Re: [PR] chore: switch CI jobs to use ubuntu-slim instead of ubuntu-latest [incubator-graphar]

Tue, 10 Mar 2026 05:42:57 -0700 


Copilot commented on code in PR #902:
URL: https://github.com/apache/incubator-graphar/pull/902#discussion_r2911471089


##########
.github/workflows/license.yml:
##########
@@ -30,15 +30,21 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  check:
-    runs-on: ubuntu-latest
+  license-check:
+    name: License Check
+    runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
-          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name || 
github.repository }}
+          ref: ${{ github.event.pull_request.head.ref || github.ref }}
           submodules: false
           fetch-depth: 0
 
-      - name: Check License Header
-        uses: korandoru/hawkeye@v4
+      - name: Check license header
+        uses: apache/skywalking-eyes@main
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:

Review Comment:
   `apache/skywalking-eyes` is referenced from the moving `@main` branch, which 
makes the workflow non-reproducible and increases supply-chain risk. Pin this 
action to a tagged release or a specific commit SHA instead.



##########
.github/.licenserc.yaml:
##########
@@ -0,0 +1,64 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the

Review Comment:
   This new `.github/.licenserc.yaml` file is missing the standard ASF license 
header comment block that the repository uses for YAML files. Add the ASF 
header to the top of this file (or ensure it’s explicitly excluded by the 
license-check config) so the license check and ASF policy remain consistent.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to