This is an automated email from the ASF dual-hosted git repository.
piotr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iggy.git
The following commit(s) were added to refs/heads/master by this push:
new ba8e865af ci: fix ASF github actions allowlist violations (#2993)
ba8e865af is described below
commit ba8e865af61ced189c40398c3c2da17d46b3c70f
Author: Hubert Gruszecki <[email protected]>
AuthorDate: Fri Mar 20 17:43:36 2026 +0100
ci: fix ASF github actions allowlist violations (#2993)
Replace docker/setup-buildx-action@v3 with shell commands - not in ASF
allowlist, buildx is pre-installed on GH runners. Pin
astral-sh/setup-uv@v7 to 5a095e7a (v7.3.1) per ASF allowlist.
---
.github/actions/python-maturin/pre-merge/action.yml | 2 +-
.github/actions/utils/docker-buildx/action.yml | 7 ++-----
.github/workflows/_test.yml | 2 +-
.github/workflows/_test_examples.yml | 2 +-
.github/workflows/post-merge.yml | 2 +-
.github/workflows/publish.yml | 2 +-
6 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/.github/actions/python-maturin/pre-merge/action.yml
b/.github/actions/python-maturin/pre-merge/action.yml
index bb899f0d6..df27e0920 100644
--- a/.github/actions/python-maturin/pre-merge/action.yml
+++ b/.github/actions/python-maturin/pre-merge/action.yml
@@ -41,7 +41,7 @@ runs:
tool: cargo-llvm-cov
- name: Install uv
- uses: astral-sh/setup-uv@v7
+ uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 #
v7.3.1
- name: Cache uv
uses: actions/cache@v4
diff --git a/.github/actions/utils/docker-buildx/action.yml
b/.github/actions/utils/docker-buildx/action.yml
index 731c7b38f..66f3b44c3 100644
--- a/.github/actions/utils/docker-buildx/action.yml
+++ b/.github/actions/utils/docker-buildx/action.yml
@@ -135,11 +135,8 @@ runs:
platforms: all
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
- with:
- driver-opts: |
- network=host
- image=moby/buildkit:latest
+ run: docker buildx create --use --driver-opt network=host --driver-opt
image=moby/buildkit:latest
+ shell: bash
- name: Login to Docker Hub
if: steps.config.outputs.should_push == 'true'
diff --git a/.github/workflows/_test.yml b/.github/workflows/_test.yml
index 88e311f8a..fb170e35d 100644
--- a/.github/workflows/_test.yml
+++ b/.github/workflows/_test.yml
@@ -76,7 +76,7 @@ jobs:
# Python SDK
- name: Set up Docker Buildx for Python
if: inputs.component == 'sdk-python' && inputs.task == 'test'
- uses: docker/setup-buildx-action@v3
+ run: docker buildx create --use
- name: Run Python SDK task
if: inputs.component == 'sdk-python'
diff --git a/.github/workflows/_test_examples.yml
b/.github/workflows/_test_examples.yml
index a7eb51070..0e8d96661 100644
--- a/.github/workflows/_test_examples.yml
+++ b/.github/workflows/_test_examples.yml
@@ -63,7 +63,7 @@ jobs:
- name: Setup uv
if: startsWith(inputs.component, 'examples-') && inputs.task ==
'examples-python'
- uses: astral-sh/setup-uv@v7
+ uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 #
v7.3.1
- name: Cache uv
if: startsWith(inputs.component, 'examples-') && inputs.task ==
'examples-python'
diff --git a/.github/workflows/post-merge.yml b/.github/workflows/post-merge.yml
index 12b1074a6..8f68f9a92 100644
--- a/.github/workflows/post-merge.yml
+++ b/.github/workflows/post-merge.yml
@@ -372,7 +372,7 @@ jobs:
tool: cargo-llvm-cov
- name: Install uv
- uses: astral-sh/setup-uv@v7
+ uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 #
v7.3.1
- name: Install dependencies
run: |
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index eb6c3324b..301b6f8cd 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -739,7 +739,7 @@ jobs:
path: ${{ runner.temp }}/digests
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
+ run: docker buildx create --use
- name: Login to Docker Hub
uses: docker/login-action@v3
