ppkarwasz commented on code in PR #406:
URL: https://github.com/apache/logging-parent/pull/406#discussion_r2133472810
##########
.github/workflows/verify-reproducibility-reusable.yaml:
##########
@@ -61,7 +61,30 @@ jobs:
with:
distribution: zulu
java-version: ${{ inputs.java-version }}
- cache: maven
+
+ #
+ # Generates a cache key prefix to enable partial cache hits.
+ # If there's no exact match for the full cache key, any cache with this
prefix can be used as a fallback.
+ # To avoid unbounded cache growth, the prefix includes the current month,
+ # ensuring a new cache is started each month.
+ #
+ - name: Compute Cache Key Prefix
+ shell: bash
+ run: |
+ date +"CACHE_KEY=verify-reproducibility-%Y-%m" >> $GITHUB_ENV
+
+ #
+ # Configures caching for the local Maven repository.
+ # Uses a custom cache key to isolate artifacts built in this workflow,
+ # preventing reproducibility results from being affected by cached
outputs from other workflows.
+ #
+ - name: Set up Maven Cache
+ uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # 4.2.3
Review Comment:
The full SHA is the standard in this repo and there is a comment with the
version number.
Besides, you are proposing to downgrade from 4.2.3 to 3.x.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
