jamesfredley opened a new pull request, #15523: URL: https://github.com/apache/grails-core/pull/15523
## Summary Pin all third-party GitHub Actions to commit hashes listed in [apache/infrastructure-actions `approved_patterns.yml`](https://github.com/apache/infrastructure-actions/blob/main/approved_patterns.yml) to comply with ASF infrastructure gateway requirements. ## Changes ### `gradle/actions/setup-gradle` (11 files, ~32 occurrences) - `@v4` -> `@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2` (v5.0.0) - closest approved commit to v4 - `@v5` -> `@0723195856401067f7a2779048b490ace7a47d7c` (v5.0.2) - IS the v5 floating tag Affected: `gradle.yml`, `groovy-joint-workflow.yml`, `rat.yml`, `codestyle.yml`, all 5 `forge-deploy-*.yml`, `release.yml`, `release-publish-docs.yml` ### `google-github-actions/auth` (5 files, 10 occurrences) - `@140bb5113ffb6b65a7e9b937a81fa96cf5064462` (v2.1.11) -> `@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093` (v3.0.0) - only approved option Affected: all 5 `forge-deploy-*.yml` (deploy + deployAnalytics jobs) ### `google-github-actions/setup-gcloud` (5 files, 10 occurrences) - `@6a7c903a70c8625ed6700fa299f5ddb4ca6022e9` (v2.1.5) -> `@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db` (v3.0.1) - only approved option Affected: same 5 `forge-deploy-*.yml` files ## Compatibility - **gradle/actions v5**: Gradle 8.14.x is well within the supported range - **google-github-actions/auth v3**: Verified `credentials_json` and `create_credentials_file` inputs still supported (v3 bumps to Node 24, removes old deprecated params not used by our workflows) - **google-github-actions/setup-gcloud v3**: Verified `project_id` input still supported ## Actions Already Compliant (no changes needed) | Action | Reason | |--------|--------| | `actions/checkout@v6`, `actions/setup-java`, `actions/cache`, `actions/upload-artifact` | GitHub-official (implicitly approved) | | `github/codeql-action/*@v4` | GitHub-official (implicitly approved) | | `apache/grails-github-actions/*@asf` | Apache org (implicitly approved) | | `testlens-app/setup-testlens@v1` | Wildcard approved (`@*`) | | `nick-fields/retry@ce71cc...` | Wildcard approved (`@*`) | | `softprops/[email protected]` | Wildcard approved (`@*`) | | `release-drafter/release-drafter@v7` | Wildcard approved (`@*`) | -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
