Rework docs for Develocity support

Fixes #339

.github/dependabot.yml

@@ -47,40 +47,40 @@ updates:
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/groovy-dsl"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/java-toolchain"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/kotlin-dsl"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/no-wrapper"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/no-wrapper-gradle-5"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: "sources/test/init-scripts"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"

.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/groovy-dsl/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18"
     id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.1"
 }
 

.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/kotlin-dsl/build.gradle.kts

@@ -8,9 +8,9 @@ repositories {
 
 dependencies {
     api("org.apache.commons:commons-math3:3.6.1")
-    implementation("com.google.guava:guava:33.2.1-jre")
+    implementation("com.google.guava:guava:33.3.0-jre")
 
-    testImplementation("org.junit.jupiter:junit-jupiter:5.10.3")
+    testImplementation("org.junit.jupiter:junit-jupiter:5.11.0")
 }
 
 tasks.test {

.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/kotlin-dsl/settings.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id("com.gradle.develocity") version "3.17.6"
+    id("com.gradle.develocity") version "3.18"
     id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
 }
 

.github/workflow-samples/no-wrapper-gradle-5/build.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6" 
+    id "com.gradle.develocity" version "3.18" 
 }
 
 develocity {

.github/workflow-samples/no-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18"
 }
 
 develocity {

.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/non-executable-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18"
 }
 
 develocity {

.github/workflows/ci-init-script-check.yml

@@ -26,7 +26,9 @@ jobs:
         distribution: temurin
         java-version: 11
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3 # Use a released version to avoid breakages
+      uses: gradle/actions/setup-gradle@v4 # Use a released version to avoid breakages
+      env:
+        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
     - name: Run integration tests
       working-directory: sources/test/init-scripts
       run: ./gradlew check

.github/workflows/ci-integ-test-full.yml

@@ -10,7 +10,7 @@ permissions:
   contents: write
 
 concurrency:
-  group: integ-test-${{ github.ref }}
+  group: integ-test
   cancel-in-progress: false
 
 jobs:

.github/workflows/ci-integ-test.yml

@@ -15,7 +15,7 @@ permissions:
   contents: write
 
 concurrency:
-  group: integ-test-${{ github.ref }}
+  group: integ-test
   cancel-in-progress: false
 
 jobs:

.github/workflows/integ-test-cache-cleanup.yml

@@ -21,6 +21,7 @@ env:
 jobs:
   cache-cleanup-full-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -43,6 +44,7 @@ jobs:
   cache-cleanup-assemble-build:
     needs: cache-cleanup-full-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -65,6 +67,7 @@ jobs:
   cache-cleanup-check-clean-cache:
     needs: cache-cleanup-assemble-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-caching-config.yml

@@ -20,6 +20,7 @@ env:
 jobs:
   caching-config-seed-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -50,6 +51,7 @@ jobs:
   caching-config-verify-build:
     needs: caching-config-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -78,6 +80,7 @@ jobs:
   # Test that build scans are captured when caching is explicitly disabled
   caching-config-cache-disabled:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -132,6 +135,7 @@ jobs:
     env:
       GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: caching-config-write-only-${{ inputs.cache-key-prefix }}
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -155,6 +159,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: caching-config-write-only-${{ inputs.cache-key-prefix }}
     needs: caching-config-seed-write-only
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-dependency-graph.yml

@@ -23,11 +23,7 @@ env:
 
 jobs:
   dependency-graph-groovy-upload:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
+    runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
       uses: actions/checkout@v4
@@ -59,11 +55,7 @@ jobs:
         DEPENDENCY_GRAPH_DOWNLOAD_ARTIFACT_NAME: groovy-upload
 
   dependency-graph-kotlin-generate-and-submit:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
+    runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
       uses: actions/checkout@v4
@@ -79,11 +71,7 @@ jobs:
       working-directory: .github/workflow-samples/kotlin-dsl
 
   dependency-graph-multiple-builds:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
+    runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
       uses: actions/checkout@v4

.github/workflows/integ-test-dependency-submission.yml

@@ -24,6 +24,7 @@ env:
 jobs:
   dependency-submission-groovy-generate-and-upload:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -46,6 +47,7 @@ jobs:
   dependency-submission-groovy-restore-cache:
     needs: [dependency-submission-groovy-generate-and-upload]
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -67,6 +69,7 @@ jobs:
   dependency-submission-groovy-download-and-submit:
     needs: [dependency-submission-groovy-generate-and-upload]
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -86,6 +89,7 @@ jobs:
 
   dependency-submission-kotlin-generate-and-submit:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -103,6 +107,7 @@ jobs:
 
   dependency-submission-multiple-builds:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -148,6 +153,7 @@ jobs:
 
   dependency-submission-multiple-builds-upload:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -299,6 +305,7 @@ jobs:
 
   dependency-submission-custom-report-dir-submit:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-inject-develocity.yml

