There are various modes which can be configured for approving GitHub Actions to run a given workflow, as described here and here. It would be good to be able to oversee this with an allstar policy, specific to public vs private forks.
Thanks for the suggestion! I think the first step would be to figure out what we would like the config to look like. Which settings Allstar would check and what the admin would setup as policy to allow or disallow.
There are various modes which can be configured for approving GitHub Actions to run a given workflow, as described here and here. It would be good to be able to oversee this with an allstar policy, specific to public vs private forks.