potiuk commented on PR #7742: URL: https://github.com/apache/hbase/pull/7742#issuecomment-3897684828
> Heya @gmcdonald should we add zizmor to the list of authorized actions? Seems kinda silly that this is the prescribed tool. > > ``` > The action zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d is not allowed in apache/hbase because all actions must be from a repository owned by your enterprise, created by GitHub, verified in the GitHub Marketplace, or match one of the patterns: ... > ``` I think we should indeed. But It's not silly, because you can use zizmor in multiple ways in GH Actions - for example in Airflow we use it in `prek` hooks that are even better because they catch any issues locally for developers and then they are run in GH in static code checks via `prek run --all-files` - rather than via actions. https://github.com/apache/airflow/blob/main/.pre-commit-config.yaml#L329 I guess it was waiting here for the first person who will want to use it via actions to add it to allowlist - which is not silly, rather expected (and just happened) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
