pull-requests: read
    if: |
      github.repository == 'tensorflow/tensorflow' &&
      startsWith(github.event.head_commit.message, 'Rollback of PR #')
    steps:
      - name: Checkout repo
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Create a new Github Issue
        uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6.3.3
        with:

    permissions:
      pull-requests: read
    # Set job outputs to values from filter step
    outputs:
      docs: ${{ steps.filter.outputs.docs }}
    steps:
    - uses: actions/checkout@v4
    # For pull requests it's not necessary to checkout the code but for master it is
    - uses: dorny/paths-filter@v3
      id: filter
      with:
        filters: |
          docs:
            - README.md
            - docs/**

            }
            getExecOperations().exec(spec -> spec.commandLine("git", "clone", "--no-checkout", remoteUri, destinationDir.getAbsolutePath()));
        }
        getExecOperations().exec(spec -> {
            spec.commandLine("git", "checkout", getCommitId().get());
            spec.setWorkingDir(destinationDir);
        });
        getExecOperations().exec(spec -> {

	mksyscall="./mksyscall.pl -l32 -netbsd"
	mksysnum="curl -s 'http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master' | ./mksysnum_netbsd.pl"
	mktypes="GOARCH=$GOARCH go tool cgo -godefs"
	;;
netbsd_amd64)
	mkerrors="$mkerrors -m64"
	mksyscall="./mksyscall.pl -netbsd"
	mksysnum="curl -s 'http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master' | ./mksysnum_netbsd.pl"
	mktypes="GOARCH=$GOARCH go tool cgo -godefs"

    runs-on: ubuntu-latest
    timeout-minutes: 20

    strategy:
      fail-fast: false
      matrix:
        language: ['java', 'javascript']

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
      with:
        fetch-depth: 2

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}

git commit -m 'create module tagtests'

git branch b

echo v0.2.1 >v0.2.1
git add v0.2.1
git commit -m v0.2.1
git tag v0.2.1

git checkout b
echo v0.2.2 >v0.2.2
git add v0.2.2
git commit -m v0.2.2
git tag v0.2.2

git checkout master
git merge b -m merge

zip -r ../tagtests.zip .

    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write
      id-token: write

    steps:
      - name: "Checkout code"
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
        with:
          persist-credentials: false

      - name: "Run analysis"

** verify the artifact using the downloaded public keys
** if signature verification passes, perform additional requested checksum verification
* if it's absent, fallback to checksum verification

That is to say that Gradle's verification mechanism is much stronger if signature verification is enabled than just with checksum verification.
In particular:

jobs:
  mint-test:
    runs-on: mint
    timeout-minutes: 120
    steps:
      - name: cleanup #https://github.com/actions/checkout/issues/273
        run: |
          sudo -S rm -rf ${GITHUB_WORKSPACE}
          mkdir ${GITHUB_WORKSPACE}
      - name: checkout-step
        uses: actions/checkout@v4

      - name: setup-go-step
        uses: actions/setup-go@v5
        with:
          go-version: 1.22.x

      id-token: write
      # Uncomment the permissions below if installing in a private repository.
      # contents: read
      # actions: read

    steps:
      - name: "Checkout code"
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          persist-credentials: false

      - name: "Run analysis"