Update gradle/actions action to v4

[renovate]

This PR contains the following updates:

Package	Change	Age
gradle/actions	v3.5.0 -> v4.4.1

---

Release Notes

gradle/actions (gradle/actions)

v4.4.1

Compare Source

This patch release fixes a bug in Develocity Injection with a custom plugin repository.
The gradle-plugin-repository-* action parameters were not being correctly mapped to environment variables that are read by the Develocity Injection init script.

This issue has been fixed by setting the correct environment variables:

• gradle-plugin-repository-url is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_URL
• gradle-plugin-repository-username is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_USERNAME
• gradle-plugin-repository-password is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_PASSWORD

Additionally, these parameters can now be used to configure a custom plugin repository for the GitHub Dependency Graph Gradle Plugin, required for dependency submission.

What's Changed

• Dependency updates by @​bigdaz in https://github.com/gradle/actions/pull/667
• Fix plugin repository env vars by @​bigdaz in https://github.com/gradle/actions/pull/669

Full Changelog: gradle/actions@v4.4.0...v4.4.1

v4.4.0

Compare Source

This release updates 2 downstream components:

• Develocity injection has been updated to v2.0
  • Some environment variables related to Develocity injection have been renamed. All vars now being with DEVELOCITY_INJECTION_. Check the docs for more details.
• Dependency-graph plugin has been updated to v1.4.0
  • The 'detector' values included in the generated graph can now be configured via environment variables.

What's Changed

• Update develocity-injection init script to v1.3 by @​bot-githubaction in https://github.com/gradle/actions/pull/592
• Update develocity-injection init script to v2.0 by @​bot-githubaction in https://github.com/gradle/actions/pull/593
• [StepSecurity] ci: Harden GitHub Actions by @​step-security-bot in https://github.com/gradle/actions/pull/597
• Use v1.4.0 of dependency graph plugin by @​bigdaz in https://github.com/gradle/actions/pull/638

New Contributors

• @​step-security-bot made their first contribution in https://github.com/gradle/actions/pull/597

Full Changelog: gradle/actions@v4.3.1...v4.4.0

v4.3.1

Compare Source

This release fixes a couple of minor issues, as well as keeping dependencies up to date.

Fixed issues

• The develocity-allow-untrusted-server parameter should be honoured when fetching short-lived access tokens #​583
• Build summary may incorrectly report build success #​415

What's Changed

• Update develocity-injection init script to v1.1.1 by @​bot-githubaction in https://github.com/gradle/actions/pull/545
• Bump the github-actions group across 2 directories with 3 updates by @​dependabot in https://github.com/gradle/actions/pull/547
• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot in https://github.com/gradle/actions/pull/548
• Update develocity-injection init script to v1.2 by @​bot-githubaction in https://github.com/gradle/actions/pull/550
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot in https://github.com/gradle/actions/pull/552
• Bump the npm-dependencies group across 1 directory with 5 updates by @​dependabot in https://github.com/gradle/actions/pull/558
• Update known wrapper checksums by @​github-actions in https://github.com/gradle/actions/pull/560
• Bump references to Develocity Gradle plugin from 3.19.1 to 3.19.2 by @​bot-githubaction in https://github.com/gradle/actions/pull/561
• Catch more build failures in job summary by @​bigdaz in https://github.com/gradle/actions/pull/571
• Scope captured build failures by @​erichaagdev in https://github.com/gradle/actions/pull/574
• Ignore SSL certificate validation when fetching Develocity short-lived access token if develocity-allow-untrusted-server is enabled by @​remcomokveld in https://github.com/gradle/actions/pull/575
• Dependency updates by @​bigdaz in https://github.com/gradle/actions/pull/579
• Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by @​dependabot in https://github.com/gradle/actions/pull/580
• Bump the github-actions group across 2 directories with 2 updates by @​dependabot in https://github.com/gradle/actions/pull/582

New Contributors

• @​erichaagdev made their first contribution in https://github.com/gradle/actions/pull/574
• @​remcomokveld made their first contribution in https://github.com/gradle/actions/pull/575

Full Changelog: gradle/actions@v4.3.0...v4.3.1

v4.3.0

Compare Source

This release brings some significant improvements to cache-cleanup and dependency-submission:

• Cleanup cache entries written by newly released Gradle versions (#​436)
• Use existing Gradle wrapper distribution for cache-cleanup where possible (#​515)
• Automatically save each dependency-graph that is submitted by dependency-submission (#​519)
• Fix deprecation warnings emitted by Gradle 8.12+ when:
  • Using build-scan-publish: true or Develocity injection (#​543)
  • Using dependency-submission with an authenticated plugin repository with Gradle (#​541)
• Fix warning when using toolchain support with Gradle 7.x (#​511)

What's Changed

• Update known wrapper checksums by @​github-actions in https://github.com/gradle/actions/pull/493
• Fix typo in cache-reporting.ts by @​SimonMarquis in https://github.com/gradle/actions/pull/492
• Bump Gradle Wrappers by @​github-actions in https://github.com/gradle/actions/pull/499
• Bump the github-actions group across 3 directories with 7 updates by @​dependabot in https://github.com/gradle/actions/pull/510
• Bump the npm-dependencies group across 1 directory with 6 updates by @​dependabot in https://github.com/gradle/actions/pull/512
• Clean-up missing imports for tests by @​bigdaz in https://github.com/gradle/actions/pull/513
• Bump the npm-dependencies group in /sources with 3 updates by @​dependabot in https://github.com/gradle/actions/pull/521
• Add npm build scans by @​bigdaz in https://github.com/gradle/actions/pull/517
• Avoid env-var interpolation in toolchains.xml by @​bigdaz in https://github.com/gradle/actions/pull/518
• Avoid saving build-results for cache cleanup by @​bigdaz in https://github.com/gradle/actions/pull/520
• Save dependency graph as workflow artifact by @​bigdaz in https://github.com/gradle/actions/pull/522
• Update to CCUDGP 2.1 by @​bigdaz in https://github.com/gradle/actions/pull/524
• Bump references to Develocity Gradle plugin from 3.19 to 3.19.1 by @​bot-githubaction in https://github.com/gradle/actions/pull/527
• Choose best Gradle version to use for cache cleanup by @​bigdaz in https://github.com/gradle/actions/pull/526
• Uppercase cache-encryption-key by @​Goooler in https://github.com/gradle/actions/pull/528
• Attempt to use gradle wrapper for cache cleanup by @​bigdaz in https://github.com/gradle/actions/pull/525
• Document GRADLE_ACTIONS_SKIP_BUILD_RESULT_CAPTURE by @​bigdaz in https://github.com/gradle/actions/pull/529
• Update known wrapper checksums by @​github-actions in https://github.com/gradle/actions/pull/509
• Bump Gradle Wrappers by @​github-actions in https://github.com/gradle/actions/pull/535
• Bump the github-actions group across 2 directories with 2 updates by @​dependabot in https://github.com/gradle/actions/pull/538
• Update undici to resolve vulnerability by @​bigdaz in https://github.com/gradle/actions/pull/536
• Bump the npm-dependencies group across 1 directory with 2 updates by @​dependabot in https://github.com/gradle/actions/pull/539
• Update docs for dependency review by @​bigdaz in https://github.com/gradle/actions/pull/540
• Fix space assignment deprecations in init-scripts by @​bigdaz in https://github.com/gradle/actions/pull/542

New Contributors

• @​SimonMarquis made their first contribution in https://github.com/gradle/actions/pull/492

Full Changelog: gradle/actions@v4.2.2...v4.3.0

v4.2.2

Compare Source

This patch release updates a bunch of dependency versions and fixes a deprecation warning emitted with Gradle 8.12.

What's Changed

• Bump cross-spawn in /sources by @​dependabot in https://github.com/gradle/actions/pull/455
• Update known wrapper checksums by @​github-actions in https://github.com/gradle/actions/pull/462
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot in https://github.com/gradle/actions/pull/474
• Update @​actions/cache4.0.0 and patch by @​amyu in https://github.com/gradle/actions/pull/479
• Update develocity-injection init script to v1.1 by @​bot-githubaction in https://github.com/gradle/actions/pull/471
• Dependency updates by @​bigdaz in https://github.com/gradle/actions/pull/480
• Bump references to Develocity Gradle plugin from 3.18.2 to 3.19 by @​bot-githubaction in https://github.com/gradle/actions/pull/483
• Update known wrapper checksums by @​github-actions in https://github.com/gradle/actions/pull/484
• Bump the gradle group across 1 directory with 2 updates by @​dependabot in https://github.com/gradle/actions/pull/485
• Attempt to limit failures in wrapper-validation tests by @​bigdaz in https://github.com/gradle/actions/pull/490
• Update known wrapper checksums by @​github-actions in https://github.com/gradle/actions/pull/488
• Remove deprecation warning from init-script by @​bigdaz in https://github.com/gradle/actions/pull/491
• Use latest dependency-graph plugin by @​bigdaz in https://github.com/gradle/actions/pull/489

