Commit graph

485 commits

Author SHA1 Message Date
dependabot[bot]
87f10dd82f
Bump com.gradle.develocity from 3.17 to 3.17.1 in /.github/workflow-samples/groovy-dsl (#144)
Bumps com.gradle.develocity from 3.17 to 3.17.1.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.gradle.develocity&package-manager=gradle&previous-version=3.17&new-version=3.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-10 11:46:48 -06:00
dependabot[bot]
a66014f771
Bump com.gradle.develocity from 3.17 to 3.17.1 in /.github/workflow-samples/no-wrapper (#143)
Bumps com.gradle.develocity from 3.17 to 3.17.1.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.gradle.develocity&package-manager=gradle&previous-version=3.17&new-version=3.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-10 11:44:52 -06:00
dependabot[bot]
4ccff7d80f
Bump com.gradle.develocity from 3.17 to 3.17.1 in /.github/workflow-samples/kotlin-dsl (#142)
Bumps com.gradle.develocity from 3.17 to 3.17.1.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.gradle.develocity&package-manager=gradle&previous-version=3.17&new-version=3.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-10 11:43:49 -06:00
dependabot[bot]
5e5501accb Bump com.gradle.develocity
Bumps com.gradle.develocity from 3.17 to 3.17.1.

---
updated-dependencies:
- dependency-name: com.gradle.develocity
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-10 11:38:52 -06:00
daz
b2fd266e89
List changed files when failing due to dist directory change
Hopefully this will help track down spurious failures.
2024-04-10 11:36:05 -06:00
daz
0be451eca3
Simplify the workflow triggers 2024-04-10 11:09:42 -06:00
daz
7b822e51a5
Merge quick and full tests into single workflow
- Run quick suite for Dependabot
- Run quick suite in forks
- Run quick suite if no PR is associated with commit
- Otherwise run full suite
2024-04-10 09:50:15 -06:00
daz
9e47918adf Build and commit changes to 'dist' automatically
Instead of requiring that developers keep the 'dist' directory up-to-date,
this process is now automated via a workflow.
Whenever a commit is pushed to 'main' (or a 'release/**' branch), the workflow will
build the application and commit any changes to the 'dist' directory.
2024-04-10 07:33:46 -06:00
daz
b64dafb1c9 Use locally built dist for demo workflows 2024-04-10 07:33:46 -06:00
daz
153b1135d0
Remove old workflow 2024-04-10 06:58:06 -06:00
daz
211d342ee6
Rename workflow 2024-04-10 06:57:13 -06:00
daz
6599acbe46
Add back dependency-review.yml so we can rename it 2024-04-10 06:55:58 -06:00
daz
e7c0080dc5
Remove old workflows 2024-04-10 06:52:39 -06:00
daz
0979245ebd
Rename 'check' workflows to 'integ-test' 2024-04-10 06:50:04 -06:00
daz
73638aa351
Run quick-check only if commit is NOT part of a PR
Without a mechanism to check this in the workflow trigger,
we instead run the workflow but skip all jobs if the commit belongs to a PR.

This effectively means that commits-without-PR will run quick-check, and commits-with-PR
will run full-check.
2024-04-10 06:39:42 -06:00
daz
d28f25d60a
Cache npm 2024-04-10 06:04:32 -06:00
daz
8bac4a819c
Split out check-and-unit-test into separate workflow 2024-04-10 06:01:23 -06:00
daz
bd3d4b0246
Check for secrets when running tests that require them 2024-04-10 05:47:43 -06:00
daz
667e034cd9
Split out test that requires DV access key 2024-04-10 05:46:20 -06:00
daz
cd54673221
Use runner-os consistently in integ-tests 2024-04-10 05:46:19 -06:00
daz
0ebfbb8f41
Always build 'dist' directory for integ-tests 2024-04-10 05:06:37 -06:00
daz
9169d36880
Consolidate 'dependency-submission' tests into integ-test workflow 2024-04-10 05:00:05 -06:00
daz
63fcfbfe27
Disable fail-fast for integ tests 2024-04-09 16:07:32 -06:00
daz
92975d7f32
Allow a task name to be specified for dependency-submission
Fixes: #125
2024-04-09 08:46:20 -06:00
Daz DeBoer
e235596c88
Only process build results once (#133)
On long-lived machines, it's possible that the `.build-results` directory isn't cleared between invocations. This will result in the job summary including results from previous jobs.

