Skip to content

Release 0.10.10 - ARIA Ingest#582

Closed
hjkristenson wants to merge 29 commits intomainfrom
develop
Closed

Release 0.10.10 - ARIA Ingest#582
hjkristenson wants to merge 29 commits intomainfrom
develop

Conversation

@hjkristenson
Copy link
Contributor

@hjkristenson hjkristenson commented Jun 4, 2025

Add content to ARIA GUNW product guide about 90% coverage threshold and ingesting on-demand products to the archive

dependabot bot and others added 22 commits May 19, 2025 21:26
@dependabot
Bump ASFHyP3/actions from 0.18.1 to 0.19.0
eeeebb6 
Bumps [ASFHyP3/actions](https://github.com/asfhyp3/actions) from 0.18.1 to 0.19.0.
- [Release notes](https://github.com/asfhyp3/actions/releases)
- [Changelog](https://github.com/ASFHyP3/actions/blob/develop/CHANGELOG.md)
- [Commits](ASFHyP3/actions@v0.18.1...v0.19.0)

---
updated-dependencies:
- dependency-name: ASFHyP3/actions
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@jtherrmann
Merge pull request #575 from ASFHyP3/dependabot/github_actions/ASFHyP…
27bf60f 
…3/actions-0.19.0

Bump ASFHyP3/actions from 0.18.1 to 0.19.0
@jtherrmann
Merge pull request #577 from ASFHyP3/main
59ae18f 
Pulling refs/tags/v0.10.9 into develop
@hjkristenson
add references to ingesting on-demand products to the archive
218c85d
@hjkristenson
apply formatting updates from aria-dates branch
b9e6580
@hjkristenson
formatting updates
b3eb9f1
@hjkristenson
add coverage threshold guidance
14a0324
@hjkristenson
edit ARIA threshold language
37eb36c
@hjkristenson
add VV-only disclaimer to ARIA GUNW product guide
19bf083
@hjkristenson
add polarization limitation to selection constraints
12030a3
@hjkristenson
add accessing products section
1cf8de5
@hjkristenson
adjust wording in intro
cae9a4a
@hjkristenson
adjust interoperability wording
45dba93
@hjkristenson
adjust interoperability wording more
2eb9519
@hjkristenson
adjust wording in intro to on-demand products
6d9c843
@hjkristenson
adjust wording in intro to on-demand products more
5b69043
@hjkristenson
remove extra space
791b5c5
@hjkristenson
change formatting of ordering on-demand products section
839d43e
@hjkristenson
update changelog
9d7e2ec
@hjkristenson
change word for clarity
312dab1
@hjkristenson
correct product name
b234043
@hjkristenson
Merge pull request #581 from ASFHyP3/aria-ingest
c79cfb4 
Add content to ARIA GUNW product guide about coverage thresholds and ingesting on-demand products to the archive
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 4, 2025
View reviewed changes
.github/workflows/changelog.yml
jobs:
call-changelog-check-workflow:
uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.18.1
uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.19.0

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 9 months ago

To fix the issue, we will add a permissions block at the root level of the workflow. Since the workflow is related to checking changelogs, it likely only needs read access to the repository contents. We will set contents: read as the minimal required permission. This ensures that the GITHUB_TOKEN is restricted to read-only access, adhering to the principle of least privilege.

Suggested changeset 1
.github/workflows/changelog.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
--- a/.github/workflows/changelog.yml
+++ b/.github/workflows/changelog.yml
@@ -2,2 +2,5 @@
 
+permissions:
+  contents: read
+
 on:
EOF
@@ -2,2 +2,5 @@

permissions:
contents: read

on:
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
.github/workflows/labeled-pr.yml
jobs:
call-labeled-pr-check-workflow:
uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.18.1
uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.19.0

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 9 months ago

To fix the issue, we will add a permissions block at the root level of the workflow. This block will specify the minimal permissions required for the workflow to function. Based on the context, the workflow likely only needs contents: read permissions, as it is checking labels on pull requests and does not appear to modify repository contents or perform other write operations.

Suggested changeset 1
.github/workflows/labeled-pr.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/labeled-pr.yml b/.github/workflows/labeled-pr.yml
--- a/.github/workflows/labeled-pr.yml
+++ b/.github/workflows/labeled-pr.yml
@@ -2,2 +2,5 @@
 
+permissions:
+  contents: read
+
 on:
EOF
@@ -2,2 +2,5 @@

permissions:
contents: read

on:
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
.github/workflows/static-analysis.yml
jobs:
call-secrets-analysis-workflow:
uses: ASFHyP3/actions/.github/workflows/reusable-secrets-analysis.yml@v0.18.1
uses: ASFHyP3/actions/.github/workflows/reusable-secrets-analysis.yml@v0.19.0

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 9 months ago

To fix the issue, we need to add a permissions block to the workflow. This block should specify the least privileges required for the workflow to function correctly. Since the workflow calls a reusable workflow for secrets analysis, it likely only needs contents: read permissions. If additional permissions are required, they should be explicitly added based on the functionality of the reusable workflow.

The permissions block should be added at the root level of the workflow to apply to all jobs unless overridden by job-specific permissions.

Suggested changeset 1
.github/workflows/static-analysis.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -4,2 +4,5 @@
 
+permissions:
+  contents: read
+
 jobs:
EOF
@@ -4,2 +4,5 @@

permissions:
contents: read

jobs:
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
@hjkristenson hjkristenson added the patch Bump the patch version number of this project label Jun 4, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Jun 4, 2025
edited by hjkristenson
Loading

Developer checklist

  • Indicated the level of changes to this package by affixing one of these labels:
    • major -- Major changes to the API that may break current workflows
    • minor -- Minor changes to the API that do not break current workflows
    • patch -- Patches and bugfixes for the current version that do not break current workflows
    • bumpless -- Changes to documentation, CI/CD pipelines, etc. that don't affect the software's version
  • (If applicable) Updated the dependencies and indicated any downstream changes that are required
  • Added/updated documentation for these changes
  • Added/updated tests for these changes
  • Verified changes in test deployment and summarized results, e.g. in PR description or comments on the related issue(s)

Reviewer checklist

  • Have all dependencies been updated?
  • Is the level of changes labeled appropriately?
  • Are all the changes described appropriately in CHANGELOG.md?
  • Has the documentation been adequately updated?
  • Are the tests adequate?
  • Have the changes been verified in the test deployment?

@hjkristenson
Copy link
Contributor Author

hjkristenson commented Jun 5, 2025

Project priorities have changed, and ingest of on-demand products will not be released until after other functionality has been released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

patch Bump the patch version number of this project

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hjkristenson @jtherrmann