New Contributors

• @​sebastian-dyroff made their first contribution in https://github.com/gradle/actions/pull/465
• @​amyu made their first contribution in https://github.com/gradle/actions/pull/479

Full Changelog: gradle/actions@v4.2.1...v4.2.2

v4.2.1

Compare Source

This patch release fixes some issues with Develocity and Build Scan integration:

• Build scan links not captured in project using plugin com.gradle.enteprise:3.18.2 (#​449)
• Enabling build-scan-publish causes some Develocity injection parameters to be ignored (#​447)
• Setting develocity-ccud-plugin-version parameter is ignored (#​446)

What's Changed

• Do not fail wrapper-validation on filename with illegal characters #​438
• Bump references to Develocity Gradle plugin from 3.18.1 to 3.18.2 by @​bot-githubaction in https://github.com/gradle/actions/pull/441
• Bump Gradle from 8.10.2 to 8.11 in https://github.com/gradle/actions/pull/443
• Develocity injection fixes in https://github.com/gradle/actions/pull/448
• Adapt build-result-capture script for GE plugin 3.17+ in https://github.com/gradle/actions/pull/450
• ci: add scorecard by @​nitrocode in https://github.com/gradle/actions/pull/384

New Contributors

• @​nitrocode made their first contribution in https://github.com/gradle/actions/pull/384

Full Changelog: gradle/actions@v4.2.0...v4.2.1

v4.2.0

Compare Source

This release fixes a bug that prevents cache-cleanup from working with Gradle 8.11.
A number of improvements to cache reporting are also included.

What's Changed

• Fix cache-cleanup with Gradle 8.11 (https://github.com/gradle/actions/pull/430)
• Update known wrapper checksums to include Gradle 8.11 (https://github.com/gradle/actions/pull/424)
• Include cache save/restore times in Job Summary (https://github.com/gradle/actions/pull/389)
• Improve cache logging by @​bigdaz (https://github.com/gradle/actions/pull/392)
• Correctly handle multiline patterns for extracted entries (https://github.com/gradle/actions/pull/393)
• Numerous dependency updates

Full Changelog: gradle/actions@v4.1.0...v4.2.0

v4.1.0

Compare Source

This release brings some minor improvements:

• The latest release of Gradle is no longer required to perform cache-cleanup. If Gradle is found to on the PATH and the version meets minimum version requirements, then the version on PATH is used for cache-cleanup and Gradle is not downloaded.
• Fixes a bug where setting the develocity-token-expiry parameter had no effect (#​381)
• Numerous NPM dependency updates

Full Changelog: gradle/actions@v4.0.1...v4.1.0

v4.0.1

Compare Source

This patch release updates a number of dependencies, and fixes a bug that caused Gradle version '8.1' to be confused with '8.10'.

What's Changed

• Dependency-updates by @​bigdaz in https://github.com/gradle/actions/pull/326, https://github.com/gradle/actions/pull/356
• NPM dependency updates by @​dependabot in https://github.com/gradle/actions/pull/330, https://github.com/gradle/actions/pull/349
• Include Gradle 8.10 in known wrapper checksums in https://github.com/gradle/actions/pull/341
• Differentiate Gradle 8.1 from 8.10 when checking version by @​bigdaz in https://github.com/gradle/actions/pull/358

Full Changelog: gradle/actions@v4.0.0...v4.0.1

v4.0.0

Compare Source

Final release of v4.0.0 of the setup-gradle, dependency-submission and wrapper-validation actions provided under gradle/actions.
This release is available under the v4 tag.

Major changes from the v3 release

The arguments parameter has been removed

Using the action to execute Gradle via the arguments parameter was deprecated in v3 and this parameter has been removed.
See here for more details.

Cache cleanup enabled by default

After a number of fixes and improvements, this release enables cache-cleanup by default for all Jobs using the setup-gradle and dependency-submission actions.

Improvements and bugfixes related cache cleanup:

• By default, cache cleanup is not run if any Gradle build fails (#​71)
• Cache cleanup is not run after configuration-cache reuse (#​19)

This feature should help to minimize the size of entries written to the GitHub Actions cache, speeding up builds and reducing cache usage.