By marking each build-results file as 'processed' at the end of the job, we can avoid this scenario.
2024-04-08 19:44:46 -06:00
daz
a9dc5dee4e
Bump to CCUD plugin v2.0 everywhere 2024-04-07 22:42:14 -06:00
daz
ab471b0c20
Better test coverage for 'dependency-submission'
- Add 'dependency-submission' failure cases
- Add dependency-submission to job summary demo
- Fix permissions for dependency review
2024-04-07 16:57:18 -06:00
daz
90bf65c87c
Generated graph is submitted immediately by dependency-submission action
While `setup-gradle` must wait until the end of job to submit all of the generated
graphs, the `dependency-submission` action will not save/upload the generated graph
immediately, in the same step where it is generated.
2024-04-07 16:57:18 -06:00
daz
38a821729e
Use consistent action params between setup-gradle and dependency-submission
To ensure expected caching (and other) behaviour, we should keep these config
parameters as consistent as possible.
2024-04-07 12:11:50 -06:00
daz
ed4d086d37
Make dependency-submission and setup-gradle play nicely
Now, a `dependency-submission` step will trigger a dependency-graph
generation, even if it follows a `setup-gradle` step in the workflow.

Similarly, a `setup-gradle` step with `dependency-graph` configured
will function as expected even if it follows a `setup-gradle` step.
2024-04-06 19:31:07 -06:00
daz
ebf4d13461
Convert dependency-submission action to Typescript
Instead of being a thin wrapper over `setup-gradle`, the `dependency-submission`
action is now a fully-fledged action sharing implementation with `setup-gradle`.
2024-04-06 19:31:04 -06:00
daz
d71ecafebf
Minor test reorg 2024-04-06 16:00:53 -06:00
daz
1390ca6454
Don't rely on preinstalled gradle for test 2024-04-06 14:52:02 -06:00
daz
a3f366ddb7
Replace 'download-dist' action with 'init-integ-test'
This action takes care of 'setup-java' as well as downloading the dist if required.
2024-04-06 14:52:02 -06:00
daz
340a6438d0 Add 'setup-java' step to all examples 2024-04-05 14:54:29 -06:00
daz
518b14b196
Switch from com.gradle.enterprise to com.gradle.develocity 2024-04-03 19:05:27 -06:00
daz
81b3a2db60
Bump to Develocity plugin 3.17 2024-04-03 19:05:27 -06:00
Pavlo Shevchenko
5a171ce5b8
Inject Develocity plugin for versions 3.17 and above (#62)
To handle the rebranding of the GE plugin, this PR updates the inject-develocity init script 
to apply the `com.gradle.develocity` plugin if `3.17+` version of the plugin is requested.
2024-04-03 14:47:50 -06:00
daz
cc54166e15 Truncate long values in job summary table
Fixes #35
2024-04-01 12:24:45 -06:00
daz
393df4bfa2 Bump to Gradle 8.7 2024-03-23 09:32:57 -06:00
dependabot[bot]
8735d0c1bb Bump com.google.guava:guava in /.github/workflow-samples/kotlin-dsl
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.0.0-jre to 33.1.0-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-21 21:52:55 -06:00
daz
cee9fbd6e2
Bump CCUD plugin to 1.13 2024-03-12 16:13:40 +13:00
Daz DeBoer
32f1033fd2
Fix dependabot config for relocated NPM sources 2024-03-11 21:06:42 -06:00
Jerome Prinet
6800f3450a Configure Dependabot to monitor .github/actions 2024-02-19 21:46:36 -07:00
daz
e2b14c9dfc
Run full-check on action.yml change 2024-02-13 13:10:30 -07:00
daz
b61dbd2545
Test no dependency-graph for failing build 2024-02-12 22:03:45 -07:00
daz
4b284311c3
Disable cache debug logging for workflows
This logging can now be enabled on a case-by-case basis using
GitHub Actions debugging.
2024-02-11 18:00:40 -07:00
dependabot[bot]
d31af7fbe2
Bump org.junit.jupiter:junit-jupiter
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.10.1 to 5.10.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.1...r5.10.2)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-11 17:37:17 -07:00
Daz DeBoer
b776693a71
Fail nicely when dependency-submission is used after setup-gradle in the same Job (#37)
Previously, this would fail with a hard-to-diagnose error message.

