Conversation
Jesus-Osuna-M
approved these changes
May 4, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the repository’s GitHub Actions workflows to newer major versions of the core first-party actions used by CI and release automation. This keeps the Java build and release pipelines aligned with newer action releases, but the updated refs still need review from a workflow supply-chain perspective.
Changes:
- Upgraded
actions/checkoutfromv4tov5in the CI and release workflows. - Upgraded
actions/setup-javafromv4tov5in both workflows. - Upgraded
actions/upload-artifactfromv4tov5in the Gradle CI workflow.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
.github/workflows/gradle.yml |
Updates the CI workflow’s checkout, Java setup, and artifact upload actions to newer major versions. |
.github/workflows/release.yml |
Updates the release workflow’s checkout and Java setup actions to newer major versions. |
Comments suppressed due to low confidence (1)
.github/workflows/gradle.yml:41
actions/upload-artifactis also using a mutable major tag here, so artifact publishing behavior can change later without a corresponding change in this repository. Pinning the action to an immutable commit SHA would avoid that supply-chain risk and keep CI runs reproducible.
- name: Upload plugin jar
uses: actions/upload-artifact@v5
with:
# Artifact name
name: Grails-Plugin-${{ steps.get_version.outputs.VERSION }}
# Directory containing files to upload
path: build/libs/ansible-plugin-${{ steps.get_version.outputs.VERSION }}.jar
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+14
to
+18
| uses: actions/checkout@v5 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Set up JDK 17 | ||
| uses: actions/setup-java@v4 | ||
| uses: actions/setup-java@v5 |
Comment on lines
+11
to
13
| - uses: actions/checkout@v5 | ||
| with: | ||
| fetch-depth: 0 |
| if: "!contains(github.ref, 'refs/tags')" | ||
| - name: Set up JDK 17 | ||
| uses: actions/setup-java@v4 | ||
| uses: actions/setup-java@v5 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates the GitHub Actions workflow files to use the latest major versions of key GitHub Actions. The main focus is on keeping the CI/CD pipeline up-to-date and secure by upgrading the action versions.
GitHub Actions version upgrades:
actions/checkoutfromv4tov5in both.github/workflows/gradle.ymland.github/workflows/release.ymlto use the latest improvements and bug fixes. [1] [2]actions/setup-javafromv4tov5in both workflow files to ensure compatibility and leverage new features for Java setup. [1] [2]actions/upload-artifactfromv4tov5in.github/workflows/gradle.ymlfor improved artifact handling and reliability.