Skip to content

Commit

Permalink
Bump gradle/actions from 3 to 4 (#224)
Browse files Browse the repository at this point in the history
Bumps [gradle/actions](https://github.com/gradle/actions) from 3 to 4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/actions/releases">gradle/actions's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<p>Final release of <code>v4.0.0</code> of the
<code>setup-gradle</code>, <code>dependency-submission</code> and
<code>wrapper-validation</code> actions provided under
<code>gradle/actions</code>.
This release is available under the <code>v4</code> tag.</p>
<h2>Major changes from the <code>v3</code> release</h2>
<h3>The <code>arguments</code> parameter has been removed</h3>
<p>Using the action to execute Gradle via the <code>arguments
</code>parameter was deprecated in <code>v3</code> and this parameter
has been removed.
<a
href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/deprecation-upgrade-guide.md#using-the-action-to-execute-gradle-via-the-arguments-parameter-is-deprecated">See
here for more details</a>.</p>
<h3>Cache cleanup enabled by default</h3>
<p>After a number of fixes and improvements, this release enables <a
href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/setup-gradle.md#configuring-cache-cleanup">cache-cleanup</a>
by default for all Jobs using the <code>setup-gradle</code> and
<code>dependency-submission</code> actions.</p>
<p>Improvements and bugfixes related cache cleanup:</p>
<ul>
<li>By default, cache cleanup is not run if any Gradle build fails (<a
href="https://redirect.github.com/gradle/actions/issues/71">#71</a>)</li>
<li>Cache cleanup is not run after configuration-cache reuse (<a
href="https://redirect.github.com/gradle/actions/issues/19">#19</a>)</li>
</ul>
<p>This feature should help to minimize the size of entries written to
the GitHub Actions cache, speeding up builds and reducing cache
usage.</p>
<h3>Wrapper validation enabled by default</h3>
<p>In <code>v3</code>, the <code>setup-gradle</code> action was enhanced
to support Gradle wrapper validation, removing the need to use a
separate workflow
file with the <code>gradle/actions/wrapper-validation</code> action.</p>
<p>With this release, wrapper validation has been significantly
improved, and is now enabled by default (<a
href="https://redirect.github.com/gradle/actions/issues/12">#12</a>):</p>
<ul>
<li>The <code>allow-snapshot-wrappers</code> makes it possible to
validate snapshot wrapper jars using <code>setup-gradle</code>.</li>
<li>Checksums for <a
href="https://services.gradle.org/distributions-snapshots/">nightly and
snapshot Gradle versions</a> are now validated (<a
href="https://redirect.github.com/gradle/actions/issues/281">#281</a>).</li>
<li>Valid wrapper checksums are cached in Gradle User Home, reducing the
need to retrieve checksum values remotely (<a
href="https://redirect.github.com/gradle/actions/issues/172">#172</a>).</li>
<li>Reduce network calls in <code>wrapper-validation</code> for new
Gradle versions: By only fetching wrapper checksums for Gradle versions
that were not known when this action was released, this release reduces
the likelihood that a network failure could cause failure in wrapper
validation (<a
href="https://redirect.github.com/gradle/actions/issues/171">#171</a>)</li>
<li>Improved error message when <code>wrapper-validation</code> finds no
wrapper jars (<a
href="https://redirect.github.com/gradle/actions/issues/284">#284</a>)</li>
</ul>
<p>Wrapper validation is important for supply-chain integrity. Enabling
this feature by default will increase the coverage of wrapper
validation on projects using GitHub Actions.</p>
<h3>New input parameters for Dependency Graph generation</h3>
<p>Some dependency-graph inputs that could previously only be configured
via environment variables now have dedicated action inputs:</p>
<ul>
<li><code>dependency-graph-report-dir</code>: sets the location where