Fixes #14
2024-02-08 23:16:54 -07:00
daz
2f23d645f2
Warn and make Gradle Wrapper script executable
Instead of failing the build, detect a non-executable wrapper file
and set the executable bit.

Fixes #17
2024-02-08 22:26:12 -07:00
daz
9c837ee543
Test dependency-submission with gradle versions 2024-02-08 21:55:52 -07:00
Goooler
bc07b88bc0 Update Gradle 8.6 rc refs to the final version
https://github.com/gradle/gradle/releases/tag/v8.6.0

Signed-off-by: Goooler <wangzongler@gmail.com>
2024-02-08 21:38:25 -07:00
daz
0ac0f49dd2
Replace 'v3-beta' with 'v3' in docs 2024-01-29 10:46:26 -07:00
daz
11fb430abc
Update dependency-submission parameter for consistency
Instead of using 'dependency-graph-action' with some slightly better
values, we now use 'dependency-graph' as the parameter name with a subset
of the options available to 'setup-gradle'.
2024-01-29 10:46:26 -07:00
daz
bdb2b520ea
Remove unnecessary workflows 2024-01-28 10:13:13 -07:00
daz
e833c3f088
Bump DV plugin version to 3.16.2 2024-01-26 12:58:26 -07:00
daz
f218f2e104
Prefer 'setup-gradle' to 'gradle-build-action' 2024-01-25 12:46:51 -07:00
daz
a628cf9f2e
Replace occurrances of gradle-build-action
- Mostly with `setup-gradle`
- Some with `gradle-actions`
2024-01-25 12:36:53 -07:00
daz
930d449ff7
Merge in gradle-build-action as setup-gradle
This brings the entire codebase and history of `gradle/gradle-build-action` into
the `gradle/actions` repository, after some modifications to make it easier to
merge.

This will permit the new `gradle/actions/setup-gradle` coordinates to carry on
where `gradle/gradle-build-action` leaves off.

- All NPM sources have been moved into a 'sources' directory
- The main action.yml and README are not located at `setup-gradle`
2024-01-25 12:00:10 -07:00
daz
2e7b28666d
Move top-level action to 'setup-gradle' 2024-01-25 11:53:44 -07:00
daz
151423cc90
Verify outputs on gradle-build-action branch 2024-01-25 11:53:44 -07:00
daz
22e5c984e7
Update workflows for move to 'sources' 2024-01-25 11:53:44 -07:00
dependabot[bot]
e1ada08a9a
Bump the github-actions group with 1 update (#1047)
Bumps the github-actions group with 1 update:
[gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).

Updates `gradle/gradle-build-action` from 2.11.1 to 2.12.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/gradle-build-action/releases">gradle/gradle-build-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.12.0</h2>
<p>Adds a new option to clear a previously submitted
dependency-graph.</p>
<pre lang="yaml"><code>steps:
- uses: gradle/gradle-build-action@v2
  with:
    dependency-graph: clear
</code></pre>
<p>This may prove useful when migrating to a workflow using the upcoming
<code>gradle/actions/dependency-submission</code> action.</p>
<p><strong>Full-changelog</strong>: <a
href="https://github.com/gradle/gradle-build-action/compare/v2.11.1...v2.12.0">https://github.com/gradle/gradle-build-action/compare/v2.11.1...v2.12.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a8f75513ea"><code>a8f7551</code></a>
Build outputs</li>
<li><a
href="9283312acb"><code>9283312</code></a>
Add new option to clear dependency-graph</li>
<li><a
href="7c8a278ea0"><code>7c8a278</code></a>
Remove old clear-dependency-graph action</li>
<li><a
href="d8ca9b7d2e"><code>d8ca9b7</code></a>
Do full checks on release branches</li>
<li>See full diff in <a
href="https://github.com/gradle/gradle-build-action/compare/v2.11.1...v2.12.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle/gradle-build-action&package-manager=github_actions&previous-version=2.11.1&new-version=2.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-25 10:21:22 -07:00
dependabot[bot]
ad80850e98
Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action) and [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).

