ongdisheng commented on issue #678: URL: https://github.com/apache/fesod/issues/678#issuecomment-3495798110
Hi @delei, thank you so much for looking into this issue! I think the problem might be a bit different from the secrets configuration. The workflow is actually failing at startup before it even gets to check for secrets. When you look at the [failed run](https://github.com/apache/fesod/actions/runs/19072405399), you'll notice it shows `Startup failure`. This happens because Apache's enterprise security policy doesn't allow external actions like `nwtgck/[email protected]` to run in `fesod` repository. The git submodule approach is a workaround specifically for this security restriction. Instead of referencing the action directly from an external repository which Apache blocks, we can add it as a git submodule in our own repository under `.github/actions/`. This way, GitHub sees it as a local action that lives in the repo, which Apache's policy does allow. I noticed other Apache projects like `apache/apisix-website` use this same submodule [solution](https://github.com/apache/apisix-website/tree/master/.github/actions). You're absolutely right that we'll need the Netlify secrets configured once this is approved. I just wanted to mention that currently the workflow can't start due to the action being blocked, but once this fix is in place, we can move forward with the secrets configuration. Hope this helps clarify! Please let me know if you have any questions or if there's anything I should adjust. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
