Actions Watchlist #238
Description
The allow list has some legacy stuff, some actions are unused, some are no longer valid etc. (e.g. due to changes to gha).
This issues is a list of actions that should be re-evaluated:
- JamesIves/github-pages-deploy-action: not really needed imo as you can just deploy with git commands? But widely used and well maintained.
- nwtgck/actions-netlify: only used in https://github.com/apache/linkis-website/blob/dev/.github/workflows/deploy-netlify.yml . Not sure if that makes sense or that we should recommend using the asf-site staging mechanism mentioned at https://infra.apache.org/project-site.html ?
- untitaker/hyperlink: only used by apache/linkis-website
- bnjbvr/cargo-machete only used by apache/iggy, can be easily replaced with cargo invocations. The action uses a single-maintainer fork of the archived actions-rs/cargo action 'clechasseur/rs-cargo' which is also wildcarded in the allow list. Both of these should go.
- ncipollo/release-action: this should be replaceable with
gh releasepretty easily? - peter-evans/create-or-update-comment: a high permission action that should be replacable with
gh pr comment - commit-check/commit-check-action: only used in one repo, single maintainer (though active)
- addnab/docker-run-action: last updated 3 years ago, only used in one repo, high permissions, should be easily replaceable with
docker run ... - damccorm/tag-ur-it last updated 3 years ago, used in 2 repos