jbampton opened a new issue, #2626: URL: https://github.com/apache/sedona/issues/2626
Repo health check issue. The next link details the ASF GitHub actions policies https://infra.apache.org/github-actions-policy.html Seems it says there: `You MUST pin all external actions to the specific git hash (SHA1) of the action that has been reviewed for use by the project. For instance, you MUST pin foobar/baz-action@8843d7f92416211de9ebb963ff4ce28125932878.` Do we need to pin to hash our external actions for example: https://github.com/apache/sedona/blob/59efe6e93e3fc86de409bae90109d4999fdb395f/.github/workflows/python.yml#L126 This repository hosts GitHub Actions developed by the ASF community and approved for any ASF top level project to use: https://github.com/apache/infrastructure-actions Also we use `pull_request_target` for the actions/labeler: https://github.com/apache/sedona/blob/master/.github/workflows/labeler.yml The code does not checkout but mentions the token. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
