This is an automated email from the ASF dual-hosted git repository.
kou pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-dotnet.git
The following commit(s) were added to refs/heads/main by this push:
new 12fce23 chore: Remove pr_comment GitHub actions workflow (#255)
12fce23 is described below
commit 12fce233c9e99e8ba73edf318368216cdda3eeef
Author: Adam Reeve <[email protected]>
AuthorDate: Tue Feb 3 02:33:33 2026 +0000
chore: Remove pr_comment GitHub actions workflow (#255)
This uses the `pull_request_target` trigger, which goes against the [ASF
GitHub Actions
Policy](https://infra.apache.org/github-actions-policy.html).
From reading
https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/,
my understanding is that we're using `pull_request_target` correctly
here by not checking out untrusted code. We need to use this target
instead of `pull_request` to have permission to comment on the PR.
The ASF automated check seems too strict to me, but I'm not sure it's
worth the hassle to challenge this and we can work without this
workflow.
Maybe as an alternative, we could add something to the pull request
template that's commented out by default but users can uncomment and
edit if they're making documentation changes? I can add that in a
follow-up PR.
cc @kou
---
.github/workflows/pr_comment.yaml | 56 ---------------------------------------
1 file changed, 56 deletions(-)
diff --git a/.github/workflows/pr_comment.yaml
b/.github/workflows/pr_comment.yaml
deleted file mode 100644
index e72fcc0..0000000
--- a/.github/workflows/pr_comment.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-name: PR comment
-
-on:
- pull_request_target:
- paths:
- - 'ci/scripts/docs.sh'
- - 'docs/**'
- types:
- - opened
-
-permissions:
- contents: read
- issues: write
- pull-requests: write
-
-jobs:
- preview-url:
- name: Preview URL
- runs-on: ubuntu-latest
- steps:
- - name: Comment
- env:
- GH_TOKEN: ${{ github.token }}
- PR_REPOSITORY: ${{ github.event.pull_request.base.repo.full_name }}
- FORK_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }}
- PR_NUMBER: ${{ github.event.number }}
- run: |
-
configure_url="https://github.com/apache/arrow-dotnet/blob/main/docs/README.md#preview-on-forks";
- fork_owner=${FORK_REPOSITORY%/*}
- fork_repository=${FORK_REPOSITORY#*/}
- {
- echo "Documentation preview URL:
https://${fork_owner}.github.io/${fork_repository}";
- echo ""
- echo "If the preview URL doesn't work, you may need to configure
your fork repository for preview."
- echo "See ${configure_url} for instructions on how to configure."
- } | tee body.md
- gh pr comment ${PR_NUMBER} \
- --body-file body.md \
- --repo ${PR_REPOSITORY}
