Skip to content

Add ci.opensearch.org maven2 mirror to avoid throttling (geospatial)#865

Merged
peterzhuamazon merged 1 commit into
opensearch-project:mainfrom
peterzhuamazon:maven2-mirror-update
May 27, 2026
Merged

Add ci.opensearch.org maven2 mirror to avoid throttling (geospatial)#865
peterzhuamazon merged 1 commit into
opensearch-project:mainfrom
peterzhuamazon:maven2-mirror-update

Conversation

@peterzhuamazon

Copy link
Copy Markdown
Member

Description

Add ci.opensearch.org maven2 mirror to avoid throttling (geospatial)

Related Issues

opensearch-project/opensearch-build#6062

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
@github-actions

Copy link
Copy Markdown

PR Code Analyzer ❗

AI-powered 'Code-Diff-Analyzer' found issues on commit 05b89e9.

PathLineSeverityDescription
build.gradle32highNew Maven repository source added (https://ci.opensearch.org/maven2/) in buildscript block. Per mandatory rule, all package registry/source URL changes must be flagged. Maintainers must verify this URL is controlled by the expected party and that artifacts resolved from it are authentic.
build.gradle111highNew Maven repository source added (https://ci.opensearch.org/maven2/) in allprojects repositories block. This expands the set of artifact sources for all subprojects and must be verified by maintainers.
client/build.gradle24highNew Maven repository source added (https://ci.opensearch.org/maven2/) in the client subproject. Maintainers must verify this repository is trusted and cannot be used to shadow artifacts from mavenCentral or other authoritative sources.
libs/h3/build.gradle34highNew Maven repository source added (https://ci.opensearch.org/maven2/) in the h3 library subproject. Maintainers must verify this repository is trusted and cannot be used to shadow artifacts from mavenCentral or other authoritative sources.
settings.gradle10highNew pluginManagement block introduced with https://ci.opensearch.org/maven2/ listed before gradlePluginPortal() and mavenCentral(). Repository ordering matters: placing this URL first means Gradle will attempt to resolve build plugins from it before official sources, increasing the risk of artifact substitution if the endpoint is compromised or misconfigured.

The table above displays the top 10 most important findings.

Total: 5 | Critical: 0 | High: 5 | Medium: 0 | Low: 0


Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.


⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.

@peterzhuamazon peterzhuamazon added skip-changelog skip-diff-analyzer Maintainer to skip code-diff-analyzer check, after reviewing issues in AI analysis. labels May 27, 2026
@peterzhuamazon

Copy link
Copy Markdown
Member Author

expected mirror update.

@peterzhuamazon peterzhuamazon merged commit 533ea74 into opensearch-project:main May 27, 2026
22 of 40 checks passed
@peterzhuamazon peterzhuamazon deleted the maven2-mirror-update branch May 27, 2026 23:42
@github-project-automation github-project-automation Bot moved this from 👀 In Review to ✅ Done in Engineering Effectiveness Board May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request release skip-changelog skip-diff-analyzer Maintainer to skip code-diff-analyzer check, after reviewing issues in AI analysis. v3.7.0 Issues targeting release v3.7.0

Projects

Status: ✅ Done

Development

Successfully merging this pull request may close these issues.

2 participants