@@ -33,11 +33,11 @@ jobs:
       matrix:
         gradle: [current, 7.6.2, 6.9.4, 5.6.4]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.17.6]
+        plugin-version: [3.16.2, 3.18]
         include:
         - plugin-version: 3.16.2
           accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
-        - plugin-version: 3.17.6
+        - plugin-version: 3.18
           accessKeyEnv: DEVELOCITY_ACCESS_KEY
 
     runs-on: ${{ matrix.os }}
@@ -84,7 +84,7 @@ jobs:
       matrix:
         gradle: [current, 7.6.2, 6.9.4, 5.6.4]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.17.6]
+        plugin-version: [3.16.2, 3.18]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout sources
@@ -133,7 +133,7 @@ jobs:
       matrix:
         gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.17.6 ]
+        plugin-version: [ 3.16.2, 3.18 ]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
@@ -169,7 +169,7 @@ jobs:
       matrix:
         gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.17.6 ]
+        plugin-version: [ 3.16.2, 3.18 ]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout sources

.github/workflows/integ-test-provision-gradle-versions.yml

@@ -23,6 +23,7 @@ jobs:
   # Each build verifies that it is executed with the expected Gradle version.
   provision-gradle:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -74,7 +75,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        gradle: [8.9, 8.8, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1] # 8.8 is the latest installed on windows runners
+        gradle: ["8.10", 8.9, 8.1, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1]
         os: ${{fromJSON(inputs.runner-os)}}
         include:
           - java-version: 11

.github/workflows/integ-test-restore-configuration-cache.yml

@@ -25,6 +25,7 @@ jobs:
     env:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-groovy
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -57,6 +58,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_1
     needs: restore-cc-seed-build-groovy
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -98,6 +100,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_2
     needs: restore-cc-verify-build-groovy
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -138,6 +141,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_x
     needs: restore-cc-seed-build-groovy
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -169,6 +173,7 @@ jobs:
     env:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-kotlin
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -201,6 +206,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_1
     needs: restore-cc-seed-build-kotlin
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -233,6 +239,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_2
     needs: restore-cc-modify-build-kotlin
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-restore-gradle-home.yml

@@ -21,6 +21,7 @@ env:
 jobs:
   restore-gradle-home-seed-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -43,6 +44,7 @@ jobs:
   restore-gradle-home-dependencies-cache:
     needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -65,6 +67,7 @@ jobs:
   restore-gradle-home-build-cache:
     needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -87,6 +90,7 @@ jobs:
   restore-gradle-home-no-extracted-cache-entries-restored:
     needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -111,6 +115,7 @@ jobs:
   restore-gradle-home-pre-existing-gradle-home:
     needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-restore-java-toolchain.yml

@@ -20,6 +20,7 @@ env:
 jobs:
   restore-java-toolchain-seed-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -42,6 +43,7 @@ jobs:
   restore-java-toolchain-verify-build:
     needs: restore-java-toolchain-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-sample-gradle-plugin.yml

@@ -20,6 +20,7 @@ env:
 jobs:
   sample-gradle-plugin-seed-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -41,6 +42,7 @@ jobs:
   sample-gradle-plugin-verify-build:
     needs: sample-gradle-plugin-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-sample-kotlin-dsl.yml

@@ -20,6 +20,7 @@ env:
 jobs:
   sample-kotlin-dsl-seed-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -41,6 +42,7 @@ jobs:
   sample-kotlin-dsl-verify-build:
     needs: sample-kotlin-dsl-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

README.md

@@ -30,7 +30,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
     - name: Build with Gradle
       run: ./gradlew build
 ```
@@ -68,7 +68,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 ```
 
 See the [full action documentation](docs/dependency-submission.md) for more advanced usage scenarios.
@@ -79,6 +79,9 @@ The `wrapper-validation` action validates the checksums of _all_ [Gradle Wrapper
 
 The action should be run in the root of the repository, as it will recursively search for any files named `gradle-wrapper.jar`.
 
+Starting with v4 the `setup-gradle` action will [perform wrapper validation](docs/setup-gradle.md#gradle-wrapper-validation) on each execution.
+If you are using `setup-gradle` in your workflows, it is unlikely that you will need to use the `wrapper-validation` action.
+
 ### Example workflow
 
