Dear Community, +1,
I fully support the use of GitHub Actions and the "only require approval first-time" feature to increase efficiency, while being aware of potential security concerns. I am committed to monitoring and preventing any misuse of GitHub Actions to ensure proper workflow management. Thank you for raising this topic, and I am open to hearing from other community members. Best regards, Shawn Jim At 2023-03-31 15:45:00, "Zhang Yonglun" <zhangyong...@apache.org> wrote: >Hi, > >Per the new GitHub Actions policy [1], I am writing to start a >discussion regarding the use of GitHub Actions in our project, >specifically with the "only require approval first time" feature. This >feature will allow our contributors to use GitHub Actions without >requiring further approval after their first pull request is approved. > >I understand that there may be security concerns associated with this >configuration, but I believe that it will increase our project's >efficiency and help us better manage our workflows. However, I also >acknowledge that the community's input and feedback on this matter are >crucial, and I would like to hear everyone's thoughts on this. Please >share your opinions. > >[1] https://infra.apache.org/github-actions-policy.html > >-- > >Zhang Yonglun >Apache ShenYu & ShardingSphere
