Commit graph

1394 commits

Author SHA1 Message Date
Goooler
bc07b88bc0 Update Gradle 8.6 rc refs to the final version
https://github.com/gradle/gradle/releases/tag/v8.6.0

Signed-off-by: Goooler <wangzongler@gmail.com>
2024-02-08 21:38:25 -07:00
Daz DeBoer
7fda81ffd5
Document auto-publish of build scans 2024-01-31 13:04:12 -07:00
Daz DeBoer
e4ee7d7f94
Document process for resolving a vulnerability (#8) 2024-01-31 12:42:07 -07:00
Daz DeBoer
a02bb79881
Introduce a top-level section for "resolving a vulnerability" 2024-01-31 12:23:08 -07:00
Daz DeBoer
52d6180f95
Add 'finding dependency source' section to docs (#7) 2024-01-31 12:17:45 -07:00
daz
ec92e82947
Prepare for v3.0.0 release 2024-01-31 04:14:38 -07:00
daz
aff52e5be9
More docs improvements 2024-01-29 11:04:02 -07:00
daz
631b0d7b31
Move build scripts into sources 2024-01-29 10:48:53 -07:00
daz
354bf99f5f
Update docs 2024-01-29 10:46:26 -07:00
daz
0ac0f49dd2
Replace 'v3-beta' with 'v3' in docs 2024-01-29 10:46:26 -07:00
daz
0f26c9acd8
Limit artifact retention with dependency-submission 2024-01-29 10:46:26 -07:00
daz
11fb430abc
Update dependency-submission parameter for consistency
Instead of using 'dependency-graph-action' with some slightly better
values, we now use 'dependency-graph' as the parameter name with a subset
of the options available to 'setup-gradle'.
2024-01-29 10:46:26 -07:00
daz
b2288963e8
Use sub-directory for 'setup-gradle' dist
To prepare for converting the 'dependency-submission' action into Typescript,
we move the 'setup-gradle' entry points and outputs into a sub-directory.
2024-01-29 09:16:58 -07:00
daz
a97b588d8e
Bump to use v1.2.0 of the dep-graph plugin 2024-01-28 14:15:00 -07:00
daz
58d5bdcbe5
Allow additional arguments for resolve-all-dependencies
At times, additional CLI args may be required to invoke Gradle.
Add a parameter to provide these args.
2024-01-28 14:07:13 -07:00
daz
177cef6d02
Provide an override for the dependency-graph plugin version 2024-01-28 14:03:37 -07:00
daz
3247582571
Make it easy to publish build scans from 'dependency-submission' 2024-01-28 14:03:37 -07:00
daz
bdb2b520ea
Remove unnecessary workflows 2024-01-28 10:13:13 -07:00
Daz DeBoer
5b6457b09b
Merge pull request #4 from gradle/dependency-updates
Bump DV plugin version to 3.16.2
2024-01-26 21:56:59 +01:00
daz
959c7a62f4
Build outputs 2024-01-26 13:21:12 -07:00
daz
ad22ba2fb7
Add scripts for build and test 2024-01-26 13:20:50 -07:00
daz
e833c3f088
Bump DV plugin version to 3.16.2 2024-01-26 12:58:26 -07:00
dependabot[bot]
b2c8886007
Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile
Bumps [com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary) from 2.16.0 to 2.16.1.
- [Commits](https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.16.0...jackson-dataformats-binary-2.16.1)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-smile
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-26 12:52:01 -07:00
Daz DeBoer
4a9297eb22
Fix name in action.yml 2024-01-26 12:47:02 -07:00
Daz DeBoer
b6816cf21e
Minor update to setup-gradle README 2024-01-26 09:27:29 -07:00
daz
f218f2e104
Prefer 'setup-gradle' to 'gradle-build-action' 2024-01-25 12:46:51 -07:00
daz
bd134735f1
Attempt to use setup-gradle from dependency-submission 2024-01-25 12:45:33 -07:00
daz
3c5c811777
Build outputs 2024-01-25 12:36:54 -07:00
daz
a628cf9f2e
Replace occurrances of gradle-build-action
- Mostly with `setup-gradle`
- Some with `gradle-actions`
2024-01-25 12:36:53 -07:00
daz
930d449ff7
Merge in gradle-build-action as setup-gradle
This brings the entire codebase and history of `gradle/gradle-build-action` into
the `gradle/actions` repository, after some modifications to make it easier to
merge.

This will permit the new `gradle/actions/setup-gradle` coordinates to carry on
where `gradle/gradle-build-action` leaves off.

- All NPM sources have been moved into a 'sources' directory
- The main action.yml and README are not located at `setup-gradle`
2024-01-25 12:00:10 -07:00
daz
2e7b28666d
Move top-level action to 'setup-gradle' 2024-01-25 11:53:44 -07:00
daz
d23129d217
Build outputs 2024-01-25 11:53:44 -07:00
daz
151423cc90
Verify outputs on gradle-build-action branch 2024-01-25 11:53:44 -07:00
daz
22e5c984e7
Update workflows for move to 'sources' 2024-01-25 11:53:44 -07:00
daz
5e522253a6
Combine all sources into a sub-directory 2024-01-25 11:53:44 -07:00
dependabot[bot]
e1ada08a9a
Bump the github-actions group with 1 update (#1047)
Bumps the github-actions group with 1 update:
[gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).

