From 90d5fb6a752e5f6318e60cae9ab80978116d1bac Mon Sep 17 00:00:00 2001
From: christophe dervieux <christophe.dervieux@gmail.com>
Date: Wed, 22 Apr 2026 17:22:15 +0200
Subject: [PATCH 1/2] Bump julia-actions/cache to v3

v2 is a composite action whose post-save and delete-old-caches steps
don't run reliably, letting per-run julia caches (~250 MB each)
accumulate on refs/heads/main until the repository hits its 10 GB
cache cap. v3 is a JavaScript rewrite with a proper post hook. It also
uses Node.js 24 directly, dropping the latent Node 20 exposure from
v2's transitive actions/cache dependency.
---
 .github/workflows/test-smokes.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test-smokes.yml b/.github/workflows/test-smokes.yml
index c757f143d9..a5146bb1df 100644
--- a/.github/workflows/test-smokes.yml
+++ b/.github/workflows/test-smokes.yml
@@ -223,7 +223,7 @@ jobs:
           version: "1.12.5"
 
       - name: Load Julia packages from cache
-        uses: julia-actions/cache@v2
+        uses: julia-actions/cache@v3
         with:
           cache-name: julia-cache;workflow=${{ github.workflow }};job=${{ github.job }};julia=${{ steps.setup-julia.outputs.julia-version }}
 

From e936df4cf325a4f39c53c13e8660aafc557ada73 Mon Sep 17 00:00:00 2001
From: christophe dervieux <christophe.dervieux@gmail.com>
Date: Wed, 22 Apr 2026 17:24:33 +0200
Subject: [PATCH 2/2] Fix cleanup-caches workflow for fork PRs

pull_request events from forks ship a read-only GITHUB_TOKEN regardless
of the permissions: block, so gh cache delete fails with HTTP 403 and
the fork PR's ~1-2 GB of caches leak into the repo's 10 GB cache budget.
Observed on PR #14374 (8/8 deletes returned 403, run succeeded because
set +e swallowed the failures).

pull_request_target runs in the base-branch context with full write
permissions. Safe for this workflow: no PR code is checked out, the
steps only call gh cache list/delete.
---
 .github/workflows/cleanup-caches.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cleanup-caches.yml b/.github/workflows/cleanup-caches.yml
index 81a852414f..9d2c0cc671 100644
--- a/.github/workflows/cleanup-caches.yml
+++ b/.github/workflows/cleanup-caches.yml
@@ -1,6 +1,10 @@
 name: Cleanup github runner caches on closed pull requests
 on:
-  pull_request:
+  # pull_request_target is required so fork PRs can delete their own caches on close.
+  # pull_request from a fork ships a read-only GITHUB_TOKEN regardless of the
+  # permissions: block, causing gh cache delete to fail with HTTP 403.
+  # Safe here: no PR code is checked out, the workflow only calls gh cache list/delete.
+  pull_request_target:
     types:
       - closed