Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump gradle/actions from 3 to 4 (#224)
Bumps [gradle/actions](https://github.com/gradle/actions) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p>Final release of <code>v4.0.0</code> of the <code>setup-gradle</code>, <code>dependency-submission</code> and <code>wrapper-validation</code> actions provided under <code>gradle/actions</code>. This release is available under the <code>v4</code> tag.</p> <h2>Major changes from the <code>v3</code> release</h2> <h3>The <code>arguments</code> parameter has been removed</h3> <p>Using the action to execute Gradle via the <code>arguments </code>parameter was deprecated in <code>v3</code> and this parameter has been removed. <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/deprecation-upgrade-guide.md#using-the-action-to-execute-gradle-via-the-arguments-parameter-is-deprecated">See here for more details</a>.</p> <h3>Cache cleanup enabled by default</h3> <p>After a number of fixes and improvements, this release enables <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/setup-gradle.md#configuring-cache-cleanup">cache-cleanup</a> by default for all Jobs using the <code>setup-gradle</code> and <code>dependency-submission</code> actions.</p> <p>Improvements and bugfixes related cache cleanup:</p> <ul> <li>By default, cache cleanup is not run if any Gradle build fails (<a href="https://redirect.github.com/gradle/actions/issues/71">#71</a>)</li> <li>Cache cleanup is not run after configuration-cache reuse (<a href="https://redirect.github.com/gradle/actions/issues/19">#19</a>)</li> </ul> <p>This feature should help to minimize the size of entries written to the GitHub Actions cache, speeding up builds and reducing cache usage.</p> <h3>Wrapper validation enabled by default</h3> <p>In <code>v3</code>, the <code>setup-gradle</code> action was enhanced to support Gradle wrapper validation, removing the need to use a separate workflow file with the <code>gradle/actions/wrapper-validation</code> action.</p> <p>With this release, wrapper validation has been significantly improved, and is now enabled by default (<a href="https://redirect.github.com/gradle/actions/issues/12">#12</a>):</p> <ul> <li>The <code>allow-snapshot-wrappers</code> makes it possible to validate snapshot wrapper jars using <code>setup-gradle</code>.</li> <li>Checksums for <a href="https://services.gradle.org/distributions-snapshots/">nightly and snapshot Gradle versions</a> are now validated (<a href="https://redirect.github.com/gradle/actions/issues/281">#281</a>).</li> <li>Valid wrapper checksums are cached in Gradle User Home, reducing the need to retrieve checksum values remotely (<a href="https://redirect.github.com/gradle/actions/issues/172">#172</a>).</li> <li>Reduce network calls in <code>wrapper-validation</code> for new Gradle versions: By only fetching wrapper checksums for Gradle versions that were not known when this action was released, this release reduces the likelihood that a network failure could cause failure in wrapper validation (<a href="https://redirect.github.com/gradle/actions/issues/171">#171</a>)</li> <li>Improved error message when <code>wrapper-validation</code> finds no wrapper jars (<a href="https://redirect.github.com/gradle/actions/issues/284">#284</a>)</li> </ul> <p>Wrapper validation is important for supply-chain integrity. Enabling this feature by default will increase the coverage of wrapper validation on projects using GitHub Actions.</p> <h3>New input parameters for Dependency Graph generation</h3> <p>Some dependency-graph inputs that could previously only be configured via environment variables now have dedicated action inputs:</p> <ul> <li><code>dependency-graph-report-dir</code>: sets the location where dependency-graph reports will be generated</li> <li><code>dependency-graph-exclude-projects</code> and <code>dependency-graph-include-projects</code>: <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/dependency-submission.md#selecting-gradle-projects-that-will-contribute-to-the-dependency-graph">select which Gradle projects will contribute to the generated dependency graph</a>.</li> <li><code>dependency-graph-exclude-configurations</code> and <code>dependency-graph-include-configurations</code>: <a href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/dependency-submission.md#selecting-gradle-configurations-that-will-contribute-to-the-dependency-graph">select which Gradle configurations will contribute to the generated dependency graph</a>.</li> </ul> <h3>Other improvements</h3> <ul> <li>In Job summary, the action now provides an explanation when cache is set to <code>read-only</code> or <code>disabled</code> (<a href="https://redirect.github.com/gradle/actions/issues/255">#255</a>)</li> <li>When <code>setup-gradle</code> requests a specific Gradle version, the action will no longer download and install that version if it is already available on the <code>PATH</code> of the runner (<a href="https://redirect.github.com/gradle/actions/issues/270">#270</a>)</li> <li>To attempt to speed up builds, the <code>setup-gradle</code> and <code>dependency-submission</code> actions now attempt to use the <code>D:</code> drive for Gradle User Home if it is available (<a href="https://redirect.github.com/gradle/actions/issues/290">#290</a>)</li> </ul> <h2>Deprecations and breaking changes</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/d156388eb19639ec20ade50009f3d199ce1e2808"><code>d156388</code></a> Bump path-to-regexp from 6.2.1 to 6.3.0 in /sources</li> <li><a href="https://github.com/gradle/actions/commit/2e93f415f78715a394f244062f42702265dc1a81"><code>2e93f41</code></a> Bump the npm-dependencies group across 1 directory with 2 updates</li> <li><a href="https://github.com/gradle/actions/commit/ee8dc905e61d91c9a081b1b2abc55f75b10dbc0f"><code>ee8dc90</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/5fe9264c08b2d2b86eebbfd46b4475b2bf6a2c8e"><code>5fe9264</code></a> Bump references to Develocity Gradle plugin from 3.18 to 3.18.1</li> <li><a href="https://github.com/gradle/actions/commit/29d4d80ef66255f3c22955763e66fda8d2b157dd"><code>29d4d80</code></a> Bump the npm-dependencies group across 1 directory with 3 updates</li> <li><a href="https://github.com/gradle/actions/commit/478782dbb4d7b27951e3de6081639a1d8e12bb35"><code>478782d</code></a> Bump peter-evans/create-pull-request in the github-actions group</li> <li><a href="https://github.com/gradle/actions/commit/e6215edc51e3a58a8c4cf67a3dde378d1b9f1b68"><code>e6215ed</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/765a73447c0a69b8958f4f80bb028356bcb9ff82"><code>765a734</code></a> Fix passing expiresInHours query parameter</li> <li><a href="https://github.com/gradle/actions/commit/a122cf5aa736c7f2aa6909094f0596cb06ea5150"><code>a122cf5</code></a> Document develocity-token-expiry parameter</li> <li><a href="https://github.com/gradle/actions/commit/5baa1ded34fd5a98e9d5c8e6bdcec60a2124b086"><code>5baa1de</code></a> [bot] Update dist directory</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/v3...v4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle/actions&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information