 ```yaml
@@ -94,7 +97,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v3
+      - uses: gradle/actions/wrapper-validation@v4
 ```
 
 See the [full action documentation](docs/wrapper-validation.md) for more advanced usage scenarios.

RELEASING.md

@@ -5,58 +5,27 @@
 - Check that https://github.com/gradle/actions/actions is green for all workflows for the main branch.
   - This should include any workflows triggered by `[bot] Update dist directory`
 - Decide on the version number to use for the release. The action releases should follow semantic versioning.
-  - By default, a patch release is assumed (eg. `3.0.0` → `3.0.1`)
-  - If new features have been added, bump the minor version (eg `3.1.1` → `3.2.0`)
-  - If a new major release is required, bump the major version (eg `3.1.1` → `4.0.0`)
+  - By default, a patch release is assumed (eg. `4.0.0` → `4.0.1`)
+  - If new features have been added, bump the minor version (eg `4.1.1` → `4.2.0`)
+  - If a new major release is required, bump the major version (eg `4.1.1` → `5.0.0`)
   - Note: The gradle actions follow the GitHub Actions convention of including a .0 patch number for the first release of a minor version, unlike the Gradle convention which omits the trailing .0.
 
 ## Release gradle/actions
-- Create a tag for the release. The tag should have the format `v3.1.0`
-  - From CLI: `git tag v3.1.0 && git push --tags`
+- Create a tag for the release. The tag should have the format `v4.1.0`
+  - From CLI: `git tag v4.1.0 && git push --tags`
 - Go to https://github.com/gradle/actions/releases and "Draft new release"
   - Use the newly created tag and copy the tag name exactly as the release title.
   - Craft release notes content based on issues closed, PRs merged and commits
   - Include a Full changelog link in the format https://github.com/gradle/actions/compare/v2.12.0...v3.0.0
 - Publish the release.
-- Force push the `v3` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
-  - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
+- Force push the `v4` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
+  - From CLI: `git tag -f -a -m "v4.0.0" v4 v4.0.0 && git push -f --tags`
   - Note that we set the commit message for the tag to the newly released version.
 
-## Release gradle/gradle-build-action
-
-During the 3.x release series, we will continue to publish parallel releases of `gradle/gradle-build-action`. These releases will simply delegate to `gradle/actions/setup-gradle` with the same version.
-
-- Update the [gradle-build-action action.yml](https://github.com/gradle/gradle-build-action/blob/main/action.yml#L162) file to point to the newly released version of `gradle/actions/setup-gradle`.
-- Ensure that any parameters that have been added to the setup-gradle action are added to the gradle-build-action definition, and that these are passed on to setup-gradle.
-- Create and push a tag for the release.
-  - From CLI: `git tag v3.1.0 && git push --tags`
-- Go to https://github.com/gradle/gradle-build-action/releases and "Draft new release"
-  - Use the newly created tag and copy the tag name exactly as the release title.
-  - In the release notes, point users to the gradle/actions release. Include a header informing users to switch to `gradle/actions/setup-gradle`.
-- Publish the release.
-- Force push the `v3` tag (or current major version) to point to the new release.
-  - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
-
-## Release gradle/wrapper-validation-action
-
-During the 3.x release series, we will continue to publish parallel releases of `gradle/wrapper-validation-action`. These releases will simply delegate to `gradle/actions/wrapper-validation` with the same version.
-
-- Update the [wrapper-validation-action action.yml](https://github.com/gradle/wrapper-validation-action/blob/main/action.yml#L162) file to point to the newly released version of `gradle/actions/wrapper-validation`.
-- Ensure that any parameters that have been added to the `wrapper-validation` action (if any) are added to the action definition, and that these are passed on to setup-gradle.
-- Create and push a tag for the release.
-  - From CLI: `git tag v3.1.0 && git push --tags`
-- Go to https://github.com/gradle/wrapper-validation-action/releases and "Draft new release"
-  - Use the newly created tag and copy the tag name exactly as the release title.
-  - In the release notes, point users to the gradle/actions release. Include a header informing users to switch to `gradle/actions/wrapper-validation`.
-- Publish the release.
-- Force push the `v3` tag (or current major version) to point to the new release.
-  - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
-
 ## Post release steps
 
 Submit PRs to update the GitHub starter workflow. Starter workflows contain content that should reference the Git hash of the current gradle/actions release:
-https://github.com/actions/starter-workflows has [gradle](https://github.com/actions/starter-workflows/blob/main/ci/gradle.yml) and [gradle-publish](https://github.com/actions/starter-workflows/blob/main/ci/gradle-publish.yml): see [the v2.1.4 update PR](https://github.com/actions/starter-workflows/pull/1489) for an example.
+https://github.com/actions/starter-workflows has [gradle](https://github.com/actions/starter-workflows/blob/main/ci/gradle.yml) and [gradle-publish](https://github.com/actions/starter-workflows/blob/main/ci/gradle-publish.yml): see [the v4.0.0 update PR](https://github.com/actions/starter-workflows/pull/2468) for an example.
 
 Submit PRs to update the GitHub documentation. The documentation contains content that should reference the Git hash of the current gradle/actions release:
-https://github.com/github/docs has [building-and-testing-java-with-gradle](https://github.com/github/docs/blob/main/content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md) and [publishing-java-packages-with-gradle](https://github.com/github/docs/blob/main/content/actions/publishing-packages/publishing-java-packages-with-gradle.md) : see [the v2.1.4 update PR](https://github.com/github/docs/pull/16392) for an example.
-
+https://github.com/github/docs has [building-and-testing-java-with-gradle](https://github.com/github/docs/blob/main/content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md) and [publishing-java-packages-with-gradle](https://github.com/github/docs/blob/main/content/actions/publishing-packages/publishing-java-packages-with-gradle.md) : see [the v4.0.0 update PR](https://github.com/github/docs/pull/34239) for an example.

dependency-submission/README.md

@@ -29,7 +29,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 ```
 
 See the [full action documentation](../docs/dependency-submission.md) for more advanced usage scenarios.

dependency-submission/action.yml

@@ -60,7 +60,8 @@ inputs:
   cache-cleanup:
     description: |
       Specifies if the action should attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
-      By default, no cleanup is performed. It can be configured to run every time, or only when all Gradle builds succeed for the Job. 
+      By default ('on-success'), cleanup is performed when all Gradle builds succeed for the Job. 
+      This behaviour can be disabled ('never'), or configured to always run irrespective of the build outcome ('always').
       Valid values are 'never', 'on-success' and 'always'.
     required: false
     default: 'on-success'

docs/dependency-submission.md

@@ -43,7 +43,7 @@ jobs:
         java-version: 17
 
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 ```
 
 ### Gradle execution
@@ -68,7 +68,7 @@ Three input parameters are required, one to enable publishing and two more to ac
 
