Skip to content

CI: JDK 24 ga, pin actions, enable dependabot again and minor updates#8339

Merged
mbien merged 1 commit intoapache:masterfrom
mbien:gh-pin-actions
Mar 18, 2025
Merged

CI: JDK 24 ga, pin actions, enable dependabot again and minor updates#8339
mbien merged 1 commit intoapache:masterfrom
mbien:gh-pin-actions

Conversation

@mbien
Copy link
Copy Markdown
Member

@mbien mbien commented Mar 15, 2025
edited
Loading

  • switch from JDK 24 ea to ga
  • pin third party actions to hash
  • enable dependabot for action updates
  • add retry on IOException to BinariesListUpdates checker

@mbien mbien added the CI continuous integration changes label Mar 15, 2025
@mbien mbien added this to the NB26 milestone Mar 15, 2025
@mbien mbien marked this pull request as draft March 15, 2025 23:57
@mbien
Copy link
Copy Markdown
Member Author

mbien commented Mar 16, 2025
edited
Loading

allow list didn't like that pin. have to ask infra

update: the allow list doesn't support that yet, but i think ASF infra is working on it.

unpinned (@v5) does pass and downloads the latest version as expected:

Download action repository 'geekyeggo/delete-artifact@v5' (SHA:f275313e70c08f6120db482d7a6b98377786765b)
Complete job name: Cleanup Workflow Artifacts

when pinned to the hash above, the apache allow list blocks it. This clashes directly with the dependabot requirement since it guarantees that all dependabot PRs fail.

update2: the used hashes are now explicitly allow listed. How this will interact with debendabot in future is unclear but i believe infra is working on it (apache/infrastructure-actions#90).

@mbien mbien added the do not merge Don't merge this PR, it is not ready or just demonstration purposes. label Mar 16, 2025
@mbien mbien changed the title CI: pin actions, enable dependabot again and minor updates CI: JDK 24 ga, pin actions, enable dependabot again and minor updates Mar 17, 2025
@mbien
CI: JDK 24 ga, pin actions, enable dependabot again and minor updates
6e1d1ea 
 - switch from JDK 24 ea to ga
 - pin third party actions to hash
 - enable dependabot for action updates
 - add retry on IOException to BinariesListUpdates checker
@mbien mbien added Upgrade Library Library (Dependency) Upgrade and removed do not merge Don't merge this PR, it is not ready or just demonstration purposes. labels Mar 18, 2025
@mbien mbien marked this pull request as ready for review March 18, 2025 21:51
lkishalmi
lkishalmi approved these changes Mar 18, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@lkishalmi lkishalmi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@mbien mbien merged commit 60e2d92 into apache:master Mar 18, 2025
31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lkishalmi lkishalmi lkishalmi approved these changes

@neilcsmith-net neilcsmith-net Awaiting requested review from neilcsmith-net

Assignees

No one assigned

Labels

CI continuous integration changes Upgrade Library Library (Dependency) Upgrade

Projects

None yet

Milestone

NB26

Development

Successfully merging this pull request may close these issues.

2 participants

@mbien @lkishalmi