Yeah, that sounds like a really bad decision for our workflow. It makes me wonder how other projects are handling their workflow if this doesn't break them. I can only see this working for a small team who are all/mostly committers and rarely get outside contributions.
- ferruzzi ________________________________ From: Jarek Potiuk <ja...@potiuk.com> Sent: Monday, February 13, 2023 11:58 AM To: dev@airflow.apache.org Subject: FW: [EXTERNAL][NOTICE] Upcoming global changes to default GitHub Actions behavior for outside collaborators CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. BTW. I am going to strongly oppose that (ticket is coming) ---------- Forwarded message --------- From: Jarek Potiuk <ja...@potiuk.com> Date: Mon, Feb 13, 2023 at 8:55 PM Subject: Re: [NOTICE] Upcoming global changes to default GitHub Actions behavior for outside collaborators To: <us...@infra.apache.org> Cc: <annou...@infra.apache.org> I will raise a ticket and explain. But This would be a huge blow to the Airflow community and almost immediate burn-out of the active committers if it goes life for Airflow. And likely many other projects. I am very strongly convinced it should not be enforced. J. On Mon, Feb 13, 2023 at 8:51 PM Daniel Gruno <humbed...@apache.org> wrote: > > To Project PMCs: > > GitHub for Apache projects is currently set to allow a non-committer > contributor to use GitHub Actions if a previous pull request by that > person has been approved. > > This has raised some security concerns, and could cause issues with > overall use and availability of GitHub Actions. > > The Infrastructure Team proposes to change the default to “always > require approval for external contributors”. We intend to make this > change on Sunday the 19th of March, 2023. > > This change will apply to all GitHub repositories that do not already > have a specific GitHub Actions policy set. > > Projects that have a strong desire to use the “only need approval first > time” option should communicate that, explaining their reasons, in a > Jira ticket for Infra. Please be as specific as you can in which > repositories you wish to have this option set for, should you choose to. > > With regards, > Daniel, on behalf of the ASF Infrastructure Team.