 ```yaml
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
       with:
         build-scan-publish: true
         build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
@@ -83,7 +83,7 @@ In some cases, the default action configuration will not be sufficient, and addi
 
 ```yaml
     - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
       with:
         # Use a particular Gradle version instead of the configured wrapper.
         gradle-version: 8.6
@@ -273,7 +273,7 @@ For example, if you want to exclude dependencies resolved by the `buildSrc` proj
 
 ```yaml
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
       with:
         # Exclude all dependencies that originate solely in the 'buildSrc' project
         dependency-graph-exclude-projets: ':buildSrc'
@@ -317,10 +317,10 @@ jobs:
         java-version: 17
 
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 
     - name: Perform dependency review
-      uses: actions/dependency-review-action@v3
+      uses: actions/dependency-review-action@v4
 ```
 
 ## Usage with pull requests from public forked repositories
@@ -353,7 +353,7 @@ jobs:
         java-version: 17
 
     - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
       with:
         dependency-graph: generate-and-upload
 ```
@@ -376,7 +376,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Download and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
       with:
         dependency-graph: download-and-submit # Download saved dependency-graph and submit
 ```
@@ -403,7 +403,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: 'Dependency Review'
-      uses: actions/dependency-review-action@v3
+      uses: actions/dependency-review-action@v4
       with:
         retry-on-snapshot-warnings: true
         retry-on-snapshot-warnings-timeout: 600

docs/deprecation-upgrade-guide.md

@@ -20,7 +20,7 @@ To convert your workflows, simply replace:
 ```
 with
 ```
-    uses: gradle/actions/setup-gradle@v3
+    uses: gradle/actions/setup-gradle@v4
 ```
 
 ## The action `gradle/wrapper-validation-action` has been replaced by `gradle/actions/wrapper-validation`
@@ -40,7 +40,7 @@ To convert your workflows, simply replace:
 ```
 with
 ```
-    uses: gradle/actions/wrapper-validation@v3
+    uses: gradle/actions/wrapper-validation@v4
 ```
 
 ## Using the action to execute Gradle via the `arguments` parameter is deprecated
@@ -82,7 +82,7 @@ The exact syntax depends on whether or not your project is configured with the [
 
 ```
 - name: Setup Gradle
-  uses: gradle/actions/setup-gradle@v3
+  uses: gradle/actions/setup-gradle@v4
 
 - name: Assemble the project
   run: ./gradlew assemble
@@ -99,9 +99,9 @@ The exact syntax depends on whether or not your project is configured with the [
 
 ```
 - name: Setup Gradle for a non-wrapper project
-  uses: gradle/actions/setup-gradle@v3
+  uses: gradle/actions/setup-gradle@v4
   with:
-    gradle-version: 8.9
+    gradle-version: "8.10"
 
 - name: Assemble the project
   run: gradle assemble

docs/setup-gradle.md

@@ -45,7 +45,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
 
     - name: Execute Gradle build
       run: ./gradlew build
@@ -57,11 +57,11 @@ The `setup-gradle` action can download and install a specified Gradle version, a
 Downloaded Gradle versions are stored in the GitHub Actions cache, to avoid having to download them again later.
 
 ```yaml
- - name: Setup Gradle 8.5
-   uses: gradle/actions/setup-gradle@v3
+ - name: Setup Gradle 8.10
+   uses: gradle/actions/setup-gradle@v4
    with:
-     gradle-version: 8.5
-  - name: Build with Gradle 8.5
+     gradle-version: "8.10" # Quotes required to prevent YAML converting to number
+  - name: Build with Gradle 8.10
     run: gradle build
 ```
 
@@ -96,7 +96,7 @@ jobs:
         distribution: temurin
         java-version: 17
 
-    - uses: gradle/actions/setup-gradle@v3
+    - uses: gradle/actions/setup-gradle@v4
       id: setup-gradle
       with:
         gradle-version: release-candidate
@@ -213,7 +213,7 @@ jobs:
         distribution: temurin
         java-version: 17
 
-    - uses: gradle/actions/setup-gradle@v3
+    - uses: gradle/actions/setup-gradle@v4
       with:
         gradle-version: 8.6
         cache-encryption-key: ${{ secrets.GradleEncryptionKey }}
@@ -455,7 +455,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         add-job-summary-as-pr-comment: on-failure # Valid values are 'never' (default), 'always', and 'on-failure'
 
@@ -492,13 +492,13 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
 
     - name: Run build with Gradle wrapper
       run: ./gradlew build --scan
 
     - name: Upload build reports
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: always()
       with:
         name: build-reports
@@ -523,7 +523,7 @@ If you do not want wrapper-validation to occur automatically, you can disable it
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         validate-wrappers: false
 ```
@@ -535,7 +535,7 @@ These are not allowed by default.
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         validate-wrappers: true
         allow-snapshot-wrappers: true
@@ -600,7 +600,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         dependency-graph: generate-and-submit
     - name: Run the usual CI build (dependency-graph will be generated and submitted post-job)
@@ -627,7 +627,7 @@ graph cannot be generated or submitted. You can enable this behavior with the `d
 
 ```yaml
 # Ensure that the workflow Job will fail if the dependency graph cannot be submitted
-- uses: gradle/actions/setup-gradle@v3
+- uses: gradle/actions/setup-gradle@v4
   with:
     dependency-graph: generate-and-submit
     dependency-graph-continue-on-failure: false
@@ -652,7 +652,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         dependency-graph: generate-and-submit
     - name: Run a build, resolving the 'dependency-graph' plugin from the plugin portal proxy
@@ -682,7 +682,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         dependency-graph: generate-and-submit
     - name: Build the app, generating a graph of dependencies required
@@ -718,20 +718,96 @@ To reduce storage costs for these artifacts, you can set the `artifact-retention
 
