actions/gradle
1
0
Fork 0
mirror of https://github.com/gradle/actions.git synced 2026-04-19 18:12:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,709 Commits 7 Branches 116 Tags
b1155b846eca50aeca27903b9e4646abd23dbc5c
Commit Graph

1709 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
daz ce25fde741 Add workflow to combine wrapperbot PRs 2024-12-11 09:07:09 -07:00
dependabot[bot] 1c71d2134f Bump the github-actions group across 1 directory with 2 updates 
Bumps the github-actions group with 2 updates in the / directory: [tj-actions/changed-files](https://github.com/tj-actions/changed-files) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `tj-actions/changed-files` from 45.0.4 to 45.0.5
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/4edd678ac3f81e2dc578756871e4d00c19191daf...bab30c2299617f6615ec02a68b9a40d10bd21366)

Updates `github/codeql-action` from 3.27.4 to 3.27.7
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...babb554ede22fd5605947329c4d04d8e7a0b8155)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-11 14:52:10 +00:00
Daz DeBoer 35af9b8791 Simplify Dependabot config using 'directories' 2024-12-11 07:50:05 -07:00
Daz DeBoer 375738a38b Add link to GitHub docs 2024-12-10 10:50:29 -07:00
Sebastian Dyroff 00781cbaae Fix typo in documentation 2024-12-09 08:41:16 -07:00
bigdaz 2894ab49ef Update known wrapper checksums 2024-11-23 05:31:40 +00:00
dependabot[bot] 4ba34e96c5 Bump gradle/actions from 4.2.0 to 4.2.1 in the github-actions group 
Bumps the github-actions group with 1 update: [gradle/actions](https://github.com/gradle/actions).


Updates `gradle/actions` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](https://github.com/gradle/actions/compare/473878a77f1b98e2b5ac4af93489d1656a80a5ed...cc4fc85e6b35bafd578d5ffbc76a5518407e1af0)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-19 09:53:32 -07:00
dependabot[bot] e29bc6725a Bump cross-spawn in /sources 
Bumps  and [cross-spawn](https://github.com/moxystudio/node-cross-spawn). These dependencies needed to be updated together.

Updates `cross-spawn` from 7.0.3 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6)

Updates `cross-spawn` from 6.0.5 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6)

---
updated-dependencies:
- dependency-name: cross-spawn
  dependency-type: indirect
- dependency-name: cross-spawn
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-19 09:53:22 -07:00
dependabot[bot] cc4fc85e6b Bump @vercel/ncc in /sources in the npm-dependencies group 
Bumps the npm-dependencies group in /sources with 1 update: [@vercel/ncc](https://github.com/vercel/ncc).


Updates `@vercel/ncc` from 0.38.2 to 0.38.3
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.38.2...0.38.3)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
v4.2.1 		2024-11-18 10:36:18 -07:00
dependabot[bot] e6a814661a Bump the github-actions group with 3 updates 
Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/checkout` from 4.1.7 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.7...11bd71901bbe5b1630ceea73d27597364c9af683)

Updates `github/codeql-action` from 3.26.6 to 3.27.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.26.6...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f)

Updates `actions/upload-artifact` from 4.4.0 to 4.4.3
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/50769540e7f4bd5e21e526ee35c689e35e0d6874...b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-18 10:35:58 -07:00
daz e55599fc4d Adapt build-result-capture script for GE plugin 3.17+ 
The build-result-capture.init.gradle script was making some assumptions about
extensions and plugin application that do not apply with the newest GE plugin.

Fixes #449
 2024-11-17 07:26:28 -07:00
bigdaz d85b0068a7 [bot] Update dist directory 2024-11-16 20:53:42 +00:00
Daz DeBoer a09a3104fe Develocity injection fixes (#448) 2024-11-16 13:52:38 -07:00
daz 333e9d9750 Do not ignore input parameters when build-scan-publish is enabled 
Fixes #447
 2024-11-15 14:35:41 -07:00
daz 2aa49bf6a9 Set the correct env var for develocity-ccud-plugin-version 
Fixes #446
 2024-11-15 14:31:56 -07:00
daz 9ab6ee6757 Bump to version 2.0.2 of CCUDGP 2024-11-15 14:10:13 -07:00
Daz DeBoer fb5165dcd4 Add note about cache-encryption-key being required 2024-11-14 21:09:29 -07:00
daz 0e27ea7e6c Improve local development script 
- Avoid running `npm install` on every execution
- Add a separate `install` task that runs `npm clean-install`
 2024-11-14 17:00:58 -07:00
daz f4845d289c Use npm clean-install 2024-11-14 16:36:23 -07:00
bigdaz 094f2191c5 [bot] Update dist directory 2024-11-14 22:45:12 +00:00
Daz DeBoer 83709b49fe Fix checksum test by reducing network calls (#444) 
This test was originally starting with an empty set of checksums,
leading to the download of a checksum for every released and snapshot
version. This resulted in in sporadic test failures.

