1
0
Fork 0
mirror of https://github.com/gradle/actions synced 2024-12-29 11:32:25 +00:00
Commit graph

496 commits

Author SHA1 Message Date
daz
69215f1c52
Restrict permissions for combine-prs job 2024-12-11 12:31:33 -07:00
Daz DeBoer
06e95bfb12
Merge branch 'main' into dependabot/github_actions/github-actions-e9dd73a904 2024-12-11 10:17:04 -07:00
Daz DeBoer
6089ee95bf
Update to Gradle 8.11.1 () 2024-12-11 10:16:28 -07:00
Daz DeBoer
b80eee1bc3
Remove schedule for combine-prs until it's working properley 2024-12-11 10:05:44 -07:00
daz
51109c9e9e
Update to Gradle 8.11.1 2024-12-11 10:04:45 -07:00
daz
686515ed83
Fix combine PRs workflow 2024-12-11 09:47:11 -07:00
daz
ce25fde741
Add workflow to combine wrapperbot PRs 2024-12-11 09:07:09 -07:00
dependabot[bot]
1c71d2134f
Bump the github-actions group across 1 directory with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [tj-actions/changed-files](https://github.com/tj-actions/changed-files) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `tj-actions/changed-files` from 45.0.4 to 45.0.5
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](4edd678ac3...bab30c2299)

Updates `github/codeql-action` from 3.27.4 to 3.27.7
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](ea9e4e3799...babb554ede)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-11 14:52:10 +00:00
Daz DeBoer
35af9b8791
Simplify Dependabot config using 'directories' 2024-12-11 07:50:05 -07:00
dependabot[bot]
4ba34e96c5 Bump gradle/actions from 4.2.0 to 4.2.1 in the github-actions group
Bumps the github-actions group with 1 update: [gradle/actions](https://github.com/gradle/actions).


Updates `gradle/actions` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](473878a77f...cc4fc85e6b)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-19 09:53:32 -07:00
dependabot[bot]
e6a814661a Bump the github-actions group with 3 updates
Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/checkout` from 4.1.7 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.7...11bd71901bbe5b1630ceea73d27597364c9af683)

Updates `github/codeql-action` from 3.26.6 to 3.27.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.26.6...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f)

Updates `actions/upload-artifact` from 4.4.0 to 4.4.3
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](50769540e7...b4b15b8c7c)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-18 10:35:58 -07:00
daz
9ab6ee6757
Bump to version 2.0.2 of CCUDGP 2024-11-15 14:10:13 -07:00
daz
f4845d289c Use npm clean-install 2024-11-14 16:36:23 -07:00
Daz DeBoer
5f21a9bb99
Bump Gradle from 8.10.2 to 8.11 ()
Co-authored-by: bot-githubaction <bot-githubaction@gradle.com>
2024-11-14 13:48:42 -07:00
Daz DeBoer
52ee405746
Run CodeQL on all commits 2024-11-14 13:44:22 -07:00
daz
b6bc8c2f17
Pin gradle/actions versions 2024-11-14 13:05:02 -07:00
daz
b12c3a65f2
Pin version of 3rd party actions 2024-11-14 12:35:29 -07:00
daz
d191577859
Pin actions/setup-node@v4 2024-11-14 12:23:02 -07:00
daz
e726a12472
Pin actions/setup-java@v4 2024-11-14 12:21:03 -07:00
daz
d30cc9ecf2
Pin actions/checkout@v4 2024-11-14 12:19:48 -07:00
daz
d0efa7b0e7
Avoid duplicate actions/setup-java 2024-11-14 12:12:54 -07:00
daz
8422a6a674
Avoid running workflow on forks 2024-11-14 11:44:20 -07:00
daz
19ff74e0a6
Revert "Disable uploading OSSF scorecard to GitHub Security"
This reverts commit 1e2142185e.
2024-11-14 11:31:03 -07:00
bot-githubaction
084b95f65a Bump references to Develocity Gradle plugin from 3.18.1 to 3.18.2 2024-11-14 09:26:53 -07:00
Daz DeBoer
1e2142185e
Disable uploading OSSF scorecard to GitHub Security 2024-11-13 19:11:45 -07:00
Daz DeBoer
07e0f1c008
Limit token permissions in GitHub workflows ()
See
ea7e27ed41/docs/checks.md (token-permissions)
2024-11-13 19:01:45 -07:00
daz
af45dcfe3c
Add wrapper-validation workflow
Although we run `setup-gradle` with all/most wrapper files, this global
workflow will ensure that all wrapper files in the repo are valid.
(This should help with the OSSF scorecard)
2024-11-13 18:46:57 -07:00
daz
d8b3a9fb11
Rename OSSF scorecard workflow 2024-11-13 18:46:51 -07:00
nitrocode
5ac3e361a2 ci: add scorecard 2024-11-13 16:37:41 -07:00
daz
f22ac61fd1 Use Gradle 8.11 as the minimum version for cache-cleanup
The cache-cleanup API has changed, so the init-script that worked with
Gradle 8.9 no longer works with 8.11.
We now provision and use Gradle 8.11 for cache cleanup.

