Jarek>so maybe that can lead to a recommendation from the INFRA. Please, no. The inclusion of the third-party code into the project repository has non-trivial licensing implications.
GitHub Action should be treated not that different from any other project dependency. If infra team forbids action reuse from external repositories, then they should forbid third-party dependencies as well. GitHub Action has virtually the same grants as any other build system plugin performing the build. Go ahead, shutdown internet connectivity at the ASF build servers, and require every ASF release to be buildable with access to the ASF repository only. Then, projects could use whatever action they want for the testing of the **technical** quality. Jarek>Rather than cloning the whole repository to a new repo in 'apache' they copied and committed the action code into .github/actions/ folder in their project That sounds like a lot of duplication. If the action is cloned to the single Apache repository, then it can be reused across all the Apache projects. On the other hand, if the action is copied to each subfolder, then each project would have to copy the same thing again and again :( I expect subrepo might result in less than trivial merge conflicts. Vladimir
