potiuk commented on a change in pull request #13514: URL: https://github.com/apache/airflow/pull/13514#discussion_r552625251
########## File path: .gitmodules ########## @@ -0,0 +1,3 @@ +[submodule ".github/actions/get-workflow-origin"] + path = .github/actions/get-workflow-origin + url = https://github.com/potiuk/get-workflow-origin Review comment: BTW. This change should use SHA not master version otherwise we (implicitly) fall in the same trap as https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions This is why subrepo is also much nicer because you always have specific commit of the repo you are linking to. You cannot link to branch - you bring very specific version of the code in. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
