I've been test-driving https://github.com/apache/infrastructure-actions and it seems to be working nicely!
A neat tool for hash-pinning the actions in your repo I found is: https://github.com/eclipse-csi/octopin/ Kind regards, Arnout On 2025/03/07 19:58:15 Drew Foulks wrote: > Greetings, all, > > We missed our initial deployment date for the new process of getting > approval for the use of GitHub Actions. > > There is still a high level of interest among ASF projects to leverage > custom and 3rd party GitHub Actions to support their products' build > requirements, > > > ** The new rollout date is: Friday, March 21st, 2025. ** > > > On implementation, users will be able to issue pull requests against the > infrastructure-actions repository to add 3rd party actions to the 'allow > list' for use in GitHub Workflows. > > We ask that all projects whose repositories currently use GitHub Actions > enable Dependabot in those repos accordance with our updated ( > https://infra.apache.org/github-actions-policy.html > <https://infra.apache.org/github-actions-policy.html#External\%20actions>) > > **PLEASE NOTE**: Infra will continue to permit use of all > currently-allowed custom actions for several months to give projects time > to make any necessary changes to their workflows. > > We will keep everyone apprised of the timeline as it unfolds. Additionally, > we hope to see our builds@ community grow! If you're interested in our > efforts surrounding custom GHA management or in-house GHA development, meet > us on the #asf-ghactions channel in the the-asf Slack space, or join us > on-list at ghactions@infra.apache.org. > > > -- > Cheers, > > Drew Foulks > ASF Infra > --------------------------------------------------------------------- To unsubscribe, e-mail: ghactions-unsubscr...@infra.apache.org For additional commands, e-mail: ghactions-h...@infra.apache.org