Updates `gradle/gradle-build-action` from 2.11.1 to 2.12.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/gradle-build-action/releases">gradle/gradle-build-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.12.0</h2>
<p>Adds a new option to clear a previously submitted
dependency-graph.</p>
<pre lang="yaml"><code>steps:
- uses: gradle/gradle-build-action@v2
  with:
    dependency-graph: clear
</code></pre>
<p>This may prove useful when migrating to a workflow using the upcoming
<code>gradle/actions/dependency-submission</code> action.</p>
<p><strong>Full-changelog</strong>: <a
href="https://github.com/gradle/gradle-build-action/compare/v2.11.1...v2.12.0">https://github.com/gradle/gradle-build-action/compare/v2.11.1...v2.12.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a8f75513ea"><code>a8f7551</code></a>
Build outputs</li>
<li><a
href="9283312acb"><code>9283312</code></a>
Add new option to clear dependency-graph</li>
<li><a
href="7c8a278ea0"><code>7c8a278</code></a>
Remove old clear-dependency-graph action</li>
<li><a
href="d8ca9b7d2e"><code>d8ca9b7</code></a>
Do full checks on release branches</li>
<li>See full diff in <a
href="https://github.com/gradle/gradle-build-action/compare/v2.11.1...v2.12.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle/gradle-build-action&package-manager=github_actions&previous-version=2.11.1&new-version=2.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-25 10:21:22 -07:00
daz
a8e3e5e2b4
Apply dependency version updates
- NPM dependencies
- github-actions dependencies
2024-01-25 10:03:45 -07:00
daz
2be01ca1c6
Build outputs 2024-01-25 10:00:43 -07:00
dependabot[bot]
a00827eebb
Bump the npm-dependencies group with 7 updates
Bumps the npm-dependencies group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@actions/artifact](https://github.com/actions/toolkit/tree/HEAD/packages/artifact) | `2.0.0` | `2.1.0` |
| [@actions/cache](https://github.com/actions/toolkit/tree/HEAD/packages/cache) | `3.2.2` | `3.2.3` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `6.17.0` | `6.19.1` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `27.6.1` | `27.6.3` |
| [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) | `5.1.2` | `5.1.3` |
| [prettier](https://github.com/prettier/prettier) | `3.1.1` | `3.2.4` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.1.1` | `29.1.2` |

Updates `@actions/artifact` from 2.0.0 to 2.1.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/artifact/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/artifact)

Updates `@actions/cache` from 3.2.2 to 3.2.3
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/cache)

Updates `@typescript-eslint/parser` from 6.17.0 to 6.19.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.19.1/packages/parser)

Updates `eslint-plugin-jest` from 27.6.1 to 27.6.3
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.6.1...v27.6.3)

Updates `eslint-plugin-prettier` from 5.1.2 to 5.1.3
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/master/CHANGELOG.md)
- [Commits](https://github.com/prettier/eslint-plugin-prettier/compare/v5.1.2...v5.1.3)

Updates `prettier` from 3.1.1 to 3.2.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.1.1...3.2.4)

Updates `ts-jest` from 29.1.1 to 29.1.2
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.1.1...v29.1.2)

---
updated-dependencies:
- dependency-name: "@actions/artifact"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@actions/cache"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: eslint-plugin-prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: ts-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-25 09:59:45 -07:00
dependabot[bot]
ad80850e98
Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action) and [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).

Updates `actions/dependency-review-action` from 3 to 4
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v3...v4)

Updates `gradle/gradle-build-action` from 2.11.0 to 2.11.1
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.11.0...v2.11.1)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-25 09:57:26 -07:00
daz
bd6d0a74d4
Configure explicit java version for config-cache test
The default JDK on some runners can have minor differences, resulting
in configuration-cache misses. Setting the Java version explicitly should
ensure consistency.
2024-01-25 09:21:52 -07:00
Daz DeBoer
1b6cac1f97
Make it easy to publish to scans.gradle.com (#1045) 2024-01-25 16:58:51 +01:00
daz
90d7c1a069
Apply TOS agreement even if plugin is already applied
Fixes #1044
2024-01-25 08:56:13 -07:00
daz
4062866f05
Document build scan publishing 2024-01-25 08:56:13 -07:00
daz
83a95864e5
Build outputs 2024-01-25 08:56:13 -07:00
daz
60c43cb563
Make it easy to publish to scans.gradle.com
- Allow init-script to publish to scans.gradle.com
- Add paramaters to enable build scan publishing
- Test coverage for build scan publishing
2024-01-25 08:56:13 -07:00
daz
75b3db10df
Remove node warnings from workflows
- Use setup-node to control Node version used to build
- Use Node20 compatible actions in custom actions
2024-01-24 16:01:15 -07:00
daz
f1361c71c2
Build outputs 2024-01-23 16:19:26 -07:00
daz
49ade81b5d
Add a new option to clear the dependency-graph
When changing workflow names or when changing to the new 'dependency-submission'
action, it can be useful to clear existing dependency graph snapshots from previous
submissions. While the old graphs will eventually "age out", the 'clear' option will
submit an empty dependency graph for an existing Job correlator, ensuring that old
dependency graphs don't linger.
2024-01-23 16:19:25 -07:00
daz
79fa674432
Remove old clear-dependency-graph action 2024-01-23 16:19:17 -07:00