Hi, I think most projects use Github Actions to run pre-merge checks on their PR's. What is currently blocked is using custom actions that are not whitelisted by the ASF. The reason is that these actions could unknowingly alter the repository and inject maleficent code.
For more info you can read the (very long) discussion on the mailing list: https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E Cheers, Hans On Tue, 9 Mar 2021 at 09:54, Antoine Pitrou <anto...@python.org> wrote: > > Le 09/03/2021 à 09:33, Tristan Van Berkom a écrit : > > > > So with that said, I would like to ask the community some questions: > > > > o What is the correct way of approaching pre-merge CI for ASF github > projects ? > > > > If you have "the answer" to this, please provide it and disregard > > the entire remainder of this email, I will be happy to fall in line, > > maybe I just was not directed to the correct wiki page telling me > > how to do this :) > > Do you mean CI on submitted PRs? > > In my experience (Apache Arrow) it works, so I'm not sure which problems > you are encountering. The only thing that's limited is the Github > actions you are allowed to execute (AFAIK there's essentially a > "whitelist" of actions allowed by the ASF). > > This is an example PR submitted by a non-committer: > https://github.com/apache/arrow/pull/9649 > > Regards > > Antoine. >