dependency-graph reports will be generated</li>
<li><code>dependency-graph-exclude-projects</code> and
<code>dependency-graph-include-projects</code>: <a
href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/dependency-submission.md#selecting-gradle-projects-that-will-contribute-to-the-dependency-graph">select
which Gradle projects will contribute to the generated dependency
graph</a>.</li>
<li><code>dependency-graph-exclude-configurations</code> and
<code>dependency-graph-include-configurations</code>: <a
href="https://github.com/gradle/actions/blob/v4.0.0-rc.1/docs/dependency-submission.md#selecting-gradle-configurations-that-will-contribute-to-the-dependency-graph">select
which Gradle configurations will contribute to the generated dependency
graph</a>.</li>
</ul>
<h3>Other improvements</h3>
<ul>
<li>In Job summary, the action now provides an explanation when cache is
set to <code>read-only</code> or <code>disabled</code> (<a
href="https://redirect.github.com/gradle/actions/issues/255">#255</a>)</li>
<li>When <code>setup-gradle</code> requests a specific Gradle version,
the action will no longer download and install that version if it is
already available on the <code>PATH</code> of the runner (<a
href="https://redirect.github.com/gradle/actions/issues/270">#270</a>)</li>
<li>To attempt to speed up builds, the <code>setup-gradle</code> and
<code>dependency-submission</code> actions now attempt to use the
<code>D:</code> drive for Gradle User Home if it is available (<a
href="https://redirect.github.com/gradle/actions/issues/290">#290</a>)</li>
</ul>
<h2>Deprecations and breaking changes</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gradle/actions/commit/d156388eb19639ec20ade50009f3d199ce1e2808"><code>d156388</code></a>
Bump path-to-regexp from 6.2.1 to 6.3.0 in /sources</li>
<li><a
href="https://github.com/gradle/actions/commit/2e93f415f78715a394f244062f42702265dc1a81"><code>2e93f41</code></a>
Bump the npm-dependencies group across 1 directory with 2 updates</li>
<li><a
href="https://github.com/gradle/actions/commit/ee8dc905e61d91c9a081b1b2abc55f75b10dbc0f"><code>ee8dc90</code></a>
[bot] Update dist directory</li>
<li><a
href="https://github.com/gradle/actions/commit/5fe9264c08b2d2b86eebbfd46b4475b2bf6a2c8e"><code>5fe9264</code></a>
Bump references to Develocity Gradle plugin from 3.18 to 3.18.1</li>
<li><a
href="https://github.com/gradle/actions/commit/29d4d80ef66255f3c22955763e66fda8d2b157dd"><code>29d4d80</code></a>
Bump the npm-dependencies group across 1 directory with 3 updates</li>
<li><a
href="https://github.com/gradle/actions/commit/478782dbb4d7b27951e3de6081639a1d8e12bb35"><code>478782d</code></a>
Bump peter-evans/create-pull-request in the github-actions group</li>
<li><a
href="https://github.com/gradle/actions/commit/e6215edc51e3a58a8c4cf67a3dde378d1b9f1b68"><code>e6215ed</code></a>
[bot] Update dist directory</li>
<li><a
href="https://github.com/gradle/actions/commit/765a73447c0a69b8958f4f80bb028356bcb9ff82"><code>765a734</code></a>
Fix passing expiresInHours query parameter</li>
<li><a
href="https://github.com/gradle/actions/commit/a122cf5aa736c7f2aa6909094f0596cb06ea5150"><code>a122cf5</code></a>
Document develocity-token-expiry parameter</li>
<li><a
href="https://github.com/gradle/actions/commit/5baa1ded34fd5a98e9d5c8e6bdcec60a2124b086"><code>5baa1de</code></a>
[bot] Update dist directory</li>
<li>Additional commits viewable in <a
href="https://github.com/gradle/actions/compare/v3...v4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle/actions&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
dependabot[bot] authored Oct 14, 2024
1 parent 2ea7d32 commit a0a885b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gradle/actions/wrapper-validation@v3
- uses: gradle/actions/wrapper-validation@v4
build:
name: "Compile against JDKs and OSes"
needs: [ validation ]
Expand Down

0 comments on commit a0a885b

Please sign in to comment.