steps:
      - name: Checkout repository
        uses: actions/checkout@v5
        with:
          ref: devprod/upgrade-to-latest-wrapper
          token: ${{ secrets.GITHUB_TOKEN }}
          fetch-depth: 0
      - name: Setup java
        uses: actions/setup-java@v5
        with:
          distribution: temurin
          java-version: 17

    permissions:
      contents: read
      issues: write
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Set up JDK 17
        uses: actions/setup-java@v5
        with:
          distribution: 'temurin'
          java-version: '17'
      - name: Install Groovy

	// assert the http response.
	c.Assert(response.StatusCode, http.StatusOK)

	// make HTTP request to fetch the object.
	request, err = newTestSignedRequest(http.MethodGet, getGetObjectURL(s.endPoint, bucketName, objectName),
		0, nil, s.accessKey, s.secretKey, s.signer)
	c.Assert(err, nil)

	// execute the http request to fetch object.
	response, err = s.client.Do(request)
	c.Assert(err, nil)
	// assert the http response status code.

		return cred, ErrNone
	}

	return cred, ErrAccessDenied
}

// Fetch the security token set by the client.
func getSessionToken(r *http.Request) (token string) {
	token = r.Header.Get(xhttp.AmzSecurityToken)
	if token != "" {
		return token
	}
	return r.Form.Get(xhttp.AmzSecurityToken)
}

// Fetch claims in the security token returned by the client, doesn't return

      id: cherrypick
      run: |
          git config --global user.name "TensorFlow Release Automation"
          git config --global user.email "******@****.***"
          git fetch origin master
          git cherry-pick ${{ github.event.inputs.git_commit }}
          echo "SHORTSHA=$(git log -1 ${{ github.event.inputs.git_commit }} --format="%h")" >> "$GITHUB_OUTPUT"

    - cron: '0 5 * * *'

permissions: {}

jobs:
  CodeQL-Build:
    permissions:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/analyze to upload SARIF results
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:

permissions:
  contents: read

jobs:
  test:
    permissions:
      actions: write  # for styfle/cancel-workflow-action to cancel/stop running workflows
      contents: read  # for actions/checkout to fetch code
    name: "${{ matrix.root-pom }} on JDK ${{ matrix.java }} on ${{ matrix.os }}"
    strategy:
      matrix:
        os: [ ubuntu-latest ]
        java: [ 8, 11, 17, 21 ]

		read := r.Method == http.MethodGet || r.Method == http.MethodHead
		// Re-direction is handled specifically for browser requests.
		if !guessIsHealthCheckReq(r) && guessIsBrowserReq(r) && read && globalBrowserRedirect {
			// Fetch the redirect location if any.
			if u := getRedirectLocation(r); u != nil {
				// Employ a temporary re-direct.
				http.Redirect(w, r, u.String(), http.StatusTemporaryRedirect)
				return
			}
		}

* The frontend stores that token temporarily somewhere.
* The user clicks in the frontend to go to another section of the frontend web app.
* The frontend needs to fetch some more data from the API.
    * But it needs authentication for that specific endpoint.
    * So, to authenticate with our API, it sends a header `Authorization` with a value of `Bearer ` plus the token.

        if (entry == null)
            return;

        switch (changeType) {
        case FILE_ADDED:
            // Invalidate cache - we need to fetch new file info
            entry.invalidate();
            break;

        case FILE_REMOVED:
            entry.removeChild(childName);
            break;

        case FILE_MODIFIED: