Commit graph

513 commits

Author SHA1 Message Date
daz
6f10c21ec5
Make it easier to produce 'prerelease' versions 2025-01-30 09:02:58 -07:00
dependabot[bot]
7560c304a6 Bump the github-actions group across 2 directories with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [actions/setup-node](https://github.com/actions/setup-node) and [github/codeql-action](https://github.com/github/codeql-action).
Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/setup-node](https://github.com/actions/setup-node).


Updates `actions/setup-node` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](39370e3970...1d0ff469b7)

Updates `github/codeql-action` from 3.28.1 to 3.28.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b6a472f63d...17a820bf2e)

Updates `actions/setup-node` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](39370e3970...1d0ff469b7)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-28 08:18:31 -07:00
daz
dcf3ce7005
Bump to Gradle 8.12.1 2025-01-25 09:21:22 -07:00
github-actions[bot]
31f6205373
Bump Gradle Wrappers (#535)
# Combined PRs ➡️📦⬅️

 The following pull requests have been successfully combined on this
PR:
- Closes #534 Bump Gradle Wrapper from 8.12 to 8.12.1 in
/.github/workflow-samples/kotlin-dsl
- Closes #533 Bump Gradle Wrapper from 8.12 to 8.12.1 in
/.github/workflow-samples/java-toolchain
- Closes #532 Bump Gradle Wrapper from 8.12 to 8.12.1 in
/.github/workflow-samples/groovy-dsl
- Closes #531 Bump Gradle Wrapper from 8.12 to 8.12.1 in
/.github/workflow-samples/gradle-plugin
- Closes #530 Bump Gradle Wrapper from 8.12 to 8.12.1 in
/sources/test/init-scripts

> This PR was created by the
[`github/combine-prs`](https://github.com/github/combine-prs) action

---------

Signed-off-by: bot-githubaction <bot-githubaction@gradle.com>
Co-authored-by: bot-githubaction <bot-githubaction@gradle.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-01-25 09:08:57 -07:00
Daz DeBoer
d068148857
Choose best Gradle version to use for cache cleanup (#526)
The cache-cleanup operation works by executing Gradle on a dummy project
and a custom init-script. The init-script requires at least Gradle 8.11
to work.

Ideally, the version of Gradle used for cleanup should be no older than
the newest one that wrote entries to Gradle User Home. If an older
Gradle version is used for cache-cleanup, it will not remove entries
written specifically for newer versions.

With this change, we now attempt to ensure that cache-cleanup is run
with the best Gradle version available. We inspect the Gradle version on
PATH to see if it is new enough, otherwise we will provision a Gradle
version equal to the newest one that ran in the Job.

The logic is:
- Determine the newest version of Gradle that was executed during the
Job. This is the 'minimum version' for cache cleanup.
- Inspect the Gradle version on PATH (if any) to see if it is equal to
or newer than the 'minimum version'.
- If the version Gradle on PATH is new enough, use that version for
cache-cleanup.
- If not, attempt to provision Gradle with the 'minimum version'.

Fixes #436
2025-01-24 06:16:52 -07:00
bot-githubaction
b426ffebae Bump references to Develocity Gradle plugin from 3.19 to 3.19.1 2025-01-24 06:16:18 -07:00
daz
ec4681f7f5
Test provision of rc and milestone versions 2025-01-23 12:09:21 -07:00
Daz DeBoer
3bfa1140fc
Update to CCUDGP 2.1 (#524)
This change primarily impacts test projects and documentation. The only
material impact is that CCUD 2.1 will now be auto-applied when
publishing Build Scans automatically with `build-scan-publish: true`.
(Develocity injection does not hard-code any CCUD version)
2025-01-21 21:34:02 -07:00
daz
245c8a24de Save dependency-graph file as workflow artifact
Diagnosing unexpected dependencies in the GitHub Dependency Graph can
be difficult. In order to aid with diagnosis, the `dependency-submission`
action will  now save each dependency-graph file as a workflow artifact.

If this is undesirable, the prior behaviour can be restored by explicitly setting
`dependency-graph: generate-and-submit`.

Fixes #519
2025-01-21 14:34:49 -07:00
daz
74628b9f13
Fix npm for update-dist 2025-01-21 09:55:18 -07:00
daz
e6f332ecb1
Publish build scans for CI builds 2025-01-20 09:56:42 -07:00
dependabot[bot]
bccddaec22 Bump the github-actions group across 3 directories with 7 updates
Bumps the github-actions group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [gradle/actions](https://github.com/gradle/actions) | `4.2.1` | `4.2.2` |
| [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `45.0.5` | `45.0.6` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.27.9` | `3.28.1` |
| [actions/setup-java](https://github.com/actions/setup-java) | `4.5.0` | `4.6.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.6.0` |
| [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) | `5.0.1` | `5.1.0` |
| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.5` | `7.0.6` |

Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/upload-artifact](https://github.com/actions/upload-artifact).
Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/setup-java](https://github.com/actions/setup-java).


