[
https://issues.apache.org/jira/browse/HADOOP-19858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18073777#comment-18073777
]
ASF GitHub Bot commented on HADOOP-19858:
-----------------------------------------
steveloughran commented on PR #8412:
URL: https://github.com/apache/hadoop/pull/8412#issuecomment-4253622439
I see the goal here, even if the details are not something I fully
understand yet.
1. PRs happen in a forked repo
2. actions are executed in the user's VM allowance
because of (1) you can grant the actions more permissions, including the
ability to cache docker and other artifacts. There's no need to worry about
cache contamination attacks because they'd happening in the forked repo, not
the central one.
How about we get this into the hadoop-thirdparty repo first, so we can play
with it ourselves and make sure we are all happy before merging this into
hadoop itself?
https://github.com/apache/hadoop-thirdparty
> Set up build workflow in GitHub Actions
> ---------------------------------------
>
> Key: HADOOP-19858
> URL: https://issues.apache.org/jira/browse/HADOOP-19858
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: build
> Reporter: Cheng Pan
> Priority: Major
> Labels: pull-request-available
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]