Updates `actions/dependency-review-action` from 3 to 4
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v3...v4)

Updates `gradle/gradle-build-action` from 2.11.0 to 2.11.1
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.11.0...v2.11.1)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-25 09:57:26 -07:00
daz
bd6d0a74d4
Configure explicit java version for config-cache test
The default JDK on some runners can have minor differences, resulting
in configuration-cache misses. Setting the Java version explicitly should
ensure consistency.
2024-01-25 09:21:52 -07:00
daz
60c43cb563
Make it easy to publish to scans.gradle.com
- Allow init-script to publish to scans.gradle.com
- Add paramaters to enable build scan publishing
- Test coverage for build scan publishing
2024-01-25 08:56:13 -07:00
daz
75b3db10df
Remove node warnings from workflows
- Use setup-node to control Node version used to build
- Use Node20 compatible actions in custom actions
2024-01-24 16:01:15 -07:00
daz
46878035be
Do full checks on release branches 2024-01-23 15:26:51 -07:00
daz
d731f29856
Use separate steps in composite action 2024-01-22 11:13:02 -07:00
daz
23b4b1d03b
Add 'dependency-graph-action' input param 2024-01-22 11:02:29 -07:00
daz
4b660dc33e
Add initial composite actions with smoke tests
These actions simply delegate to `gradle/gradle-build-action`

- `setup-gradle`: As `gradle-build-action` without the execution capability.
- `dependency-submission`: Submits a dependency graph for the project.
2024-01-16 09:49:44 -07:00
daz
173b6ae553
Improve testing for dependency graph failures
- Update test to use input param
- Rename Job to indicate expected failure
2024-01-13 07:21:08 -07:00
daz
a01f794d92
Add dependency-graph-continue-on-failure input param
- Translate to env var for init-script support
- Use when deciding whether to log or rethrow errors
- Add a custom error type to trigger failure in post action
2024-01-13 07:20:45 -07:00
daz
369fcc54d8
Add tests for dependency graph failures 2024-01-13 07:20:45 -07:00
daz
0e6b90783e
Fix dependency-graph with configuration-cache
When state is reused from the configuration cache, no dependencies are resolved.
This fix prevents the action from submitting an empty dependency graph in this case.
2024-01-11 21:25:29 -07:00
Iurii Ignatko
932abbbe13
Update GE injection script for Develocity rename
- Rename all env vars expected by init-script: `s/GRADLE_ENTERPRISE/DEVELOCITY`
- Update README for changes
- Use `Develocity` consistently in tests
2024-01-10 20:30:40 -07:00
daz
3a75647ad4
Remove 'gradle-executable' input param 2024-01-04 13:53:16 -07:00
daz
4dda5928c7
Update CodeQL config to latest default 2024-01-04 13:03:33 -07:00
daz
d4e24dfc10
Register pre-installed JDKs in .m2/toolchains.xml
Since adding these to the `org.gradle.java.installations.fromEnv` property
is problematic (#1024), this mechanism allows the default toolchains to
be discovered by Gradle via a different mechanism.

