You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
joshuarrrr
changed the title
Remove the whitesource check from non-main branches where it is unreliable
Fix or remove the whitesource check from non-main branches where it is unreliable
Mar 27, 2023
I have a feeling that Mend is failing intentionally so we will not call them with every change unnecessarily; We should the Mend worflows to only when the lockfile or the package manifests change; we need the package manifests for cases where a version was bumped but a lock file was accidentally (or maliciously) omitted.
In short: we certainly want Mend scans run on all non-main branches; we just need to be frugal and so only when needed.
On non-
main
branches, the whitesource check is marked as 'failed' even when no scan was triggered. For example, see https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3699/checks?check_run_id=12310441779In
main
, such cases are not marked as failures: https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3652/checks?check_run_id=12258568680We need to fix this behavior, or limit the check to only
main
.The text was updated successfully, but these errors were encountered: