[SciPy-Dev] GitHub actions restrictions
Ralf Gommers
ralf.gommers at gmail.com
Thu Apr 29 03:53:56 EDT 2021
On Thu, Apr 29, 2021 at 7:33 AM Ilhan Polat <ilhanpolat at gmail.com> wrote:
> There are also a lot of complaints from OS maintainers to GitHub in the
> private OSS Feedback Group. It is indeed tiring for large and active
> projects to go through and click every PR. TravisCI took the path to kick
> out OS to combat and GH is doing this basically pushing the burden on the
> OS maintainers. A proposal was given to restrict this to cases in which
> only if the pull request touches sensitive files .github or .sh-alike
> however GH has not commented yet. I am not sure if that is going to be
> sufficient to block malicious code executions though.
>
I don't think it's too bad. What GitHub does now seems sensible, and I
think it's a very small price to pay for free CI. TravisCI pulling support
almost completely was a very different story, that caused months of pain.
Cheers,
Ralf
>
>
>
> On Wed, Apr 28, 2021 at 11:45 PM Andrew Nelson <andyfaff at gmail.com> wrote:
>
>>
>> https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks
>>
>> From the GH website:
>> When a first-time contributor submits a pull request to a public
>> repository, a maintainer with write access must approve any workflow runs.
>>
>> The purpose behind this is so that things like mining for Bitcoin is
>> prevented.
>>
>> A.
>>
>> _______________________________________________
>> SciPy-Dev mailing list
>> SciPy-Dev at python.org
>> https://mail.python.org/mailman/listinfo/scipy-dev
>>
> _______________________________________________
> SciPy-Dev mailing list
> SciPy-Dev at python.org
> https://mail.python.org/mailman/listinfo/scipy-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/scipy-dev/attachments/20210429/aa23255a/attachment.html>
More information about the SciPy-Dev
mailing list