Commit graph

1657 commits

Author SHA1 Message Date
amyu
7e2474009a update actions/cache4.0.0 and migrate patch 2024-12-12 02:23:20 +09:00
Daz DeBoer
35af9b8791
Simplify Dependabot config using 'directories' 2024-12-11 07:50:05 -07:00
Daz DeBoer
375738a38b
Add link to GitHub docs
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-ossf-scorecard / Scorecard analysis (push) Waiting to run
CI-update-dist / update-dist (push) Waiting to run
CI-validate-wrappers / validation (push) Waiting to run
2024-12-10 10:50:29 -07:00
Sebastian Dyroff
00781cbaae Fix typo in documentation
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-ossf-scorecard / Scorecard analysis (push) Waiting to run
CI-update-dist / update-dist (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-validate-wrappers / validation (push) Waiting to run
2024-12-09 08:41:16 -07:00
dependabot[bot]
4ba34e96c5 Bump gradle/actions from 4.2.0 to 4.2.1 in the github-actions group
Some checks failed
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-ossf-scorecard / Scorecard analysis (push) Has been cancelled
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-validate-wrappers / validation (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
Bumps the github-actions group with 1 update: [gradle/actions](https://github.com/gradle/actions).


Updates `gradle/actions` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](473878a77f...cc4fc85e6b)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-19 09:53:32 -07:00
dependabot[bot]
e29bc6725a Bump cross-spawn in /sources
Bumps  and [cross-spawn](https://github.com/moxystudio/node-cross-spawn). These dependencies needed to be updated together.

Updates `cross-spawn` from 7.0.3 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6)

Updates `cross-spawn` from 6.0.5 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6)

---
updated-dependencies:
- dependency-name: cross-spawn
  dependency-type: indirect
- dependency-name: cross-spawn
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-19 09:53:22 -07:00
dependabot[bot]
cc4fc85e6b Bump @vercel/ncc in /sources in the npm-dependencies group
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-ossf-scorecard / Scorecard analysis (push) Waiting to run
CI-update-dist / update-dist (push) Waiting to run
CI-validate-wrappers / validation (push) Waiting to run
Bumps the npm-dependencies group in /sources with 1 update: [@vercel/ncc](https://github.com/vercel/ncc).


Updates `@vercel/ncc` from 0.38.2 to 0.38.3
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.38.2...0.38.3)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-18 10:36:18 -07:00
dependabot[bot]
e6a814661a Bump the github-actions group with 3 updates
Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/checkout` from 4.1.7 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.7...11bd71901bbe5b1630ceea73d27597364c9af683)

Updates `github/codeql-action` from 3.26.6 to 3.27.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.26.6...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f)

Updates `actions/upload-artifact` from 4.4.0 to 4.4.3
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](50769540e7...b4b15b8c7c)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-18 10:35:58 -07:00
daz
e55599fc4d Adapt build-result-capture script for GE plugin 3.17+
Some checks failed
CI-ossf-scorecard / Scorecard analysis (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-validate-wrappers / validation (push) Has been cancelled
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
The build-result-capture.init.gradle script was making some assumptions about
extensions and plugin application that do not apply with the newest GE plugin.

Fixes #449
2024-11-17 07:26:28 -07:00
bigdaz
d85b0068a7 [bot] Update dist directory
Some checks failed
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-ossf-scorecard / Scorecard analysis (push) Waiting to run
CI-update-dist / update-dist (push) Waiting to run
CI-validate-wrappers / validation (push) Waiting to run
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
2024-11-16 20:53:42 +00:00
Daz DeBoer
a09a3104fe
Develocity injection fixes (#448) 2024-11-16 13:52:38 -07:00
daz
333e9d9750
Do not ignore input parameters when build-scan-publish is enabled
Fixes #447
2024-11-15 14:35:41 -07:00
daz
2aa49bf6a9
Set the correct env var for develocity-ccud-plugin-version
Fixes #446
2024-11-15 14:31:56 -07:00
daz
9ab6ee6757
Bump to version 2.0.2 of CCUDGP 2024-11-15 14:10:13 -07:00
Daz DeBoer
fb5165dcd4
Add note about cache-encryption-key being required
Some checks failed
CI-ossf-scorecard / Scorecard analysis (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-validate-wrappers / validation (push) Has been cancelled
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
2024-11-14 21:09:29 -07:00
daz
0e27ea7e6c
Improve local development script
- Avoid running `npm install` on every execution
- Add a separate `install` task that runs `npm clean-install`
2024-11-14 17:00:58 -07:00
daz
f4845d289c Use npm clean-install 2024-11-14 16:36:23 -07:00
bigdaz
094f2191c5 [bot] Update dist directory 2024-11-14 22:45:12 +00:00
Daz DeBoer
83709b49fe
Fix checksum test by reducing network calls (#444)
This test was originally starting with an empty set of checksums,
leading to the download of a checksum for every released and snapshot
version. This resulted in in sporadic test failures.

