Updates dev-infra to the latest revision. This revision supports
for custom release prechecks and performs the release build
before the staging, verifying integrity later. This has various
benefits for stability and making the less less relucant to build
issues that mess up a previously-merged staging PR.
PR Close#46291
A recent PR to the Angular common closure-locale file generation
highlighted that the GitHub robot does currently not consider the
`closure-locale.ts` file as relevant for g3. The file is synced into
g3 and the robot should reflect that.
Note: The exclude/include patterns currently will include some of the
legacy/backwards-compatibility locale files, but these will never change
and can be removed in v15. For now it is acceptable to not overly
complicate the exclude/include lists for few files that never change.
PR Close#46177
This action will enforce that all pull requests receive an approval from
at least one googler on the final commit for the pull request. Historically,
we have allowed all post approval changes regardless of authorship. Moving
forward, with this change, we will only allow known googlers to perform
post approval changes.
When a post approval change occurs by a non-googler, the action will
automatically rerequest a review from the latest googler who provided
an approval on the change.
PR Close#46006
There was a difference in the set of paths between check/sync scripts internally and externally.
This commit aligns both configurations.
PR Close#45915
The currently recommended best practice for Github action workflows is to set top-level permissions to read only. And if the job uses the automatic `GITHUB_TOKEN`, fine-grained permissions for each job based on the job's requirements should also be added.
All existing workflows in the repository now have top-level read only permission blocks.
Only the `scorecard` workflow currently requires additional job level permissions and the minimum set of permissions were already present for the job.
PR Close#45177
Renovate supports using hashed version pinning for individual Github actions while still following SemVer-based tags.
All workflow actions external to the Angular organization now leverage this support to ensure both that stable versions of the actions are used and that the actions are pinned to a hashed version of the tag.
PR Close#45178