Junru Shao developed and implemented a third-party actions allowlist governance system for the apache/infrastructure-actions repository, focusing on enhancing security, compliance, and auditability within CI/CD pipelines. Leveraging YAML and GitHub Actions, Junru configured the allowlist to include astral-sh/setup-uv with a wildcard version and a long-term expiration date, ensuring operational continuity while aligning with governance policies. The technical approach emphasized minimizing disruption and maintenance overhead by updating actions.yml to reflect new tags and expiration dates. This work demonstrated a methodical application of DevOps and CI/CD configuration skills, resulting in a robust, policy-driven framework for managing third-party integrations.