[
https://issues.apache.org/jira/browse/SOLR-18192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18073968#comment-18073968
]
Jan Høydahl commented on SOLR-18192:
------------------------------------
This also goes for other workflows. We need to pin every action version with
exact SHA, not only @main or @v3.
I'll post a PR for this issue.
> GitHub actions and workflows must be pinned with SHA
> ----------------------------------------------------
>
> Key: SOLR-18192
> URL: https://issues.apache.org/jira/browse/SOLR-18192
> Project: Solr
> Issue Type: Bug
> Reporter: Isabelle Giguere
> Priority: Major
>
> Github action "Dependency Submission" has been failing since March 20th, 2026.
> https://github.com/apache/solr/actions/workflows/dependency-graph-submission.yml
> Error message:
> "The action gradle/actions/dependency-submission@v5 is not allowed in
> apache/solr because all actions must be from a repository owned by your
> enterprise..."
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
