ci: replace mise-action with official setup-java + setup-node actions

coopernetes · claude · coopernetes · commit a198566239b2 · 2026-04-09T13:46:12.000-04:00
jdx/mise-action is a third-party action; for an enterprise-grade supply
chain posture, use GitHub's official actions/setup-java and
actions/setup-node instead. Node pinned to 24.11.1 in all workflows to
match mise.toml, eliminating npm lockfile version drift.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,9 +17,17 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6
 
-      - uses: jdx/mise-action@v2 # ratchet:jdx/mise-action@v2
+      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # ratchet:actions/setup-java@v5
+        with:
+          distribution: temurin
+          java-version: 21
+          cache: gradle
 
-      - uses: gradle/actions/setup-gradle@v4 # ratchet:gradle/actions/setup-gradle@v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4
+        with:
+          node-version: '24.11.1'
+          cache: npm
+          cache-dependency-path: git-proxy-java-dashboard/frontend/package-lock.json
 
       - name: Build and test
         run: ./gradlew build
@@ -29,7 +37,7 @@ jobs:
 
       - name: Submit dependency graph
         if: github.event_name == 'push'
-        uses: gradle/actions/dependency-submission@48b5f213c81028ace310571dc5ec0fbbca0b2947 # ratchet:gradle/actions/dependency-submission@v4
+        uses: gradle/actions/dependency-submission@ed408507eac070d1f99cc633dbcf757c94c7933a # ratchet:gradle/actions/dependency-submission@v4
 
       - name: Publish test results
         if: always()
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -25,13 +25,21 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # ratchet:actions/checkout@v4
 
-      - name: Set up tools
+      - name: Set up Java
         if: matrix.language == 'java-kotlin'
-        uses: jdx/mise-action@v2 # ratchet:jdx/mise-action@v2
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # ratchet:actions/setup-java@v5
+        with:
+          distribution: temurin
+          java-version: 21
+          cache: gradle
 
-      - name: Set up Gradle cache
+      - name: Set up Node
         if: matrix.language == 'java-kotlin'
-        uses: gradle/actions/setup-gradle@v4 # ratchet:gradle/actions/setup-gradle@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4
+        with:
+          node-version: '24.11.1'
+          cache: npm
+          cache-dependency-path: git-proxy-java-dashboard/frontend/package-lock.json
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # ratchet:github/codeql-action/init@v4
diff --git a/.github/workflows/cve.yml b/.github/workflows/cve.yml
@@ -12,9 +12,17 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6
-      - uses: jdx/mise-action@v2 # ratchet:jdx/mise-action@v2
+      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # ratchet:actions/setup-java@v5
+        with:
+          distribution: temurin
+          java-version: 21
+          cache: gradle
 
-      - uses: gradle/actions/setup-gradle@v4 # ratchet:gradle/actions/setup-gradle@v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4
+        with:
+          node-version: '24.11.1'
+          cache: npm
+          cache-dependency-path: git-proxy-java-dashboard/frontend/package-lock.json
 
       - name: Build project with Gradle
         run: ./gradlew clean testClasses
