Update: It seems some Project PMCs deliberately kept the old gradle-actions due to licencing issues which then allowed that version on the allow list see https://github.com/apache/infrastructure-actions/pull/953. (approx. 1 hour ago at the time of posting.)
Regards, Aman On Mon, Jun 22, 2026 at 10:07 PM Aman Mittal <[email protected]> wrote: > Hi everyone, > > You may have noticed a series of GitHub Actions build failures recently > across multiple workflows, including: > > - > > https://github.com/apache/fineract/actions/runs/27887032589 > - > > https://github.com/apache/fineract/actions/runs/27869715676 > - > > https://github.com/apache/fineract/actions/runs/27868316954 > > <https://www.google.com/search?q=https%3A%2F%2Fgithub.com%2Fapache%2Ffineract%2Factions%2Fruns%2F27868316954> > - > > https://github.com/apache/fineract/actions/runs/27862061333 > > <https://www.google.com/search?q=https%3A%2F%2Fgithub.com%2Fapache%2Ffineract%2Factions%2Fruns%2F27862061333> > > Root Cause > > The failures were caused by an organization-level validation error stating > that gradle/actions/setup-gradle was no longer allowed under the Apache > policy rules. > > This happened because ASF Infra removed expired and outdated actions from > the organization-wide allowlist in this commit: > https://github.com/apache/infrastructure-actions/commit/25ab499ef9c241b64a56860245e57c195baddec6 > <https://www.google.com/search?q=https%3A%2F%2Fgithub.com%2Fapache%2Finfrastructure-actions%2Fcommit%2F25ab499ef9c241b64a56860245e57c195baddec6> > > As a result, the older versions/pinned SHAs we were utilizing in our > workflows were immediately blocked by GitHub's enterprise security policies. > Resolution > > A fix has been successfully merged to address this issue. We have upgraded > the affected GitHub Actions to their latest approved versions/SHAs in PR > #6009: https://github.com/apache/fineract/pull/6009 > <https://www.google.com/search?q=https%3A%2F%2Fgithub.com%2Fapache%2Ffineract%2Fpull%2F6009> > > All main branch builds and new PRs should now run and pass successfully. > Please rebase or update your open pull requests if you are still > experiencing these workflow validation errors. > > Best regards, > > Aman Mittal > > > >
