# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:

            ComponentUtil.getLdapManager().apply(g);
            return g;
        });
    }

    /**
     * Stores a group by inserting or updating it in both LDAP and the database.
     * Uses refresh policy to ensure immediate availability of the stored data.
     *
     * @param group the group entity to store
     */
    public void store(final Group group) {
        ComponentUtil.getLdapManager().insert(group);

  - type: input
    id: go-version
    attributes:
      label: Go version
      description: |
        What version of Go are you using (`go version`)?

        Note: we only [support](https://go.dev/doc/devel/release#policy) the two most recent major releases.
      placeholder: ex. go version go1.20.7 darwin/arm64
    validations:
      required: true

  - type: textarea
    id: go-env
    attributes:

                    for (ArtifactRepository repository : remoteRepositories) {
                        ArtifactRepositoryPolicy policy =
                                snapshot ? repository.getSnapshots() : repository.getReleases();
                        if (ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS.equals(policy.getUpdatePolicy())) {
                            return true;
                        }
                    }

	setAuthMiddleware,
	// Redirect some pre-defined browser request paths to a static location
	// prefix.
	setBrowserRedirectMiddleware,
	// Adds 'crossdomain.xml' policy middleware to serve legacy flash clients.
	setCrossDomainPolicyMiddleware,
	// Limits all body and header sizes to a maximum fixed limit
	setRequestLimitMiddleware,
	// Validate all the incoming requests.

 * Applications may configure OkHttp with an authenticator for origin servers, or proxy servers,
 * or both.
 *
 * ## Authentication Retries
 *
 * If your authentication may be flaky and requires retries you should apply some policy
 * to limit the retries by the class of errors and number of attempts.  To get the number of
 * attempts to the current point use this function.
 *
 * ```java
 * private int responseCount(Response response) {

    //     we find them, regardless of what the address policies need.
    //
    //  2. EVICTABLE: Connections not required by any address policy. This matches connections that
    //     don't participate in any policy, plus connections whose policies won't be violated if the
    //     connection is closed. We only close these if the idle connection limit is exceeded.
    //

    private final DcerpcHandle handle;
    private boolean opened;

    /**
     * Creates a new SAM domain handle.
     *
     * @param handle the DCE/RPC handle for communication
     * @param policyHandle the policy handle for this domain
     * @param access the desired access rights
     * @param sid the security identifier of the domain
     * @throws IOException if an I/O error occurs during handle creation
     */

	//
	// The client certificate verification should only be skipped
	// when debugging or testing a setup since it allows arbitrary
	// clients to obtain temp. credentials with arbitrary policy
	// permissions - including admin permissions.
	EnvIdentityTLSSkipVerify = "MINIO_IDENTITY_TLS_SKIP_VERIFY"
)

// Config contains the STS TLS configuration for generating temp.

	if err != nil {
		t.Fatalf("Failed to parse deleteAllILM test ILM policy %v", err)
	}
	delMarkerLc, err := lifecycle.ParseLifecycleConfig(strings.NewReader(delMarkerILM))
	if err != nil {
		t.Fatalf("Failed to parse delMarkerILM test ILM policy %v", err)
	}
	tests := []struct {
		ilm       lifecycle.Lifecycle
		retention *objectlock.Retention
		obj       ObjectInfo