adityamparikh commented on code in PR #145:
URL: https://github.com/apache/solr-mcp/pull/145#discussion_r3404488281
##########
.github/workflows/build-and-publish.yml:
##########
@@ -274,11 +274,10 @@ jobs:
# Authenticate to GitHub Container Registry
# Uses built-in GITHUB_TOKEN (no configuration needed)
- name: Log in to GitHub Container Registry
- uses: docker/login-action@v3
Review Comment:
Done in 7b1c810 — pinned `docker/login-action` to
`650006c6eb7dba73a995cc03b0b2d7f5ca915bee` (v4.2.0), the entry with no
`expires_at` in
[`apache/infrastructure-actions/actions.yml`](https://github.com/apache/infrastructure-actions/blob/main/actions.yml),
so it won't need re-bumping when older SHAs roll off. Applied to both GHCR
logins (`build-and-publish.yml` + `release-publish.yml`) and the commented-out
Docker Hub example.
For the others: `softprops/action-gh-release` (allow-listed via `'*': keep:
true`) and `peter-evans/repository-dispatch` (not on the list at all) stayed as
inline `gh` to keep the third-party surface minimal, and
`docker/setup-buildx-action` stayed dropped since `docker buildx imagetools
create` works with the default builder. Happy to restore `action-gh-release` to
a pinned action too if you'd rather be consistent.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
