core.setOutput('sys-prop-args', '-DagreePublicBuildScanTermOfService=yes -DcacheNode=us')
            } else {
                core.setOutput('sys-prop-args', '-DcacheNode=us')
            }
      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v3
        with:
          cache-read-only: ${{ github.ref != 'refs/heads/master' }}

          git log --pretty=format:"%H" ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} > pr_commits.txt
      - name: Check PR commits
        id: run_check
        run: |
          groovy .github/workflows/CheckBadMerge.groovy $(<pr_commits.txt) > output.txt 2>&1
      - name: Read output file
        id: read_output
        if: ${{ always() }}
        run: |
          cat output.txt

name: 'Auto Assign PR to Author'
on:
  pull_request:
    types: [opened]

permissions: {}

jobs:
  add-reviews:
    permissions:
      contents: read  # for kentaro-m/auto-assign-action to fetch config file
      pull-requests: write  # for kentaro-m/auto-assign-action to assign PR reviewers
    runs-on: ubuntu-latest
    steps:

  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '45 9 * * 0'
  push:
    branches: [ "master" ]

# Declare default permissions as read only.
permissions: read-all

jobs:
  analysis:
    name: Scorecard analysis
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write

    branches:
      - master
      - next

# This ensures that previous jobs for the PR are canceled when the PR is
# updated.
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  iam-matrix-test:
    name: "[Go=${{ matrix.go-version }}|ldap=${{ matrix.ldap }}|etcd=${{ matrix.etcd }}|openid=${{ matrix.openid }}]"
    runs-on: ubuntu-latest

name: CI

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master

permissions:
  contents: read

jobs:
  test:
    permissions:
      actions: write  # for styfle/cancel-workflow-action to cancel/stop running workflows
      contents: read  # for actions/checkout to fetch code
    name: "${{ matrix.root-pom }} on JDK ${{ matrix.java }} on ${{ matrix.os }}"
    strategy:
      matrix:

name: "Validate Gradle Wrapper"
on: [push, pull_request]

permissions:
  contents: read

jobs:
  validation:
    name: "Validation"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4

on:
  push:
    branches: [ main, master, release ]
  schedule:
    - cron: '0 5 * * *'

permissions: {}

jobs:
  CodeQL-Build:
    permissions:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/analyze to upload SARIF results
    runs-on: ubuntu-latest

    strategy: