Hi all, Just saw this updated notice from Infra and decided to check its impact on Calcite. For the main Calcite repo, we use two actions that would be included here: burrunan/gradle-cache-action and gradle/wrapper-validation-action.
It seems like we have three required steps: 1) Pin the specific version (by commit hash) of these two actions 2) Request approval for these actions (in the future when the process is in place) 3) Enable Dependabot (I believe this is just to update the GitHub Actions, but I'm going to ask to clarify) -- Michael Mior [email protected] ---------- Forwarded message --------- From: Drew Foulks <[email protected]> Date: Fri, Mar 7, 2025 at 5:03 PM Subject: [UPDATE] GitHub Actions self service improvement deployment To: <[email protected]> Greetings, all, We missed our initial deployment date for the new process of getting approval for the use of GitHub Actions. There is still a high level of interest among ASF projects to leverage custom and 3rd party GitHub Actions to support their products' build requirements, ** The new rollout date is: Friday, March 21st, 2025. ** On implementation, users will be able to issue pull requests against the infrastructure-actions repository to add 3rd party actions to the 'allow list' for use in GitHub Workflows. We ask that all projects whose repositories currently use GitHub Actions enable Dependabot in those repos accordance with our updated ( https://infra.apache.org/github-actions-policy.html <https://infra.apache.org/github-actions-policy.html#External%5C%20actions>) **PLEASE NOTE**: Infra will continue to permit use of all currently-allowed custom actions for several months to give projects time to make any necessary changes to their workflows. We will keep everyone apprised of the timeline as it unfolds. Additionally, we hope to see our builds@ community grow! If you're interested in our efforts surrounding custom GHA management or in-house GHA development, meet us on the #asf-ghactions channel in the the-asf Slack space, or join us on-list at [email protected]. -- Cheers, Drew Foulks ASF Infra
