You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/01/06 13:45:18 UTC

[GitHub] [airflow] potiuk commented on a change in pull request #13514: WIP: Test out github actions via gitmodules

potiuk commented on a change in pull request #13514:
URL: https://github.com/apache/airflow/pull/13514#discussion_r552625251



##########
File path: .gitmodules
##########
@@ -0,0 +1,3 @@
+[submodule ".github/actions/get-workflow-origin"]
+	path = .github/actions/get-workflow-origin
+	url = https://github.com/potiuk/get-workflow-origin

Review comment:
       BTW. This change should use SHA not master version otherwise we (implicitly) fall in the same trap as https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions 
   
   This is why subrepo is also much nicer because you always have specific commit of the repo you are linking to. You cannot link to branch - you bring very specific version of the code in.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org