Just out of curiosity: did you try to merge https://github.com/apache/ofbiz-framework/pull/1004 ?
Jacopo On Sat, Mar 21, 2026 at 7:27 PM Jacques Le Roux via dev < [email protected]> wrote: > I found the original, we are already not the only project impacted > https://lists.apache.org/thread/nlvl5dp5mxkcrs0krfky4xb94r0pnoxw > > Jacques > > > Le 21/03/2026 à 11:40, Jacques Le Roux a écrit : > > > > Thanks a bunch Daniel, > > > > Because of the password/secret/signature issue, I was expecting > something like that. > > > > I ask Infra right now! > > > > Jacques > > > > Le 21/03/2026 à 11:27, Daniel Watford a écrit : > >> Apache INFRA recently disabled a number of GitHub Actions. I can't > find a link to the email in archives, but an announcement was sent to > >> > >> [email protected] yesterday at 21:00 (according to my > mail client) > >> > >> The message stated that to request GHA be allowed we must submit a > request to the approval process: > >> > https://github.com/apache/infrastructure-actions?tab=readme-ov-file#adding-a-new-version-to-the-allow-list > >> > >> > >> On Sat, 21 Mar 2026 at 08:58, Jacques Le Roux via dev < > [email protected]> wrote: > >> > >> I still don't stand understand why we get this error on GH trunk > actions > >> > >> *Error* < > https://github.com/apache/ofbiz-framework/actions/runs/23375921548/workflow > > > >> The action > step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 is > not allowed in apache/ofbiz-framework because all actions > >> must be > >> from a repository owned by your enterprise, created by GitHub, or > match one of the patterns: > >> > 1Password/load-secrets-action@13f58eec611f8e5db52ec16247f58c508398f3e6, > 1Password/load-secrets-action@8d0d610af187e78a2772c2d18d627f4c52d3fbfb, > >> > 1Password/load-secrets-action@dafbe7cb03502b260e2b2893c753c352eee545bf, > AdoptOpenJDK/install-jdk@*, BobAnkh/auto-generate-changelog@*, > >> > DavidAnson/markdownlint-cli2-action@07035fd053f7be764496c0f8d8f9f41f98305101 > , > >> > DavidAnson/markdownlint-cli2-action@30a0e04f1870d58f8d717450cc6134995f993c63, > EnricoMi/publish-unit-test-result-action@*, > >> > JamesIves/github-pages-deploy-action@4a3abc783e1a24aeb44c16e869ad83caf6b4cc23 > , > >> > > JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f, > Jimver/cuda-toolkit@6008063726ffe3309d1b22e413d9e88fed91a2f2, > >> Jimver/cuda-toolkit@b6fc3a9f3f15256d9d94ffe1254f9c5a2565... > >> Show less > >> > >> It seems that reverting pushes related to Java 21, ie those of this > morning > >> https://github.com/apache/ofbiz-framework/commits/trunk/ > >> should clear the situation. > >> > >> Maybe we need to change others location (from java 17 to 21) in > our GH related code > >> Or, reading the error above, have an Infra agreement to move to 21 > >> > >> If nobody has a better idea, I'll revert for now. > >> > >> Jacques > >> > >> Le 21/03/2026 à 09:36, Jacques Le Roux via dev a écrit : > >> > Hi Jacopo, > >> > > >> > I'll have a look very soon. > >> > > >> > Jacques > >> > > >> > Le 21/03/2026 à 08:53, Jacopo Cappellato a écrit : > >> >> Hi all, > >> >> > >> >> Dependabot has created five pull requests to bump various > libraries used by > >> >> GitHub Actions for CI/CD: > >> >> > >> >> https://github.com/apache/ofbiz-framework/pull/1000 > >> >> https://github.com/apache/ofbiz-framework/pull/1001 > >> >> https://github.com/apache/ofbiz-framework/pull/1002 > >> >> https://github.com/apache/ofbiz-framework/pull/1003 > >> >> https://github.com/apache/ofbiz-framework/pull/1003 > >> >> > >> >> Should we upgrade and merge these PRs? > >> >> > >> >> Jacopo > >> > >> > >> > >> -- > >> Daniel Watford
