chinigo
commented
3 weeks ago [This is essentially the same comment as on #2978, the v8 variant of this PR.]
There were no checks run against this PR, which surprises me. According to the docs:
Each workflow run will use the version of the workflow that is present in the associated commit SHA or Git ref of the event. When a workflow runs, GitHub sets the GITHUB_SHA (commit SHA) and GITHUB_REF (Git ref) environment variables in the runner environment. For more information, see "Variables."
I interpret that to mean "the workflows executed against a PR are defined on the branch being merged in." (As opposed to, say, the default branch, or the branch being targeted by the PR.) And this is the behavior @weresch and I saw when we were working on his fork.
But it's not just the new CVE check that failed to run — no checks were run at all. Earlier pull requests into v7, such as this one, #2974, from Friday do have checks.
Did we somehow break checks on v7 PRs altogether? One way we could test this is to trigger a rebuild of another PR targeting v7. Could somebody with commit access to this repo (@a-b?) maybe rebase one of those PRs, say, #2974, to see if the new CVE check — along with the other, preexisting ones — is run?
Thank you for contributing to the CF CLI! Please read the following:
Note: Please create separate PR for every branch (main, v8 and v7) as needed.
Description of the Change
Adding a CVE scan GitHub workflow on PRs. This has been merged to main, this PR is for v7 branch.
Why Is This PR Valuable?
The CVE scan GitHub workflow on PRs helps prevent known CVEs from being added to the codebase.
Applicable Issues
No applicable issues
How Urgent Is The Change?
Not urgent
Other Relevant Parties
No one else