Skip to content

Infra: Remove GitHub Actions from Dependabot configuration#597

Merged
wgtmac merged 1 commit intoapache:mainfrom
kevinjqliu:kevinjqliu/remove-dependabot-github-actions
Mar 24, 2026
Merged

Infra: Remove GitHub Actions from Dependabot configuration#597
wgtmac merged 1 commit intoapache:mainfrom
kevinjqliu:kevinjqliu/remove-dependabot-github-actions

Conversation

@kevinjqliu
Copy link
Copy Markdown
Contributor

@kevinjqliu kevinjqliu commented Mar 21, 2026

Related to apache/iceberg-python#3186

Dont auto update since we now depend on github action being allowlisted by asf-infra first, https://github.com/apache/infrastructure-actions/blob/main/approved_patterns.yml

@wgtmac
Copy link
Copy Markdown
Member

wgtmac commented Mar 21, 2026

If we remove this, then it is maintainer's responsibility to check available and allowed updates manually?

@kevinjqliu
Copy link
Copy Markdown
Contributor Author

kevinjqliu commented Mar 23, 2026

yep! we'd have to manually upgrade github actions, and only those allowed by asf-infra (both the action and its version)

@kevinjqliu kevinjqliu mentioned this pull request Mar 23, 2026
Closed
4 tasks
@wgtmac
Copy link
Copy Markdown
Member

wgtmac commented Mar 24, 2026

That makes sense. I agree security takes higher priority here. We can investigate if some sort of AI tooling (perhaps claws?) can help automate followup upgrades.

@wgtmac wgtmac merged commit f79f885 into apache:main Mar 24, 2026
11 checks passed
@kevinjqliu kevinjqliu deleted the kevinjqliu/remove-dependabot-github-actions branch March 24, 2026 04:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wgtmac wgtmac wgtmac approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kevinjqliu @wgtmac