We now start with a known set of checksums and ensure that those that
are missing are downloaded. This involved some refactoring and
improvement in the way snapshot checksums are processed.
2024-11-14 15:44:07 -07:00
Daz DeBoer
5f21a9bb99
Bump Gradle from 8.10.2 to 8.11 (#443)
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test-full / caching-integ-tests (push) Waiting to run
CI-integ-test-full / other-integ-tests (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-ossf-scorecard / Scorecard analysis (push) Waiting to run
CI-update-dist / update-dist (push) Waiting to run
CI-validate-wrappers / validation (push) Waiting to run
Co-authored-by: bot-githubaction <bot-githubaction@gradle.com>
2024-11-14 13:48:42 -07:00
Daz DeBoer
52ee405746
Run CodeQL on all commits 2024-11-14 13:44:22 -07:00
Daz DeBoer
7f20d0bf71
Pin versions for GitHub Actions (#442) 2024-11-14 13:24:19 -07:00
daz
b6bc8c2f17
Pin gradle/actions versions 2024-11-14 13:05:02 -07:00
daz
b12c3a65f2
Pin version of 3rd party actions 2024-11-14 12:35:29 -07:00
daz
d191577859
Pin actions/setup-node@v4 2024-11-14 12:23:02 -07:00
daz
e726a12472
Pin actions/setup-java@v4 2024-11-14 12:21:03 -07:00
daz
d30cc9ecf2
Pin actions/checkout@v4 2024-11-14 12:19:48 -07:00
daz
d0efa7b0e7
Avoid duplicate actions/setup-java 2024-11-14 12:12:54 -07:00
daz
8422a6a674
Avoid running workflow on forks 2024-11-14 11:44:20 -07:00
daz
19ff74e0a6
Revert "Disable uploading OSSF scorecard to GitHub Security"
This reverts commit 1e2142185e.
2024-11-14 11:31:03 -07:00
bigdaz
e03a1f068e [bot] Update dist directory 2024-11-14 16:27:59 +00:00
bot-githubaction
084b95f65a Bump references to Develocity Gradle plugin from 3.18.1 to 3.18.2 2024-11-14 09:26:53 -07:00
Daz DeBoer
1e2142185e
Disable uploading OSSF scorecard to GitHub Security
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-ossf-scorecard / Scorecard analysis (push) Waiting to run
CI-update-dist / update-dist (push) Waiting to run
CI-validate-wrappers / validation (push) Waiting to run
2024-11-13 19:11:45 -07:00
Daz DeBoer
07e0f1c008
Limit token permissions in GitHub workflows (#440)
See
ea7e27ed41/docs/checks.md (token-permissions)
2024-11-13 19:01:45 -07:00
daz
af45dcfe3c
Add wrapper-validation workflow
Although we run `setup-gradle` with all/most wrapper files, this global
workflow will ensure that all wrapper files in the repo are valid.
(This should help with the OSSF scorecard)
2024-11-13 18:46:57 -07:00
daz
d8b3a9fb11
Rename OSSF scorecard workflow 2024-11-13 18:46:51 -07:00
nitrocode
9e8f2bcf56 docs: add badge 2024-11-13 16:37:41 -07:00
nitrocode
5ac3e361a2 ci: add scorecard 2024-11-13 16:37:41 -07:00
bigdaz
4a0951b3dc [bot] Update dist directory
Some checks failed
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
2024-11-12 18:29:16 +00:00
daz
48353a25ca Do not fail wrapper-validation on filename with illegal characters 2024-11-12 11:28:09 -07:00
bigdaz
473878a77f [bot] Update dist directory
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test-full / caching-integ-tests (push) Waiting to run
CI-integ-test-full / other-integ-tests (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-update-dist / update-dist (push) Waiting to run
2024-11-12 03:55:37 +00:00
daz
f22ac61fd1 Use Gradle 8.11 as the minimum version for cache-cleanup
The cache-cleanup API has changed, so the init-script that worked with
Gradle 8.9 no longer works with 8.11.
We now provision and use Gradle 8.11 for cache cleanup.

This provides a band-aid fix for #417 but that issue will still impact
any build configured to run with Gradle > 8.11
2024-11-11 20:54:29 -07:00
daz
4ec844e551 npm audit fix 2024-11-11 20:54:29 -07:00
bigdaz
24ca383271 [bot] Update dist directory
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test-full / caching-integ-tests (push) Waiting to run
CI-integ-test-full / other-integ-tests (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-update-dist / update-dist (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
2024-11-11 19:51:02 +00:00
Daz DeBoer
4ca2d5d749
Dependency updates (#429) 2024-11-11 12:49:55 -07:00
daz
f31476bde2
Update test for real-world data
This test assumed that at least one 'snapshot' wrapper checksum was unique,
and not contained in the set of wrapper checksums for released distributions.
This is no longer the case, so the assumption has been modified.
2024-11-11 12:18:11 -07:00
bigdaz
c345cfbe93
Update known wrapper checksums 2024-11-11 12:18:11 -07:00
dependabot[bot]
b526f6673b
Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile
Bumps [com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary) from 2.18.0 to 2.18.1.
- [Commits](https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.18.0...jackson-dataformats-binary-2.18.1)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-smile
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-11 12:18:11 -07:00
daz
93415e6645
Update patch for actions/cache 3.3.0 2024-11-11 12:18:11 -07:00
dependabot[bot]
6bc218d5d0
Bump the npm-dependencies group across 1 directory with 4 updates
Bumps the npm-dependencies group with 4 updates in the /sources directory: [@actions/cache](https://github.com/actions/toolkit/tree/HEAD/packages/cache), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) and [nock](https://github.com/nock/nock).


Updates `@actions/cache` from 3.2.4 to 3.3.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/cache)

Updates `@types/node` from 20.17.3 to 20.17.6
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint-plugin-jest` from 28.8.3 to 28.9.0
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v28.8.3...v28.9.0)

Updates `nock` from 13.5.5 to 13.5.6
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v13.5.5...v13.5.6)

---
updated-dependencies:
- dependency-name: "@actions/cache"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-11 11:34:26 -07:00