The default JDK installations are added to `~/.m2/toolchains.xml` such that
they are discoverable by Gradle toolchain support.
The `setup-java` action also writes to this file, so we merge with any existing
content: this allows both pre-installed and "setup" JDKs to be automatically
detected by Gradle.
2024-01-03 21:08:40 -07:00
daz
270f30ba56
Always initialize encryption key 2024-01-02 14:28:29 -07:00
daz
c00a847f3f
Enable config-cache tests
- Enable in full-build
- Pass encryption key secret to test workflow
2024-01-02 11:31:06 -07:00
daz
e2aa3f332c
Test with Gradle 8.6-rc-1 2024-01-01 19:29:46 -07:00
daz
72abd931ce
Set workflow permissions where required 2024-01-01 17:50:40 -07:00
daz
333078158e
Allow job-summary only on failure
Instead of a binary true/false option, it is now possible to only add
a Job Summary when the build failed. This applies both to the overall
Job Summary added to the workflow run, and to the new PR comment feature.
2024-01-01 17:50:40 -07:00
daz
34a07dced0
Automatically add Job Summary as PR comment
Rather than requiring a separate step to add a PR comment,
the `gradle-build-action` can now automatically add the Job Summary
as a PR comment

Fixes #1020
2024-01-01 17:50:15 -07:00
Daz DeBoer
5d2dd0dea4
Merge pull request #1012 from gradle/dd/artifact-lib-update
Update to actions/artifact v2.0.0
2023-12-24 05:35:16 +01:00
Daz DeBoer
e865911745
Merge pull request #1005 from gradle/dependabot/gradle/dot-github/workflow-samples/kotlin-dsl/com.google.guava-guava-33.0.0-jre
Bump com.google.guava:guava from 32.1.3-jre to 33.0.0-jre in /.github/workflow-samples/kotlin-dsl
2023-12-24 05:27:49 +01:00
daz
a4dabb3a70
Adapt dependency-graph support for new artifact API
- Don't upload artifacts when using 'generate-and-submit'
- New option 'generate-and-upload' to be used with 'download-and-submit'
- Use Artifact API for downloading in the same and different workflow
2023-12-23 21:24:11 -07:00
dependabot[bot]
14b4921945
Bump the github-actions group with 3 updates
Bumps the github-actions group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `github/codeql-action` from 2 to 3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

Updates `gradle/gradle-build-action` from 2.10.0 to 2.11.0
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.10.0...v2.11.0)

Updates `actions/upload-artifact` from 3 to 4
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-23 18:25:51 -07:00
daz
9c7269b85b
Update to latest Develocity plugins 2023-12-23 18:25:50 -07:00
daz
df38ec05e0
Use 'release-nightly' for config-cache test
Config-cache save/restore is dependent on Gradle 8.6.
Use of the release-nightly is temporary until 8.6 is released.
2023-12-23 12:21:19 -07:00
daz
38785d7d62
Update integ test for config-cache caching
- Rename test for clarity
- Use cache-encryption-key in config-cache test
2023-12-22 12:52:09 -07:00
daz
334a4b8d4d
Reinstate configuration-cache save/restore capability 2023-12-20 17:31:01 -07:00
daz
9d6738618d
Support wildcards in cache-excludes 2023-12-20 10:05:25 -07:00
dependabot[bot]
89e46180c6
Bump com.google.guava:guava in /.github/workflow-samples/kotlin-dsl
Bumps [com.google.guava:guava](https://github.com/google/guava) from 32.1.3-jre to 33.0.0-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 22:30:59 +00:00
dependabot[bot]
76d5a9b475
Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/setup-java](https://github.com/actions/setup-java) and [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).


Updates `actions/setup-java` from 3 to 4
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

Updates `gradle/gradle-build-action` from 2.9.0 to 2.10.0
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.9.0...v2.10.0)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-11 19:23:45 -07:00
daz
39d8c6d06e
Bump from Gradle 8.4 to Gradle 8.5 2023-12-11 18:33:39 -07:00
dependabot[bot]
a5be560235 Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) and [actions/github-script](https://github.com/actions/github-script).


