-
Notifications
You must be signed in to change notification settings - Fork 14.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to Apache-owned GitHub actions #13327
Switch to Apache-owned GitHub actions #13327
Conversation
There was a change in Policy of ASF that only "Made by GitHub" actions and actions residing in Apache-owned repositories are allowed to be used for ASF projects. This was in response to a security incident. More details: Policy: * https://infra.apache.org/github-actions-secrets.html Discussion builds@apache.org: * https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Discussion users@infra.apache.org: * https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E
It will need to be merged trusting that it will work. I am running it here to check https://github.com/potiuk/airflow/actions/runs/447148411 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. I may have some doubts if community will maintain those action, but seeing most of them belongs already to "airflow community" I think nothing will change.
I think it's not the question of maintenance. It's more to "salvage" the situation. We are discussing best course of action https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E but seems that INFRA approached it in the way "let's disable it and see what breaks' and we need to react. |
Follow up after apache#13327
There was a change in Policy of ASF that only "Made by GitHub" actions and actions residing in Apache-owned repositories are allowed to be used for ASF projects. This was in response to a security incident. More details: Policy: * https://infra.apache.org/github-actions-secrets.html Discussion builds@apache.org: * https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Discussion users@infra.apache.org: * https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E (cherry picked from commit c6d66cd)
There was a change in Policy of ASF that only "Made by GitHub" actions and actions residing in Apache-owned repositories are allowed to be used for ASF projects. This was in response to a security incident. More details: Policy: * https://infra.apache.org/github-actions-secrets.html Discussion builds@apache.org: * https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Discussion users@infra.apache.org: * https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E (cherry picked from commit c6d66cd)
There was a change in Policy of ASF that only "Made by GitHub" actions and actions residing in Apache-owned repositories are allowed to be used for ASF projects. This was in response to a security incident. More details: Policy: * https://infra.apache.org/github-actions-secrets.html Discussion builds@apache.org: * https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Discussion users@infra.apache.org: * https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E (cherry picked from commit c6d66cd)
There was a change in Policy of ASF that only "Made by GitHub" actions and actions residing in Apache-owned repositories are allowed to be used for ASF projects. This was in response to a security incident. More details: Policy: * https://infra.apache.org/github-actions-secrets.html Discussion builds@apache.org: * https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Discussion users@infra.apache.org: * https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E (cherry picked from commit c6d66cd)
There was a change in Policy of ASF that only "Made by GitHub" actions and actions residing in Apache-owned repositories are allowed to be used for ASF projects. This was in response to a security incident. More details: Policy: * https://infra.apache.org/github-actions-secrets.html Discussion builds@apache.org: * https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Discussion users@infra.apache.org: * https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E (cherry picked from commit c6d66cd)
There was a change in Policy of ASF that only "Made by GitHub" actions and actions residing in Apache-owned repositories are allowed to be used for ASF projects. This was in response to a security incident. More details: Policy: * https://infra.apache.org/github-actions-secrets.html Discussion builds@apache.org: * https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Discussion users@infra.apache.org: * https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E (cherry picked from commit c6d66cd) (cherry picked from commit 68630dc)
Follow up after apache#13327 (cherry picked from commit 98896e4) (cherry picked from commit 1c17b79)
There was a change in Policy of ASF that only "Made by GitHub" actions and actions residing in Apache-owned repositories are allowed to be used for ASF projects. This was in response to a security incident. More details: Policy: * https://infra.apache.org/github-actions-secrets.html Discussion builds@apache.org: * https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Discussion users@infra.apache.org: * https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E (cherry picked from commit c6d66cd) (cherry picked from commit 68630dc)
Follow up after apache#13327 (cherry picked from commit 98896e4) (cherry picked from commit 1c17b79)
There was a change in Policy of ASF that only "Made by GitHub" actions and actions residing in Apache-owned repositories are allowed to be used for ASF projects. This was in response to a security incident. More details: Policy: * https://infra.apache.org/github-actions-secrets.html Discussion builds@apache.org: * https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Discussion users@infra.apache.org: * https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E (cherry picked from commit c6d66cd) (cherry picked from commit 3a7370f)
Follow up after apache#13327 (cherry picked from commit 98896e4) (cherry picked from commit d352f52)
There was a change in Policy of ASF that only "Made by GitHub"
actions and actions residing in Apache-owned repositories
are allowed to be used for ASF projects. This was in
response to a security incident.
More details:
Policy:
Discussion builds@apache.org:
Discussion users@infra.apache.org:
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.