Updates `gradle/actions` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](cc4fc85e6b...0bdd871935)

Updates `tj-actions/changed-files` from 45.0.5 to 45.0.6
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](bab30c2299...d6e91a2266)

Updates `github/codeql-action` from 3.27.9 to 3.28.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](df409f7d92...b6a472f63d)

Updates `actions/setup-java` from 4.5.0 to 4.6.0
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](8df1039502...7a6d8a8234)

Updates `actions/upload-artifact` from 4.4.3 to 4.6.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](b4b15b8c7c...65c4c4a1dd)

Updates `stefanzweifel/git-auto-commit-action` from 5.0.1 to 5.1.0
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](8621497c8c...e348103e90)

Updates `peter-evans/create-pull-request` from 7.0.5 to 7.0.6
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](5e914681df...67ccf781d6)

Updates `actions/upload-artifact` from 4.4.3 to 4.6.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](b4b15b8c7c...65c4c4a1dd)

Updates `actions/setup-java` from 4.5.0 to 4.6.0
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](8df1039502...7a6d8a8234)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: stefanzweifel/git-auto-commit-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-14 13:31:38 -07:00
github-actions[bot]
04f1562da5
Bump Gradle Wrappers (#499)
# Combined PRs ➡️📦⬅️

 The following pull requests have been successfully combined on this
PR:
- Closes #498 Bump Gradle Wrapper from 8.11.1 to 8.12 in
/.github/workflow-samples/kotlin-dsl
- Closes #497 Bump Gradle Wrapper from 8.11.1 to 8.12 in
/.github/workflow-samples/java-toolchain
- Closes #496 Bump Gradle Wrapper from 8.11.1 to 8.12 in
/.github/workflow-samples/groovy-dsl
- Closes #495 Bump Gradle Wrapper from 8.11.1 to 8.12 in
/.github/workflow-samples/gradle-plugin
- Closes #494 Bump Gradle Wrapper from 8.11.1 to 8.12 in
/sources/test/init-scripts

> This PR was created by the
[`github/combine-prs`](https://github.com/github/combine-prs) action

---------

Signed-off-by: bot-githubaction <bot-githubaction@gradle.com>
Co-authored-by: bot-githubaction <bot-githubaction@gradle.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: daz <daz@gradle.com>
2024-12-20 18:23:34 -07:00
Daz DeBoer
0bdd871935
Pin version in ci-combine-bot-prs.yml 2024-12-17 18:26:12 -07:00
dependabot[bot]
bc78598590 Bump github/codeql-action in the github-actions group across 1 directory
Bumps the github-actions group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.27.7 to 3.27.9
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](babb554ede...df409f7d92)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-17 11:46:27 -07:00
dependabot[bot]
9934046c6d Bump the gradle group across 1 directory with 2 updates
Bumps the gradle group with 2 updates in the /.github/workflow-samples/kotlin-dsl directory: [com.google.guava:guava](https://github.com/google/guava) and [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5).


Updates `com.google.guava:guava` from 33.3.1-jre to 33.4.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `org.junit.jupiter:junit-jupiter` from 5.11.3 to 5.11.4
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.3...r5.11.4)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-17 11:45:30 -07:00
bot-githubaction
eda5a3331f Bump references to Develocity Gradle plugin from 3.18.2 to 3.19 2024-12-13 09:02:59 -07:00
daz
69215f1c52
Restrict permissions for combine-prs job 2024-12-11 12:31:33 -07:00
Daz DeBoer
06e95bfb12
Merge branch 'main' into dependabot/github_actions/github-actions-e9dd73a904 2024-12-11 10:17:04 -07:00
Daz DeBoer
6089ee95bf
Update to Gradle 8.11.1 (#477) 2024-12-11 10:16:28 -07:00
Daz DeBoer
b80eee1bc3
Remove schedule for combine-prs until it's working properley 2024-12-11 10:05:44 -07:00
daz
51109c9e9e
Update to Gradle 8.11.1 2024-12-11 10:04:45 -07:00
daz
686515ed83
Fix combine PRs workflow 2024-12-11 09:47:11 -07:00
daz
ce25fde741
Add workflow to combine wrapperbot PRs 2024-12-11 09:07:09 -07:00
dependabot[bot]
1c71d2134f
Bump the github-actions group across 1 directory with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [tj-actions/changed-files](https://github.com/tj-actions/changed-files) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `tj-actions/changed-files` from 45.0.4 to 45.0.5
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](4edd678ac3...bab30c2299)

