potiuk commented on PR #38231: URL: https://github.com/apache/airflow/pull/38231#issuecomment-2002540737
This is the nice "final" (never say final) removal of the non-DRY code in the huge workflow refactor. It finally removes the repeated build-image code between actions and workflows. It does need a bit more scrutiny - because unlike the other changes it modifies the "pull request target" workflow that is a potential security issue (see the warning messages in the workflows). I tested it here https://github.com/potiuk/airflow/pull/297 - simulating someone (higrys is my second persona) trying to hack the workflow by submitting a change to it in my fork - and it nicely DID NOT HACK IT .... The "ci-image-build.yaml` workflow used in the PR was the one from "target" not the one that came with PR (which is how `pull-request-target` should work). But ... review woudl be really useful -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
