Merge pull request #2070 from jdaugherty/newMongoMerge

switch to apache github actions & use GITHUB_TOKEN where possible

Author: jdaugherty

.github/dependabot.yml

@@ -1,5 +1,9 @@
 version: 2
 updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"
 - package-ecosystem: gradle
   directory: "/"
   schedule:

.github/workflows/gradle.yml

@@ -132,13 +132,11 @@ jobs:
         with:
           develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       - name: "🔨 Build Docs"
-        id: docs
         env:
           GITHUB_MAVEN_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-        run: ./gradlew docs --refresh-dependencies
+        run: ./gradlew docs
       - name: "🚀 Publish to Github Pages"
-        if: steps.docs.outcome == 'success'
-        uses: grails/grails-github-actions/deploy-github-pages@main
+        uses: apache/grails-github-actions/deploy-github-pages@asf
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GRADLE_PUBLISH_RELEASE: 'false'
@@ -162,9 +160,19 @@ jobs:
         run: echo "value={\"message\":\"New Data Mapping Snapshots $(date) - $GITHUB_SHA\"}" >> $GITHUB_OUTPUT
       - name: "📡 Invoke the Java CI workflow in GORM Hibernate6"
         continue-on-error: true
-        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4 (Use commit sha as this is a 3rd party action)
+        uses: actions/github-script@v7
         with:
-          workflow: Java CI
-          repo: grails/gorm-hibernate6
-          ref: ${{ steps.extract_branch.outputs.value }}
-          token: ${{ secrets.GH_TOKEN }}
+          github-token: ${{ secrets.GH_TOKEN }} # must be a PAT since we're triggering on an external repo
+          script: |
+            try {
+              const result = await github.rest.actions.createWorkflowDispatch({
+                owner: 'apache',
+                repo: 'grails-data-hibernate6',
+                workflow_id: 'gradle.yml',
+                ref: '${{ steps.extract_branch.outputs.value }}'
+              });
+              console.log(result);
+            } catch(error) {
+              console.error(error);
+              core.setFailed(error);
+            }

.github/workflows/release.yml

@@ -2,19 +2,16 @@ name: "Release"
 on:
   release:
     types: [published]
-env:
-  GIT_USER_NAME: grails-build
-  GIT_USER_EMAIL: [email protected]
+permissions:
+  contents: write
+  packages: read
 jobs:
   publish:
     name: "Publish to Sonatype Staging Repository"
     outputs:
       release_version: ${{ steps.release_version.outputs.value }}
       target_branch: ${{ steps.extract_branch.outputs.value }}
     runs-on: ubuntu-24.04
-    permissions:
-      contents: write
-      packages: read
     steps:
       - name: "📥 Checkout repository"
         uses: actions/checkout@v4
@@ -28,7 +25,7 @@ jobs:
         with:
           develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       - name: "⚙️ Run pre-release"
-        uses: grails/github-actions/pre-release@main
+        uses: apache/grails-github-actions/pre-release@asf
       - name: "🔍 Determine Target Branch"
         id: extract_branch
         run: |
@@ -40,13 +37,11 @@ jobs:
         id: release_version
         run: echo "value=${GITHUB_REF:11}" >> $GITHUB_OUTPUT
       - name: "🧩 Run Assemble"
-        if: success()
         id: assemble
         env:
           GITHUB_MAVEN_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-        run: ./gradlew --refresh-dependencies assemble
+        run: ./gradlew assemble
       - name: "📤 Upload Distribution to workflow summary page"
-        if: success()
         uses: actions/upload-artifact@v4
         with:
           name: grails-data-mapping-${{ steps.release_version.outputs.value }}.zip
@@ -76,9 +71,6 @@ jobs:
     name: "Release Sonatype Staging Repository"
     needs: publish
     runs-on: ubuntu-24.04
-    permissions:
-      contents: write
-      packages: read
     steps:
       - name: "📥 Checkout repository"
         uses: actions/checkout@v4
@@ -106,16 +98,12 @@ jobs:
           findSonatypeStagingRepository
           releaseSonatypeStagingRepository 
       - name: "⚙️ Run post-release"
-        if: success()
-        uses: grails/github-actions/post-release@main
+        uses: apache/grails-github-actions/post-release@asf
   docs:
     environment: release
     name: "Publish Documentation"
     needs: publish
     runs-on: ubuntu-24.04
-    permissions:
-      contents: write
-      packages: read
     steps:
       - name: "📥 Checkout repository"
         uses: actions/checkout@v4
@@ -135,8 +123,7 @@ jobs:
           GITHUB_MAVEN_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
         run: ./gradlew docs
       - name: "🚀 Publish to Github Pages"
-        if: success()
-        uses: grails/grails-github-actions/deploy-github-pages@main
+        uses: apache/grails-github-actions/deploy-github-pages@asf
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GRADLE_PUBLISH_RELEASE: 'true'