 ```yaml
     - name: Generate dependency graph, but only retain artifact for one day
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         dependency-graph: generate
         artifact-retention-days: 1
 ```
 
-# Develocity plugin injection
+# Develocity Build Scan® integration
 
-The `setup-gradle` action provides support for injecting and configuring the Develocity Gradle plugin into any Gradle build, without any modification to the project sources.
-This is achieved via an init-script installed into Gradle User Home, which is enabled and parameterized via environment variables.
+Publishing a Develocity Build Scan can be very helpful for Gradle builds run on GitHub Actions. Each Build Scan provides a
+detailed report of the execution of the build, including which tasks were executed and the results of any test execution.
+
+The `setup-gradle` plugin provides a number of features to enable and enhance publishing Build Scans® to a Develocity instance.
+
+## Publishing to scans.gradle.com
+
+If you don't have a a private Develocity instance, you can easily publish Build Scans to the 
+free, public Develocity instance (https://scans.gradle.com).
+
+To publish to https://scans.gradle.com, you must specify in your workflow that you accept the [Gradle Terms of Use](https://gradle.com/help/legal-terms-of-use).
+
+```yaml
+    - name: Setup Gradle to publish build scans
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        build-scan-publish: true
+        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
+        build-scan-terms-of-use-agree: "yes"
+
+    - name: Run a Gradle build - a build scan will be published automatically
+      run: ./gradlew build
+```
+
+## Managing Develocity access keys
+
+Develocity access keys are long-lived, creating risks if they are leaked. To mitigate this risk this, 
+the `setup-gradle` action can automatically attempt to obtain a short-lived access token to authenticate with Develocity. 
+The short-lived access token will then be used wherever a Develocity access key is required.
+
+```yaml
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }} # Long-lived access key, visiblility is restricted to this step.
+
+    # Subsequent steps will automatically use a short-lived access token to authenticate with Develocity
+    - name: Run a Gradle build that is configured to publish to Develocity.
+      run: ./gradlew build
+```
+
+### Develocity access key supplied as environment variable
+
+The preferred mechanism is to supply the long-lived Develocity access key directly to `setup-gradle` via 
+the `develocity-access-key` input variable. However, the action will also detect an access key configured as an environment variable,
+such as `DEVELOCITY_ACCESS_KEY` or `GRADLE_ENTERPRISE_ACCESS_KEY`. In this case, the environment variable value will be replaced by 
+a short-lived access token, thus hiding the long-lived access key from subsequent steps.
+
+```yaml
+env:
+  DEVELOCITY_ACCESS_KEY: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
+
+jobs:
+  build-with-gradle:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4
+
+    # The build will automatically use a short-lived access token to authenticate with Develocity
+    - name: Run a Gradle build that is configured to publish to Develocity.
+      run: ./gradlew build
+```
+
+### Failure to obtain a short-lived access token
+
+If a short-lived token cannot be retrieved (for example, if the Develocity server version is lower than `2024.1`):
+ - If the access key is provided via `develocity-access-key`, then no access token is set and authentication with Develocity will not succeed.
+ - If the access key is provided via an environment variable, a warning will be logged and the environment variable will be left as-is. 
+   This can result in long-lived access keys being unintentionally exposed to other workflow steps.
+For more information on short-lived tokens, see [Develocity API documentation](https://docs.gradle.com/develocity/api-manual/#short_lived_access_tokens).
+
+## Develocity plugin injection
+
+The `setup-gradle` action provides support for transparently injecting and configuring the Develocity Gradle plugin into any Gradle build, 
+without any modification to the project sources. This allows Build Scans to be published for a repository without any changes to the project sources.
+
+Develocity injection is achieved via an init-script installed into Gradle User Home, which is enabled and parameterized via environment variables.
 
 The same auto-injection behavior is available for the Common Custom User Data Gradle plugin, which enriches any build scans published with additional useful information.
 
-## Enabling Develocity injection
+### Enabling Develocity injection
 
 To enable Develocity injection for your build, you must provide the required configuration via inputs.
 
@@ -739,7 +815,7 @@ Here's a minimal example:
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         develocity-injection-enabled: true
         develocity-url: https://develocity.your-server.com
@@ -749,14 +825,14 @@ Here's a minimal example:
       run: ./gradlew build
 ```
 
-This configuration will automatically apply `v3.17.6` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+This configuration will automatically apply `v3.18` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
 
 This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
 In the likely scenario that your Develocity server requires authentication, you will also need to pass a valid [Develocity access key](https://docs.gradle.com/develocity/gradle-plugin/#via_environment_variable) taken from a secret:
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
 
@@ -770,14 +846,7 @@ In the likely scenario that your Develocity server requires authentication, you
 
 This access key will be used during the action execution to get a short-lived token and set it to the DEVELOCITY_ACCESS_KEY environment variable.
 
-### Short-lived access tokens
-Develocity access keys are long-lived, creating risks if they are leaked. To avoid this, users can use short-lived access tokens to authenticate with Develocity. Access tokens can be used wherever an access key would be used. Access tokens are only valid for the Develocity instance that created them.
-If a short-lived token fails to be retrieved (for example, if the Develocity server version is lower than `2024.1`):
- - if a `GRADLE_ENTERPRISE_ACCESS_KEY` env var has been set, we're falling back to it with a deprecation warning
- - otherwise no access key env var will be set. In that case Develocity authenticated operations like build cache read/write and build scan publication will fail without failing the build.
-For more information on short-lived tokens, see [Develocity API documentation](https://docs.gradle.com/develocity/api-manual/#short_lived_access_tokens).
-
-## Configuring Develocity injection
+### Configuring Develocity injection
 
 The `init-script` supports several additional configuration parameters that you may find useful. All configuration options (required and optional) are detailed below:
 
