Hi Volkan, On 13.05.2025 11:06, Volkan Yazıcı wrote: > Thanks for chasing this Piotr. Given the recently stagnating Log4j > maintainer time, the workflow of verifying dependabot PRs, adding > associated changelog entries, and automatically merging upon success was a > big time saver for us. I'd really appreciate it if we can bring it back.
Thank you for implementing the first version of the action! > In GHA workflows, we refer to a reusable as simple as > `<org|user>/<repo>@<ref>`. Given this will only be used by a > `logging-parent` reusable workflow, can't we place these sources to the > `.github/actions` folder in `logging-parent`, and access it from there? I guess it should work. I'll make a PR for that. > If you say PAT will solve the workflow triggering issue, please proceed > with creating the associated INFRA ticket. (I'd appreciate it if you can > tag me there so that I can follow its implementation.) I created the ticket: https://issues.apache.org/jira/browse/INFRA-26820 I don't see any major security issues in our usage pattern of the PAT, but we might need to motivate the request more thoroughly. Piotr