Updates `gradle/gradle-build-action` from 2.8.1 to 2.9.0
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.8.1...v2.9.0)

Updates `actions/github-script` from 6 to 7
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v6...v7)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-27 03:20:09 +01:00
daz
d5fbcc8361
Bump java dependency versions in tests 2023-11-08 21:02:15 -08:00
daz
0e761ca2b4
Bump to Gradle 8.4 for tests and samples 2023-11-08 21:02:15 -08:00
daz
6b7c087721
Bump version of Develocity plugins 2023-11-08 20:35:00 -08:00
Daz DeBoer
6fcc109efa
Dependency updates (#904)
### Github Action updates

Updates `gradle/gradle-build-action` from 2.8.0 to 2.8.1

### NPM updates

Updates `@octokit/webhooks-types` from 7.3.0 to 7.3.1
- [Release notes](https://github.com/octokit/webhooks/releases)
- [Commits](https://github.com/octokit/webhooks/compare/v7.3.0...v7.3.1)

Updates `@typescript-eslint/parser` from 6.7.2 to 6.7.3
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.7.3/packages/parser)

Updates `eslint` from 8.49.0 to 8.50.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.49.0...v8.50.0)
2023-09-29 13:55:35 -06:00
Daz DeBoer
444c20baf7 Test multiple dependency graphs on all os's 2023-09-21 18:22:31 +02:00
daz
b063df05a4
Bump GE plugin versions 2023-09-21 08:41:43 -06:00
dependabot[bot]
5e3952da92 Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).


Updates `actions/checkout` from 3 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

Updates `gradle/gradle-build-action` from 2.7.1 to 2.8.0
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.7.1...v2.8.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-21 16:35:57 +02:00
Daz DeBoer
ed940a329a
Fix name of test dependency-graph workflow 2023-09-21 08:19:49 -06:00
daz
8f08e41675
Use unique cache key for workflow 2023-08-28 12:40:55 -06:00
Daz DeBoer
ef76a971e2
Simplify GE-inject config params (#863) 2023-08-28 11:59:09 -06:00
daz
f2d7085b02
Add octokit to dependabot ignores 2023-08-22 10:28:15 -06:00
dependabot[bot]
c304f927c4
Bump the github-actions group with 1 update
Bumps the github-actions group with 1 update: [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).

- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.7.0...v2.7.1)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-21 22:36:46 +00:00
daz
d4db33d499
Add integ-test for GE injection 2023-08-20 16:29:23 -06:00
daz
800e5e1e62
Fix check 2023-08-19 20:42:08 -06:00
daz
a07019c726
Inform Gradle where to locate pre-installed JDKs 2023-08-19 20:14:11 -06:00
daz
b17d107b8c
Add test for detection of java toolchains 2023-08-19 20:14:11 -06:00
daz
12dcfaa735
Bump to the latest Foojay resolver 2023-08-19 17:24:51 -06:00
daz
3d49588efc
Allow cache to overwrite existing Gradle User Home
Fixes #480
2023-08-19 13:37:53 -06:00
daz
68e1dcdea4
Report the cache as disabled when Gradle User Home exists
Fixes #434
2023-08-19 13:37:49 -06:00
daz
8cade330d4 Include provisioned Gradle version as action output
Fixes #259
2023-08-19 20:37:12 +02:00
daz
124cb765ee
Update to Gradle 8.3 2023-08-19 10:32:05 -06:00
daz
03f0ac2c51
Bump to use the latest release 2023-08-14 19:59:38 -06:00
daz
999ba18af8
Bump dependency versions in sample app 2023-08-14 19:57:15 -06:00
daz
43f8f93391
Update to GE plugin 3.14.1 2023-08-14 19:55:05 -06:00
daz
9e58f8b1de
Add dependency-graph-file as step output
Fixes #804
2023-07-24 08:37:14 -06:00
daz
ced6859e9c
Update Build Scan™ to Build Scan® 2023-07-22 08:53:58 -06:00
daz
0904709a46
Bump GE plugin versions 2023-07-21 13:32:44 -06:00
Daz DeBoer
4821f54162
Group all npm dependencies in a single dependabot PR 2023-07-21 12:19:33 -06:00
dependabot[bot]
2dbad1ea2d Bump the github-actions group with 1 update
Bumps the github-actions group with 1 update: [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).

- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.6.0...v2.6.1)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-18 00:08:00 +02:00
daz
9f977db2d8
Update to latest plugin version 2023-07-17 15:12:30 -06:00
daz
b69de5f2a9
Support multiple invocations in dependency-graph init script
If an existing dependency graph file is present for the configured job correlator,
we now generate a unique correlator value for the invocation. This allows the action
to submit dependency snapshots for a series of Gradle invocations within the same Job.

