kou commented on code in PR #47305:
URL: https://github.com/apache/arrow/pull/47305#discussion_r2268587853
##########
.github/workflows/cpp_extra.yml:
##########
@@ -81,6 +81,9 @@ jobs:
outputs:
ci-extra: ${{ steps.check.outputs.ci-extra }}
steps:
+ - name: Checkout Arrow
+ if: github.event_name == 'pull_request'
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #
v5.0.0
Review Comment:
In general, we should use SHA1 instead of tag based on the Apache policy:
https://infra.apache.org/github-actions-policy.html
We can consider `actions/checkout` as an internal action. So we can use a
tag such as `v5` for `actions/checkout`.
But both of SHA1 and tag can be updated automatically by Dependabot like
https://github.com/apache/arrow/pull/47311 . So we can always use SHA1 without
a big pain.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
