BUILD-10774: Pin gh-action_cache version to v1.4.2

[bwalsh434]

What Changed?

• Pins the gh-action_cache version to v1.4.2 for all actions in this repo
  • Release Notes for this version
  • This will enable fallback-to-default-branch: true on all actions in this repo, which has been extensively tested

[hashicorp-vault-sonar-prod]

BUILD-10774

[sonar-review-alpha]

Summary

This PR updates 8 GitHub Actions across the repository to use gh-action_cache@v1.4.2 (commit eaf3a34), up from v1.4.1. It's a straightforward version pin applied consistently across all cache-using actions: build-poetry, build-yarn, cache, code-signing, config-gradle, config-maven, config-npm, and config-pip. The v1.4.2 release enables the fallback-to-default-branch feature mentioned in the description, which has been thoroughly tested.

What reviewers should know

Reviewing approach: Check that the version bump is consistent across all 8 files (same commit hash: eaf3a34). This is a mechanical, low-risk change. What to validate: Each file pins to the same v1.4.2 tag and commit. No other changes to action logic or parameters — just the version pin. Context: The release notes linked in the PR description show what's new in v1.4.2. If you want to understand the scope of the fallback-to-default-branch feature being enabled, that link has full details.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonarqubecloud]

SonarQube reviewer guide

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 Dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonar-review-alpha]

Conclusion: Clean, mechanical version bump applied consistently across all 8 action files. No logic changes, no duplication concerns, no issues to flag.

🗣️ Give feedback

[Copilot]

Pull request overview

Pins the repository’s composite actions to a single, known SonarSource/gh-action_cache release (v1.4.2) to standardize caching behavior across build/config actions (including enabling fallback-to-default-branch: true via that action version).

Changes:

• Updated all in-repo composite actions that reference SonarSource/gh-action_cache from v1.4.1 to v1.4.2 (via pinned commit SHA).
• Kept version comments (# v1.4.2) aligned with the pinned SHA for auditability.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
config-pip/action.yml	Bumps gh-action_cache pin to v1.4.2 for pip dependency caching.
config-npm/action.yml	Bumps gh-action_cache pin to v1.4.2 for npm cache.
config-maven/action.yml	Bumps gh-action_cache pin to v1.4.2 for local Maven repository caching.
config-gradle/action.yml	Bumps gh-action_cache pin to v1.4.2 for Gradle cache.
code-signing/action.yml	Bumps gh-action_cache pin to v1.4.2 for code signing tool caching.
cache/action.yml	Bumps deprecated wrapper action to use gh-action_cache v1.4.2.
build-yarn/action.yml	Bumps gh-action_cache pin to v1.4.2 for Yarn dependency caching.
build-poetry/action.yml	Bumps gh-action_cache pin to v1.4.2 for Poetry cache.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.