orpiske commented on a change in pull request #6937:
URL: https://github.com/apache/camel/pull/6937#discussion_r806031147
##########
File path: .github/actions/install-mvnd/action.yml
##########
@@ -0,0 +1,21 @@
+name: 'install-mvnd'
+description: 'Install the maven daemon'
+inputs:
+ version:
+ description: 'The version of the maven daemon to install'
+ required: true
+ default: '0.7.1'
+outputs:
+ mvnd-dir:
+ description: "The directory where the command mvnd is located"
+ value: ${{ steps.mvnd-location.outputs.mvnd-dir }}
+runs:
+ using: "composite"
+ steps:
+ - run: curl -fsSL -o mvnd.zip
https://github.com/apache/maven-mvnd/releases/download/${{ inputs.version
}}/mvnd-${{ inputs.version }}-linux-amd64.zip
+ shell: bash
Review comment:
I am not entirely sure if we are allowed to download and run code freely
on the GH actions (any idea @oscerd?), but I think that we need to include the
following here:
1. Cache the hash sum and verify it before running.
##########
File path: .github/actions/install-mvnd/action.yml
##########
@@ -0,0 +1,21 @@
+name: 'install-mvnd'
+description: 'Install the maven daemon'
+inputs:
+ version:
+ description: 'The version of the maven daemon to install'
+ required: true
+ default: '0.7.1'
+outputs:
+ mvnd-dir:
+ description: "The directory where the command mvnd is located"
+ value: ${{ steps.mvnd-location.outputs.mvnd-dir }}
+runs:
+ using: "composite"
+ steps:
+ - run: curl -fsSL -o mvnd.zip
https://github.com/apache/maven-mvnd/releases/download/${{ inputs.version
}}/mvnd-${{ inputs.version }}-linux-amd64.zip
+ shell: bash
Review comment:
Yes. Unfortunately it's not signed, so it's the best we can do.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
