Jacques, Your last message is off topic for this thread.
Jacopo On Mon, Mar 23, 2026 at 10:55 AM Jacques Le Roux via dev < [email protected]> wrote: > I too revert premature commits with > https://github.com/apache/ofbiz-framework/commit/25ea53048daded167aadb4986c6f1db588e42fc5 > I expected that it would fix the issue Gaetan has at > https://github.com/apache/ofbiz-framework/pull/917 > It fixed one, but there is still a problem. > > I noticed that at top of the failing build > > https://github.com/apache/ofbiz-framework/actions/runs/23334471276/job/67872799757?pr=917 > I see " Running Gradle on Java 22" but I guess it's another issue > > Since the error is > * What went wrong: > Execution failed for task ':compileJava'. > > error: invalid source release: 21 > > I think the answer is in Eugen Stan's comment > https://github.com/apache/ofbiz-framework/pull/917#issuecomment-3493565728 > I'm looking at it > > Jacques > > Le 23/03/2026 à 10:32, Jacopo Cappellato a écrit : > > I have now fixed our CI/CD workflows, including Docker image builds. > > > > Jacopo > > > > On Sun, Mar 22, 2026 at 7:05 PM Jacques Le Roux via dev < > > [email protected]> wrote: > > > >> Hi Jacopo, > >> > >> I have created https://issues.apache.org/jira/browse/OFBIZ-13375 as a > >> task related to that > >> > >> Jacques > >> > >> Le 22/03/2026 à 11:27, Jacopo Cappellato a écrit : > >>> Thank you Daniel. > >>> > >>> All, I have tried to debug and better understand the situation. > >>> This should be the list of all the actions currently allowed by Infra: > >>> > >>> 1) All the actions from the following namespaces are automatically > >> allowed: > >>> apache/* > >>> github/* > >>> actions/* > >>> > >>> 2) All the actions explicitly listed in this file are also allowed: > >>> https://github.com/apache/infrastructure-actions/blob/main/actions.yml > >>> > >>> Since ofbiz-framework is using actions from step-security/*, that are > not > >>> allowed by the above rules, our CI/CD pipeline is currently broken. > >>> > >>> My question is: do we really need to leverage step-security/* actions? > >> When > >>> did we decide to onboard these external actions from Step Security? I > >>> assume we could configure our workflows to use the subset of actions > that > >>> are used by the other ASF projects, and this would be my preference. > >>> Alternatively, I think we should ask Infra to review for approval the > >> Step > >>> Security actions we need. > >>> > >>> Jacopo > >>> > >>> On Sat, Mar 21, 2026 at 11:28 AM Daniel Watford <[email protected]> > >> wrote: > >>>> Apache INFRA recently disabled a number of GitHub Actions. I can't > >> find a > >>>> link to the email in archives, but an announcement was sent to > >>>> > >>>> [email protected] yesterday at 21:00 (according to my mail > >> client) > >>>> The message stated that to request GHA be allowed we must submit a > >> request > >>>> to the approval process: > >>>> > >>>> > >> > https://github.com/apache/infrastructure-actions?tab=readme-ov-file#adding-a-new-version-to-the-allow-list > >>>> > >>>> On Sat, 21 Mar 2026 at 08:58, Jacques Le Roux via dev < > >>>> [email protected]> > >>>> wrote: > >>>> > >>>>> I still don't stand understand why we get this error on GH trunk > >> actions > >>>>> *Error* < > >>>>> > >> > https://github.com/apache/ofbiz-framework/actions/runs/23375921548/workflow > >>>>> The action > >>>>> step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 > >> is > >>>>> not allowed in apache/ofbiz-framework because all actions must be > >>>>> from a repository owned by your enterprise, created by GitHub, or > match > >>>>> one of the patterns: > >>>>> > 1Password/load-secrets-action@13f58eec611f8e5db52ec16247f58c508398f3e6 > >> , > >>>>> > 1Password/load-secrets-action@8d0d610af187e78a2772c2d18d627f4c52d3fbfb > >> , > >>>>> > 1Password/load-secrets-action@dafbe7cb03502b260e2b2893c753c352eee545bf > >> , > >>>>> AdoptOpenJDK/install-jdk@*, BobAnkh/auto-generate-changelog@*, > >>>>> > >>>>> > >> > DavidAnson/markdownlint-cli2-action@07035fd053f7be764496c0f8d8f9f41f98305101 > >>>> , > >>>>> > >> > DavidAnson/markdownlint-cli2-action@30a0e04f1870d58f8d717450cc6134995f993c63 > >>>> , > >>>>> EnricoMi/publish-unit-test-result-action@*, > >>>>> > >>>>> > >> > JamesIves/github-pages-deploy-action@4a3abc783e1a24aeb44c16e869ad83caf6b4cc23 > >>>> , > >>>>> > >> > JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f > >>>> , > >>>>> Jimver/cuda-toolkit@6008063726ffe3309d1b22e413d9e88fed91a2f2, > >>>>> Jimver/cuda-toolkit@b6fc3a9f3f15256d9d94ffe1254f9c5a2565... > >>>>> Show less > >>>>> > >>>>> It seems that reverting pushes related to Java 21, ie those of this > >>>> morning > >>>>> https://github.com/apache/ofbiz-framework/commits/trunk/ > >>>>> should clear the situation. > >>>>> > >>>>> Maybe we need to change others location (from java 17 to 21) in our > GH > >>>>> related code > >>>>> Or, reading the error above, have an Infra agreement to move to 21 > >>>>> > >>>>> If nobody has a better idea, I'll revert for now. > >>>>> > >>>>> Jacques > >>>>> > >>>>> Le 21/03/2026 à 09:36, Jacques Le Roux via dev a écrit : > >>>>>> Hi Jacopo, > >>>>>> > >>>>>> I'll have a look very soon. > >>>>>> > >>>>>> Jacques > >>>>>> > >>>>>> Le 21/03/2026 à 08:53, Jacopo Cappellato a écrit : > >>>>>>> Hi all, > >>>>>>> > >>>>>>> Dependabot has created five pull requests to bump various libraries > >>>>> used by > >>>>>>> GitHub Actions for CI/CD: > >>>>>>> > >>>>>>> https://github.com/apache/ofbiz-framework/pull/1000 > >>>>>>> https://github.com/apache/ofbiz-framework/pull/1001 > >>>>>>> https://github.com/apache/ofbiz-framework/pull/1002 > >>>>>>> https://github.com/apache/ofbiz-framework/pull/1003 > >>>>>>> https://github.com/apache/ofbiz-framework/pull/1003 > >>>>>>> > >>>>>>> Should we upgrade and merge these PRs? > >>>>>>> > >>>>>>> Jacopo > >>>> > >>>> -- > >>>> Daniel Watford > >>>> >
