+1 to https://github.com/apache/airflow/pull/45266 -> Simplify caching mechanisms for CI and PROD images
-- Regards, Vishnu Chilukoori On Thu, Jan 9, 2025 at 3:31 PM Pavankumar Gopidesu <gopidesupa...@gmail.com> wrote: > Everyone has done an excellent job. > > I would also vote for https://github.com/apache/airflow/pull/45266. as > it addresses a long-standing issue related to pull_request_target > and includes numerous improvements to the CI process. Great work Jarek. > > Regards, > Pavan > > > On Thu, Jan 9, 2025 at 8:33 PM Shahar Epstein <sha...@apache.org> wrote: > > > > +1 to this :) > > > > On Thu, Jan 9, 2025, 22:10 Jarek Potiuk <ja...@potiuk.com> wrote: > > > > > It's extremely difficult to choose the PR of the month this month with > all > > > the fantastic job done by many. > > > > > > But I would like to shamelessly propose > > > https://github.com/apache/airflow/pull/45266 -> Simplify caching > > > mechanisms > > > for CI and PROD images > > > > > > After quite a few years thanks to improvements in GitHub Actions, > switching > > > to uv, and using a Github Action developed by Apache Arrow team and > > > published in shared Actions repository of ASF, and discussion in "ASF" > > > #builds > > > team we were able to finally get rid of the "pull_request_target" > > > workflow and simplify caching mechanisms we use for our images. That > was > > > not really workable before without all of those pieces combined > together, > > > but finally we could do it - and without any significant disruptions. > > > > > > It's a major improvement in security. Literally days after I merged > that, > > > we received a security report reporting a new, previously unknown way > the > > > "pull_request_target" workflow weaknesses could be exploited in > Airflow. We > > > had other mitigations in place introduced last year, so there is no > > > security impact of that one but I still need to backport it to > v2-10-test > > > (in progress) to get rid of any potential it will be exploited further > - > > > permanently. > > > > > > J. > > > > > > > > > > > > > > > On Mon, Jan 6, 2025 at 10:16 PM Briana Okyere > > > <briana.oky...@astronomer.io.invalid> wrote: > > > > > > > Happy New Year to all! > > > > > > > > It’s once again time to vote for the PR of the Month! > > > > > > > > With the help of the `get_important_pr_candidates` script in > dev/stats, > > > > we've identified the following candidates: > > > > > > > > PR #44332: AIP-84 Migrate /object/grid_data from views to FastAPI < > > > > https://github.com/apache/airflow/pull/44332> > > > > > > > > PR #44972: Swap Dag Parsing to use the TaskSDK machinery < > > > > https://github.com/apache/airflow/pull/44972> > > > > > > > > PR #44712: [AIP-86] Add Deadline Alerts table, model, and supporting > > > tests > > > > < > > > > https://github.com/apache/airflow/pull/44712> > > > > > > > > PR #45106: AIP-72: Handling task retries in task SDK + execution API > < > > > > https://github.com/apache/airflow/pull/45106> > > > > > > > > PR #44899: AIP-72: Pass context keys from API Server to Worker < > > > > https://github.com/apache/airflow/pull/44899> > > > > > > > > Please reply to this thread with your selection or offer your own > > > > nominee(s). > > > > > > > > Voting will close on Friday, January 10th at 10 AM PST. The winner(s) > > > will > > > > be featured in the next issue of the Airflow newsletter. > > > > > > > > Also, if there’s an article or event that you think should be > included in > > > > this or a future issue of the newsletter, please drop me a line at < > > > > briana.oky...@astronomer.io> > > > > > > > > -- > > > > Briana Okyere > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@airflow.apache.org > For additional commands, e-mail: dev-h...@airflow.apache.org > >
