This is an automated email from the ASF dual-hosted git repository.
lidavidm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-adbc.git
The following commit(s) were added to refs/heads/main by this push:
new 6c30305f2 ci: don't use pull_request_target (#3929)
6c30305f2 is described below
commit 6c30305f2fcb5144eae6c0618461df1bce9b9e54
Author: David Li <[email protected]>
AuthorDate: Thu Jan 29 15:08:04 2026 +0900
ci: don't use pull_request_target (#3929)
---
.github/workflows/dev.yml | 38 +++++++++++++++++++--
.github/workflows/dev_pr.yml | 78 --------------------------------------------
2 files changed, 35 insertions(+), 81 deletions(-)
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
index e8bc51707..5a4ed16a5 100644
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@@ -18,7 +18,13 @@
name: Dev
on:
- pull_request: {}
+ pull_request:
+ types:
+ - opened
+ - edited
+ - reopened
+ - synchronize
+ - ready_for_review
push:
branches-ignore:
- 'dependabot/**'
@@ -36,15 +42,41 @@ defaults:
shell: bash
jobs:
+ check-pr:
+ name: "check PR"
+ if: github.event_name == 'pull_request'
+ runs-on: ubuntu-slim
+ steps:
+ - uses: actions/checkout@v6
+ with:
+ fetch-depth: 1
+ persist-credentials: false
+ # Pings make it into the commit message where they annoy the user every
+ # time the commit gets pushed somewhere
+ - name: Check PR body for pings
+ # Don't check this if it's dependabot - dependabot doesn't ping users
+ # and it tends to include things that look like pings (but are
+ # escaped)
+ if: github.actor != 'dependabot[bot]'
+ env:
+ PR_BODY: ${{ github.event.pull_request.body }}
+ run: |
+ python .github/workflows/dev_pr/body_check.py "$PR_BODY"
+
+ - name: Check PR title for conventional commit format
+ env:
+ PR_TITLE: ${{ github.event.pull_request.title }}
+ run: |
+ python dev/adbc_dev/title_check.py $(pwd) "$PR_TITLE"
+
pre-commit:
name: "pre-commit"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
- fetch-depth: 0
+ fetch-depth: 1
persist-credentials: false
-
- name: Get required Go version
run: |
(. .env && echo "GO_VERSION=${GO}") >> $GITHUB_ENV
diff --git a/.github/workflows/dev_pr.yml b/.github/workflows/dev_pr.yml
deleted file mode 100644
index bb297f67b..000000000
--- a/.github/workflows/dev_pr.yml
+++ /dev/null
@@ -1,78 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-name: Dev PR
-
-on:
- pull_request_target:
- types:
- - opened
- - edited
- - synchronize
- - ready_for_review
- - review_requested
-
-permissions:
- contents: read
- issues: write
- pull-requests: write
-
-defaults:
- run:
- # 'bash' will expand to -eo pipefail
- shell: bash
-
-jobs:
- process:
- name: Process
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v6
- with:
- persist-credentials: false
-
- - name: Assign milestone
- if: '! github.event.pull_request.draft'
- env:
- GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: |
- ./.github/workflows/dev_pr/milestone.sh "${GITHUB_REPOSITORY}"
${{github.event.number}}
-
- - uses: actions/checkout@v6
- with:
- fetch-depth: 0
- path: pr_checkout
- persist-credentials: false
- ref: "${{ github.event.pull_request.merge_commit_sha }}"
-
- - name: Check PR title for conventional commit format
- env:
- PR_TITLE: ${{ github.event.pull_request.title }}
- run: |
- python dev/adbc_dev/title_check.py $(pwd)/pr_checkout "$PR_TITLE"
-
- # Pings make it into the commit message where they annoy the user every
- # time the commit gets pushed somewhere
- - name: Check PR body for pings
- # Don't check this if it's dependabot - dependabot doesn't ping users
- # and it tends to include things that look like pings (but are
- # escaped)
- if: github.actor != 'dependabot[bot]'
- env:
- PR_BODY: ${{ github.event.pull_request.body }}
- run: |
- python .github/workflows/dev_pr/body_check.py "$PR_BODY"