Wrapper validation enabled by default

In v3, the setup-gradle action was enhanced to support Gradle wrapper validation, removing the need to use a separate workflow
file with the gradle/actions/wrapper-validation action.

With this release, wrapper validation has been significantly improved, and is now enabled by default (#​12):

• The allow-snapshot-wrappers makes it possible to validate snapshot wrapper jars using setup-gradle.
• Checksums for nightly and snapshot Gradle versions are now validated (#​281).
• Valid wrapper checksums are cached in Gradle User Home, reducing the need to retrieve checksum values remotely (#​172).
• Reduce network calls in wrapper-validation for new Gradle versions: By only fetching wrapper checksums for Gradle versions that were not known when this action was released, this release reduces the likelihood that a network failure could cause failure in wrapper validation (#​171)
• Improved error message when wrapper-validation finds no wrapper jars (#​284)

Wrapper validation is important for supply-chain integrity. Enabling this feature by default will increase the coverage of wrapper
validation on projects using GitHub Actions.

New input parameters for Dependency Graph generation

Some dependency-graph inputs that could previously only be configured via environment variables now have dedicated action inputs:

• dependency-graph-report-dir: sets the location where dependency-graph reports will be generated
• dependency-graph-exclude-projects and dependency-graph-include-projects: select which Gradle projects will contribute to the generated dependency graph.
• dependency-graph-exclude-configurations and dependency-graph-include-configurations: select which Gradle configurations will contribute to the generated dependency graph.

Other improvements

• In Job summary, the action now provides an explanation when cache is set to read-only or disabled (#​255)
• When setup-gradle requests a specific Gradle version, the action will no longer download and install that version if it is already available on the PATH of the runner (#​270)
• To attempt to speed up builds, the setup-gradle and dependency-submission actions now attempt to use the D: drive for Gradle User Home if it is available (#​290)

Deprecations and breaking changes

• The gradle-home-cache-cleanup input parameter has been deprecated and replaced by cache-cleanup
• The undocumented dependency-graph: clear parameter has been removed without replacement
• The following parameters deprecated in v3 have been removed:
  • arguments
  • build-scan-terms-of-service-url and build-scan-terms-of-service-agree

Changelog

• Only fetch checksums for unknown wrapper versions by @​bigdaz in https://github.com/gradle/actions/pull/292
• Isolate 'dependency-submission' action from 'setup-gradle' by @​bigdaz in https://github.com/gradle/actions/pull/293
• Caching improvements by @​bigdaz in https://github.com/gradle/actions/pull/294
• Config cache cleanup by @​bigdaz in https://github.com/gradle/actions/pull/295
• Delete excluded paths on restore Gradle Home by @​bigdaz in https://github.com/gradle/actions/pull/298
• Use faster D: drive on windows for Gradle User Home and Gradle downloads by @​bigdaz in https://github.com/gradle/actions/pull/299
• Always set the GRADLE_USER_HOME env var by @​bigdaz in https://github.com/gradle/actions/pull/300
• Fix windows by @​bigdaz in https://github.com/gradle/actions/pull/302
• Use pre-installed Gradle when available by @​bigdaz in https://github.com/gradle/actions/pull/301
• Prepare for v4 release by @​bigdaz in https://github.com/gradle/actions/pull/303
• Include RUNNER_ARCH in cache key by @​bigdaz in https://github.com/gradle/actions/pull/305
• Introduce dependency graph params by @​bigdaz in https://github.com/gradle/actions/pull/304
• Finish enabling cache-cleanup by default by @​bigdaz in https://github.com/gradle/actions/pull/306
• Bump references to Develocity Gradle plugin from 3.17.5 to 3.17.6 by @​bot-githubaction in https://github.com/gradle/actions/pull/315
• Group cache-cleanup log messages by @​bigdaz in https://github.com/gradle/actions/pull/319
• Enable wrapper-validation by default in setup-gradle by @​bigdaz in https://github.com/gradle/actions/pull/318
• Improve error messages for min-wrapper-count by @​bigdaz in https://github.com/gradle/actions/pull/321

Full Changelog: gradle/actions@v3.5.0...v4.0.0

---

• If you want to rebase/retry this PR, check this box

---

🔕 Ignore: Close this PR and you won't be reminded about these updates again.