This provides a band-aid fix for  but that issue will still impact
any build configured to run with Gradle > 8.11
2024-11-11 20:54:29 -07:00
dependabot[bot]
ed43923279 Bump org.junit.jupiter:junit-jupiter
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.11.2 to 5.11.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.2...r5.11.3)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-30 18:28:10 -06:00
dependabot[bot]
1b7e89588d Bump org.junit.jupiter:junit-jupiter
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.11.1 to 5.11.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.1...r5.11.2)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-06 20:38:26 -06:00
daz
61e4a25782
Control version of Gradle in PATH for unit tests 2024-10-07 12:24:47 +10:00
dependabot[bot]
9f70748719
Bump org.junit.jupiter:junit-jupiter
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.11.0 to 5.11.1.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 11:24:35 +10:00
dependabot[bot]
b5e8e5f396
Bump com.google.guava:guava in /.github/workflow-samples/kotlin-dsl
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.3.0-jre to 33.3.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 11:24:35 +10:00
daz
d32c4bdc08
Update wrapper to Gradle 8.10.2 2024-10-07 11:24:35 +10:00
bot-githubaction
5fe9264c08 Bump references to Develocity Gradle plugin from 3.18 to 3.18.1 2024-09-12 19:55:39 -06:00
dependabot[bot]
478782dbb4 Bump peter-evans/create-pull-request in the github-actions group
Bumps the github-actions group with 1 update: [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request).


Updates `peter-evans/create-pull-request` from 6 to 7
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v6...v7)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-12 19:55:39 -06:00
daz
9291ac6ca5
Add example of job summary with cache-read-only 2024-08-29 09:54:55 -06:00
dependabot[bot]
c3c8a18b22 Bump tj-actions/changed-files from 44 to 45 in the github-actions group
Bumps the github-actions group with 1 update: [tj-actions/changed-files](https://github.com/tj-actions/changed-files).


Updates `tj-actions/changed-files` from 44 to 45
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/v44...v45)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-26 21:18:49 -06:00
Daz DeBoer
4b7cc6e174
Differentiate Gradle 8.1 from 8.10 when checking version ()
Fixes 
2024-08-26 14:47:28 -06:00
daz
e598a32529
Quote version 8.10 in integ test 2024-08-26 12:47:06 -06:00
dependabot[bot]
79ea5b8f3e
Bump org.junit.jupiter:junit-jupiter
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.10.3 to 5.11.0.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.3...r5.11.0)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-26 11:08:49 -06:00
dependabot[bot]
d77a030aaf
Bump com.google.guava:guava in /.github/workflow-samples/kotlin-dsl
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.2.1-jre to 33.3.0-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-26 11:08:26 -06:00
daz
a8a2fd2323
Update to Gradle 8.10 2024-08-26 11:07:48 -06:00
bot-githubaction
089bfb1063
Bump references to Develocity Gradle plugin from 3.17.6 to 3.18 2024-08-26 10:53:40 -06:00
daz
b51fcf4d6c
Only allow 1 integ-test at a time 2024-08-12 10:33:22 -06:00
daz
64869b1757 Attempt to reduce contention in integ-test-full 2024-08-07 09:04:49 -06:00
Daz DeBoer
0b404a7148
Reduce Dependabot checks to weekly 2024-08-07 07:58:19 -06:00
daz
b1833c4c90
Account for invalid wrapper jar 2024-08-03 16:51:41 -06:00