kevinjqliu commented on issue #49724: URL: https://github.com/apache/arrow/issues/49724#issuecomment-4245440164
Thanks for creating the umbrella issue. I've applied the following fixes to all the `apache/iceberg*` repos. And looking to add these to the ASF infra page as best practice. TLDR; we added these 3 github actions in all apache/iceberg* repos * [zizmor.yml](https://github.com/apache/iceberg/blob/main/.github/workflows/zizmor.yml) enforces github action best practice * [codeql.yml](https://github.com/apache/iceberg/blob/main/.github/workflows/codeql.yml) runs CodeQL github action check (recommended by GitHub) * [asf-allowlist-check.yml](https://github.com/apache/iceberg/blob/main/.github/workflows/asf-allowlist-check.yml) warns when a workflow is disallowed by ASF Infra, otherwise the workflow will be silently skipped We can copy/paste over both `asf-allowlist-check.yml` and `codeql.yml`, there's no pre-reqs for them to run. `asf-allowlist-check.yml` will fail if any current workflows are disallowed. `codeql.yml` will not fail, it only creates warnings and add to the "Security" tab on Github. The `zizmor.yml` check requires all current warning to be resolved. We can fix forward all warnings in a single PR. Run `uvx zizmor --offline .github/` inside the repo to see warnings I would love to create a SKILL to speed this up. Esp for projects with multiple repos (arrow/datafusion/) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
