I moved all actions to apache-airflow owned repositories and have PR ready that should fix it: https://github.com/apache/airflow/pull/13327
On Sun, Dec 27, 2020 at 2:14 PM Jarek Potiuk <[email protected]> wrote: > The ASF Infra made a sudden change in the GitHub Actions settings this > morning. This was apparently as a response to a security incident. More > info in this thread: > > > https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E > > We were not affected by the security problem, because we discussed those > potential attack vectors and we have been following the "pinned hashed" > approach for github actions: > https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions > > However, change in the policy means that our builds stopped working. I am > working now to bring the actions we use to 'Apache' owned repositories and > switch to those actions now. > > Stay tuned. > > J, > > -- > +48 660 796 129 > -- +48 660 796 129
