+1 The requirements called out in the policy doc seem reasonable to me. Thanks for driving this effort!
On Wed, May 31, 2023 at 1:10 AM Abhishek Agarwal <abhis...@apache.org> wrote: > Hello, > I raised an INFRA ticket ( > https://issues.apache.org/jira/browse/INFRA-24657) > for the druid project so the contributors don't need a committer to trigger > PR build/test. Infra has agreed to relax the restrictions enough that a > contributor will need the approval only for their first contribution. > > However, as a project, we need to follow certain requirements that are > called out here - https://infra.apache.org/github-actions-policy.html > > They all seem fine to me. We are using `pull_request_target` for the > labeler action but that action doesn't export any confidential variables. > If others agree as well, I will just link this thread to the INFRA ticket. > > As a follow-up item, I can add a README.md in .github folder that warns > contributors and committers to keep these requirements in mind as they > change GitHub workflows in future. >