results' step for details."
annotation="$(escape_annotation "${annotation_message}")"
echo "::error title=Trivy CVE scan failed::${annotation}"
log ""
log "Failing because ${finding_count} HIGH/CRITICAL vulnerabilities were found."
exit 1
fi
- name: Upload Trivy results to GitHub Security tab
if: always() && github.event_name == 'push'
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/delta-conversion-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -82,14 +82,14 @@ jobs:
env:
SPARK_LOCAL_IP: localhost
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
- uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
with:
distribution: zulu
java-version: ${{ matrix.jvm }}
- uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
- uses: gradle/actions/setup-gradle@3f131e8634966bd73d06cc69884922b02e6faf92 # v6.2.0
with:
# Read-only: java-ci's build-checks (17) is the global canonical writer.
cache-read-only: true
Expand All @@ -111,14 +111,14 @@ jobs:
env:
SPARK_LOCAL_IP: localhost
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
- uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
with:
distribution: zulu
java-version: ${{ matrix.jvm }}
- uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
- uses: gradle/actions/setup-gradle@3f131e8634966bd73d06cc69884922b02e6faf92 # v6.2.0
with:
# Read-only: java-ci's build-checks (17) is the global canonical writer.
cache-read-only: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docs-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/flink-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -86,14 +86,14 @@ jobs:
env:
SPARK_LOCAL_IP: localhost
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
- uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
with:
distribution: zulu
java-version: ${{ matrix.jvm }}
- uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
- uses: gradle/actions/setup-gradle@3f131e8634966bd73d06cc69884922b02e6faf92 # v6.2.0
with:
# Read-only: java-ci's build-checks (17) is the global canonical writer.
cache-read-only: true
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/hive-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -83,14 +83,14 @@ jobs:
env:
SPARK_LOCAL_IP: localhost
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
- uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
with:
distribution: zulu
java-version: ${{ matrix.jvm }}
- uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
- uses: gradle/actions/setup-gradle@3f131e8634966bd73d06cc69884922b02e6faf92 # v6.2.0
with:
# Read-only: java-ci's build-checks (17) is the global canonical writer.
cache-read-only: true
Expand Down
Loading
Loading