@@ -814,33 +883,16 @@ Here's an example using the env vars:
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
 
     - name: Run a Gradle build with Develocity injection enabled with environment variables
       run: ./gradlew build
       env:
         DEVELOCITY_INJECTION_ENABLED: true
         DEVELOCITY_URL: https://develocity.your-server.com
-        DEVELOCITY_PLUGIN_VERSION: 3.17.6
-```
-
-## Publishing to scans.gradle.com
-
-Develocity injection is designed to enable the publishing of build scans to a Develocity instance,
-but is also useful for publishing to the public Build Scans instance (https://scans.gradle.com).
-
-To publish to https://scans.gradle.com, you must specify in your workflow that you accept the [Gradle Terms of Use](https://gradle.com/help/legal-terms-of-use).
-
-```yaml
-    - name: Setup Gradle to publish build scans
-      uses: gradle/actions/setup-gradle@v3
-      with:
-        build-scan-publish: true
-        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
-        build-scan-terms-of-use-agree: "yes"
-
-    - name: Run a Gradle build - a build scan will be published automatically
-      run: ./gradlew build
+        DEVELOCITY_ENFORCE_URL: true
+        DEVELOCITY_PLUGIN_VERSION: "3.18"
+        DEVELOCITY_CCUD_PLUGIN_VERSION: "2.0.2"
 ```
 
 # Dependency verification

docs/wrapper-validation.md

@@ -4,8 +4,11 @@ This action validates the checksums of _all_ [Gradle Wrapper](https://docs.gradl
 
 The action should be run in the root of the repository, as it will recursively search for any files named `gradle-wrapper.jar`.
 
-The `setup-gradle` action will perform wrapper validation on each execution. If you are using `setup-gradle` in your
-workflows, it is unlikely that you will need to use this action.
+> [!NOTE]
+> Starting with v4 the `setup-gradle` action will automatically [perform wrapper validation](../docs/setup-gradle.md#gradle-wrapper-validation)
+> on each execution.
+> 
+> If you are using `setup-gradle` in your workflows, it is unlikely that you will need to use the `wrapper-validation` action.
 
 ## The Gradle Wrapper Problem in Open Source
 
@@ -47,7 +50,7 @@ We created an example [Homoglyph attack PR here](https://github.com/JLLeitschuh/
 Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build:
 
 ```yaml
-uses: gradle/actions/wrapper-validation@v3
+uses: gradle/actions/wrapper-validation@v4
 ```
 
 This action step should precede any step using `gradle/gradle-build-action` or `gradle/actions/setup-gradle`.
@@ -70,7 +73,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v3
+      - uses: gradle/actions/wrapper-validation@v4
 ```
 
