Hi, steven The current CI includes compile check, compatibility check, and functionality checks through tests. All the marks required checks are to make sure a PR won't be merged if it impacted the compile, compatibility, and functionality.
The OWASP dependency checking is used for scanning CVEs. We need to attention, but it shouldn't be blocking for a PR. Yong On Sat, 20 Aug 2022 at 22:05, steven lu <lushiji2...@gmail.com> wrote: > For details, see https://github.com/apache/bookkeeper/pull/3453 > > Now Bookkeeper is using .asf.yaml ( > > https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-Branchprotection > ) to configure the project, > .asf.yaml details are determined > > 1. > > Whether checks are enough, > now these checks are required: > > contexts: > - PR Validation > - Backward compatibility tests > - Bookie Tests > - Build with macos on JDK 11 > - Build with windows on JDK 11 > - Client Tests > - Compatibility Check Java11 > - Compatibility Check Java17 > - Compatibility Check Java8 > - Integration Tests > - Remaining Tests > - Replication Tests > - StreamStorage Tests > - TLS Tests > > Do we need to add others, such as: OWASP Dependency Check? > 2. > > required_approving_review_count: > 2.1) is there a need for a limit > 2.2) or is the value more reasonable, 1 or 2? >