Updates `github/codeql-action` from 3.27.4 to 3.27.7
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](ea9e4e3799...babb554ede)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-11 14:52:10 +00:00
Daz DeBoer
35af9b8791
Simplify Dependabot config using 'directories' 2024-12-11 07:50:05 -07:00
dependabot[bot]
4ba34e96c5 Bump gradle/actions from 4.2.0 to 4.2.1 in the github-actions group
Bumps the github-actions group with 1 update: [gradle/actions](https://github.com/gradle/actions).


Updates `gradle/actions` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](473878a77f...cc4fc85e6b)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-19 09:53:32 -07:00
dependabot[bot]
e6a814661a Bump the github-actions group with 3 updates
Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/checkout` from 4.1.7 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.7...11bd71901bbe5b1630ceea73d27597364c9af683)

Updates `github/codeql-action` from 3.26.6 to 3.27.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.26.6...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f)

Updates `actions/upload-artifact` from 4.4.0 to 4.4.3
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](50769540e7...b4b15b8c7c)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-18 10:35:58 -07:00
daz
9ab6ee6757
Bump to version 2.0.2 of CCUDGP 2024-11-15 14:10:13 -07:00
daz
f4845d289c Use npm clean-install 2024-11-14 16:36:23 -07:00
Daz DeBoer
5f21a9bb99
Bump Gradle from 8.10.2 to 8.11 (#443)
Co-authored-by: bot-githubaction <bot-githubaction@gradle.com>
2024-11-14 13:48:42 -07:00
Daz DeBoer
52ee405746
Run CodeQL on all commits 2024-11-14 13:44:22 -07:00
daz
b6bc8c2f17
Pin gradle/actions versions 2024-11-14 13:05:02 -07:00
daz
b12c3a65f2
Pin version of 3rd party actions 2024-11-14 12:35:29 -07:00
daz
d191577859
Pin actions/setup-node@v4 2024-11-14 12:23:02 -07:00
daz
e726a12472
Pin actions/setup-java@v4 2024-11-14 12:21:03 -07:00
daz
d30cc9ecf2
Pin actions/checkout@v4 2024-11-14 12:19:48 -07:00
daz
d0efa7b0e7
Avoid duplicate actions/setup-java 2024-11-14 12:12:54 -07:00
daz
8422a6a674
Avoid running workflow on forks 2024-11-14 11:44:20 -07:00
daz
19ff74e0a6
Revert "Disable uploading OSSF scorecard to GitHub Security"
This reverts commit 1e2142185e.
2024-11-14 11:31:03 -07:00
bot-githubaction
084b95f65a Bump references to Develocity Gradle plugin from 3.18.1 to 3.18.2 2024-11-14 09:26:53 -07:00
Daz DeBoer
1e2142185e
Disable uploading OSSF scorecard to GitHub Security 2024-11-13 19:11:45 -07:00
Daz DeBoer
07e0f1c008
Limit token permissions in GitHub workflows (#440)
See
ea7e27ed41/docs/checks.md (token-permissions)
2024-11-13 19:01:45 -07:00
daz
af45dcfe3c
Add wrapper-validation workflow
Although we run `setup-gradle` with all/most wrapper files, this global
workflow will ensure that all wrapper files in the repo are valid.
(This should help with the OSSF scorecard)
2024-11-13 18:46:57 -07:00
daz
d8b3a9fb11
Rename OSSF scorecard workflow 2024-11-13 18:46:51 -07:00
nitrocode
5ac3e361a2 ci: add scorecard 2024-11-13 16:37:41 -07:00
daz
f22ac61fd1 Use Gradle 8.11 as the minimum version for cache-cleanup
The cache-cleanup API has changed, so the init-script that worked with
Gradle 8.9 no longer works with 8.11.
We now provision and use Gradle 8.11 for cache cleanup.

This provides a band-aid fix for #417 but that issue will still impact
any build configured to run with Gradle > 8.11
2024-11-11 20:54:29 -07:00
dependabot[bot]
ed43923279 Bump org.junit.jupiter:junit-jupiter
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.11.2 to 5.11.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.2...r5.11.3)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-30 18:28:10 -06:00
dependabot[bot]
1b7e89588d Bump org.junit.jupiter:junit-jupiter
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.11.1 to 5.11.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.1...r5.11.2)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-06 20:38:26 -06:00
daz
61e4a25782
Control version of Gradle in PATH for unit tests 2024-10-07 12:24:47 +10:00