gortiz commented on code in PR #10144: URL: https://github.com/apache/pinot/pull/10144#discussion_r1080906416
########## .github/workflows/pinot_vuln_check.yml: ########## @@ -19,18 +19,8 @@ name: Pinot Dependencies on: - push: - branches: - - master - pull_request: - branches: - - master - paths: - - "**/pom.xml" - - "**/package.json" - - "**/package-lock.json" - - "docker/images/pinot/**" - - ".github/workflows/**" + schedule: Review Comment: We were talking about changing this check to do not run on each push but run periodically in order to do not mark as erroneous PRs that do not actually introduce the vulnerability. On the other hand, we would lose the ability to detect when a PR adds a known vulnerability. Instead we would need to be notified by this periodic cron. The big question here is how are we going to know when this cron fails. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