This commit updates to `github-dependency-graph-gradle-plugin@v0.0.6`, which reduces
redundancy in the mapping of resolved Gradle dependencies to the GitHub Dependency Graph.
2023-07-15 22:33:31 -06:00
daz
4301451b53 Bump to Gradle 8.2.1 2023-07-13 21:38:47 +02:00
dependabot[bot]
29c79cfd95
Bump the github-actions group with 1 update
Bumps the github-actions group with 1 update: [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).

- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.5.1...v2.6.0)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-10 22:37:15 +00:00
daz
437bff62b6
Add basic test coverage for dependency graph
- Test workflow with dependency graph enabled
- Gradle test for init-script functionality
2023-07-07 20:42:49 -06:00
daz
00309f16a9
Use gradle-build-action@v2.5.1 2023-07-07 19:56:00 -06:00
daz
3273b6ada1
Update to Gradle 8.2
- Update all wrappers
- Update .tool-versions
- Update version to run unit tests
- Test init scripts on 8.0 and 8.X
2023-07-07 19:55:23 -06:00
Daz DeBoer
f807993b34
Configure grouped PRs for dependabot 2023-07-07 15:27:44 -06:00
daz
6c3f1eadfe
Reproduce issue with comma in workflow name 2023-06-29 09:59:12 -06:00
daz
198484d871
Bump java dependencies in samples/tests 2023-06-28 11:48:23 -06:00
daz
680037c65b
Bump Gradle Enterprise plugin version 2023-05-29 13:17:01 -06:00
daz
c9a87440e3
Bump org.gradle.enterprise plugin to 3.13.2 2023-05-23 14:11:15 -06:00
Daz DeBoer
7e48093f71
Attempt to resolve security alert
Testing if explicitly using `v2.4.2` will cause the alert to be resolved.
2023-05-01 13:36:49 -06:00
dependabot[bot]
a8aa75965b
Bump org.junit.jupiter:junit-jupiter (#693)
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.9.2 to 5.9.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.9.2...r5.9.3)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-29 09:05:25 -06:00
Daz DeBoer
9cf99034d2
Update to latest Gradle and GE plugin
* Update workflow samples to Gradle 8.1.1
* Update tests to use Gradle 8.1.1
*Update workflow samples to GE plugin 3.13
2023-04-22 12:56:45 -06:00
Daz DeBoer
eb126d771e
Update for Gradle 8.1 release
With Gradle 8.1, the configuration-cache has changed and is now stable. 
As a temporary measure, this commit disables save/restore of the configuration-cache
data to avoid issues until we can deal with this change properly.
2023-04-14 16:23:09 -06:00
Daz DeBoer
951bc8ab16
Update versions for Gradle and GE plugins
* Update Gradle Enterprise plugin to 3.12.6
* Update CCUD plugin to 1.10
* Update Gradle to 8.0.2
* Use latest patch versions of Gradle 6.x and 7.x
2023-03-25 12:11:20 -06:00
dependabot[bot]
fed795f38c
Bump actions/dependency-review-action from 2 to 3
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2 to 3.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 21:43:04 +00:00
Daz DeBoer
a63ae37710
Enable Dependabot for github actions
This will allow dependabot to provide PRs to keep GitHub Action versions
up to date in all workflow files.
2023-02-20 14:41:53 -07:00
Daz DeBoer
4a570433d8
Apply toolchain resolver plugin
This config is required to auto-provision toolchains with Gradle 8.0
2023-02-18 12:45:53 -07:00
bot-githubaction
601a5d4aa4
Bump Gradle Wrapper from 7.6 to 8.0.1 in samples 2023-02-18 12:44:39 -07:00
Daz DeBoer
32863c1a40
Update development dependencies 2023-02-06 12:29:45 -07:00
Daz DeBoer
bff802913e
Bump JUnit 2023-01-19 18:09:32 -07:00