We now start with a known set of checksums and ensure that those that
are missing are downloaded. This involved some refactoring and
improvement in the way snapshot checksums are processed.
 2024-11-14 15:44:07 -07:00
Daz DeBoer 5f21a9bb99 Bump Gradle from 8.10.2 to 8.11 (#443) 
Co-authored-by: bot-githubaction <bot-githubaction@gradle.com>
 2024-11-14 13:48:42 -07:00
Daz DeBoer 52ee405746 Run CodeQL on all commits 2024-11-14 13:44:22 -07:00
Daz DeBoer 7f20d0bf71 Pin versions for GitHub Actions (#442) 2024-11-14 13:24:19 -07:00
daz b6bc8c2f17 Pin gradle/actions versions 2024-11-14 13:05:02 -07:00
daz b12c3a65f2 Pin version of 3rd party actions 2024-11-14 12:35:29 -07:00
daz d191577859 Pin actions/setup-node@v4 2024-11-14 12:23:02 -07:00
daz e726a12472 Pin actions/setup-java@v4 2024-11-14 12:21:03 -07:00
daz d30cc9ecf2 Pin actions/checkout@v4 2024-11-14 12:19:48 -07:00
daz d0efa7b0e7 Avoid duplicate actions/setup-java 2024-11-14 12:12:54 -07:00
daz 8422a6a674 Avoid running workflow on forks 2024-11-14 11:44:20 -07:00
daz 19ff74e0a6 Revert "Disable uploading OSSF scorecard to GitHub Security" 
This reverts commit 1e2142185e.
 2024-11-14 11:31:03 -07:00
bigdaz e03a1f068e [bot] Update dist directory 2024-11-14 16:27:59 +00:00
bot-githubaction 084b95f65a Bump references to Develocity Gradle plugin from 3.18.1 to 3.18.2 2024-11-14 09:26:53 -07:00
Daz DeBoer 1e2142185e Disable uploading OSSF scorecard to GitHub Security 2024-11-13 19:11:45 -07:00
Daz DeBoer 07e0f1c008 Limit token permissions in GitHub workflows (#440) 
See
https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions
 2024-11-13 19:01:45 -07:00
daz af45dcfe3c Add wrapper-validation workflow 
Although we run `setup-gradle` with all/most wrapper files, this global
workflow will ensure that all wrapper files in the repo are valid.
(This should help with the OSSF scorecard)
 2024-11-13 18:46:57 -07:00
daz d8b3a9fb11 Rename OSSF scorecard workflow 2024-11-13 18:46:51 -07:00
nitrocode 9e8f2bcf56 docs: add badge 2024-11-13 16:37:41 -07:00
nitrocode 5ac3e361a2 ci: add scorecard 2024-11-13 16:37:41 -07:00
bigdaz 4a0951b3dc [bot] Update dist directory 2024-11-12 18:29:16 +00:00
daz 48353a25ca Do not fail wrapper-validation on filename with illegal characters 2024-11-12 11:28:09 -07:00
bigdaz 473878a77f [bot] Update dist directory v4.2.0 2024-11-12 03:55:37 +00:00
daz f22ac61fd1 Use Gradle 8.11 as the minimum version for cache-cleanup 
The cache-cleanup API has changed, so the init-script that worked with
Gradle 8.9 no longer works with 8.11.
We now provision and use Gradle 8.11 for cache cleanup.

This provides a band-aid fix for #417 but that issue will still impact
any build configured to run with Gradle > 8.11
 2024-11-11 20:54:29 -07:00
daz 4ec844e551 npm audit fix 2024-11-11 20:54:29 -07:00
bigdaz 24ca383271 [bot] Update dist directory 2024-11-11 19:51:02 +00:00
Daz DeBoer 4ca2d5d749 Dependency updates (#429) 2024-11-11 12:49:55 -07:00
daz f31476bde2 Update test for real-world data 
This test assumed that at least one 'snapshot' wrapper checksum was unique,
and not contained in the set of wrapper checksums for released distributions.
This is no longer the case, so the assumption has been modified.
 2024-11-11 12:18:11 -07:00
bigdaz c345cfbe93 Update known wrapper checksums 2024-11-11 12:18:11 -07:00
dependabot[bot] b526f6673b Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile 
Bumps [com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary) from 2.18.0 to 2.18.1.
- [Commits](https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.18.0...jackson-dataformats-binary-2.18.1)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-smile
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-11 12:18:11 -07:00