Hi infra team, The maven-jlink-plugin needs a second JDK as a toolchain JDK. While all jenkins builds do have this by default, we worked around it in github actions by using a 3rd-party jabba action [1].
Due to the new security policy, this build is now broken: "battila7/jdk-via-jabba@v1 is not allowed to be used in apache/maven-jlink-plugin. Actions in this workflow must be: created by GitHub, verified in the GitHub Marketplace, within a repository owned by apache or match the following: adoptopenjdk/*, apache/*, gradle/wrapper-validation-action." Interestingly, there is no "adoptopenjdk/*" action. The current workflow file uses jdk-via-jabba, as this action can control the variable it puts the path into [2]. Please suggest a new solution. Also, if new security policies are created, kindly send a mail to the maven-dev mailing list. Thanks, - Ben [1]: https://github.com/apache/maven-jlink-plugin/blob/MJLINK-62/.github/workflows/maven.yml [2]: https://github.com/apache/maven-jlink-plugin/blob/91cc1cfec38b3863d578aa281e82b062819c3c92/.github/workflows/maven.yml#L50