 ## Contributing to an external GitHub Repository

setup-gradle/README.md

@@ -26,7 +26,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
     - name: Build with Gradle
       run: ./gradlew build
 ```

setup-gradle/action.yml

@@ -43,7 +43,8 @@ inputs:
   cache-cleanup:
     description: |
       Specifies if the action should attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
-      By default, no cleanup is performed. It can be configured to run every time, or only when all Gradle builds succeed for the Job. 
+      By default ('on-success'), cleanup is performed when all Gradle builds succeed for the Job. 
+      This behaviour can be disabled ('never'), or configured to always run irrespective of the build outcome ('always').
       Valid values are 'never', 'on-success' and 'always'.
     required: false
     default: 'on-success'

sources/.tool-versions

@@ -1,3 +1,3 @@
 # Configuration file for asdf version manager
 nodejs 20.10.0
-gradle 8.9
+gradle 8.10

sources/package.json

@@ -32,41 +32,40 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@actions/artifact": "2.1.4",
+    "@actions/artifact": "2.1.9",
     "@actions/cache": "3.2.4",
     "@actions/core": "1.10.1",
     "@actions/exec": "1.1.1",
     "@actions/github": "6.0.0",
-    "@actions/glob": "0.4.0",
-    "@actions/http-client": "2.2.1",
+    "@actions/glob": "0.5.0",
+    "@actions/http-client": "2.2.2",
     "@actions/tool-cache": "2.0.1",
-    "@octokit/rest": "20.1.0",
-    "@octokit/webhooks-types": "7.5.0",
-    "cheerio": "^1.0.0-rc.12",
-    "semver": "7.6.0",
+    "@octokit/rest": "21.0.2",
+    "@octokit/webhooks-types": "7.5.1",
+    "cheerio": "^1.0.0",
+    "semver": "7.6.3",
     "string-argv": "0.3.2",
-    "typed-rest-client": "1.8.11",
+    "typed-rest-client": "2.0.2",
     "unhomoglyph": "1.0.6",
     "which": "4.0.0"
   },
   "devDependencies": {
     "@types/jest": "29.5.12",
-    "@types/node": "20.12.4",
-    "@types/unzipper": "0.10.9",
+    "@types/node": "20.16.1",
+    "@types/unzipper": "0.10.10",
     "@types/which": "3.0.4",
-    "@typescript-eslint/parser": "7.5.0",
+    "@typescript-eslint/parser": "7.18.0",
     "@vercel/ncc": "0.38.1",
     "eslint": "8.57.0",
-    "eslint-plugin-github": "4.10.2",
-    "eslint-plugin-jest": "27.9.0",
-    "eslint-plugin-prettier": "5.1.3",
+    "eslint-plugin-github": "5.0.1",
+    "eslint-plugin-jest": "28.8.0",
     "jest": "29.7.0",
     "js-yaml": "4.1.0",
     "nock": "13.5.4",
     "npm-run-all": "4.1.5",
     "patch-package": "8.0.0",
-    "prettier": "3.2.5",
-    "ts-jest": "29.1.2",
-    "typescript": "5.4.3"
+    "prettier": "3.3.3",
+    "ts-jest": "29.2.4",
+    "typescript": "5.5.4"
   }
 }

sources/src/develocity/build-scan.ts

@@ -7,7 +7,7 @@ export async function setup(config: BuildScanConfig): Promise<void> {
     maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions')
     if (config.getBuildScanPublishEnabled()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17.6')
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.18')
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0')
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())

sources/src/execution/provision.ts

@@ -197,7 +197,7 @@ async function findGradleVersionOnPath(versionInfo: GradleVersionInfo): Promise<
     const gradleExecutable = await which('gradle', {nothrow: true})
     if (gradleExecutable) {
         const output = await exec.getExecOutput(gradleExecutable, ['-v'], {silent: true})
-        if (output.stdout.includes(`Gradle ${versionInfo.version}`)) {
+        if (output.stdout.includes(`\nGradle ${versionInfo.version}\n`)) {
             return gradleExecutable
         }
     }

sources/src/job-summary.ts

@@ -43,7 +43,7 @@ export async function generateJobSummary(
 async function addPRComment(jobSummary: string): Promise<void> {
     const context = github.context
     if (context.payload.pull_request == null) {
-        core.info('No pull_request trigger: not adding PR comment')
+        core.info('No pull_request trigger detected: not adding PR comment')
         return
     }
 

sources/src/wrapper-validation/wrapper-checksums.json

@@ -1,4 +1,12 @@
 [
+  {
+    "version": "8.10",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.10-rc-1",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
   {
     "version": "8.9",
     "checksum": "498495120a03b9a6ab5d155f5de3c8f0d986a449153702fb80fc80e134484f17"

sources/test/init-scripts/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

sources/test/init-scripts/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18"
     id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.1"
 }
 

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy

@@ -16,25 +16,28 @@ import java.nio.file.Files
 import java.util.zip.GZIPOutputStream
 
 class BaseInitScriptTest extends Specification {
-    static final String DEVELOCITY_PLUGIN_VERSION = '3.17.6'
+    static final String DEVELOCITY_PLUGIN_VERSION = '3.18'
     static final String CCUD_PLUGIN_VERSION = '2.0.1'
 
     static final TestGradleVersion GRADLE_3_X = new TestGradleVersion(GradleVersion.version('3.5.1'), 7, 9)
     static final TestGradleVersion GRADLE_4_X = new TestGradleVersion(GradleVersion.version('4.10.3'), 7, 10)
     static final TestGradleVersion GRADLE_5_X = new TestGradleVersion(GradleVersion.version('5.6.4'), 8, 12)
+    static final TestGradleVersion GRADLE_6_0 = new TestGradleVersion(GradleVersion.version('6.0.1'), 8, 13)
     static final TestGradleVersion GRADLE_6_NO_BUILD_SERVICE = new TestGradleVersion(GradleVersion.version('6.5.1'), 8, 14)
     static final TestGradleVersion GRADLE_6_X = new TestGradleVersion(GradleVersion.version('6.9.4'), 8, 15)
-    static final TestGradleVersion GRADLE_7_1 = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
+    static final TestGradleVersion GRADLE_7_1 = new TestGradleVersion(GradleVersion.version('7.1.1'), 8, 16)
     static final TestGradleVersion GRADLE_7_X = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
     static final TestGradleVersion GRADLE_8_0 = new TestGradleVersion(GradleVersion.version('8.0.2'), 8, 19)
-    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.9'), 8, 22)
+    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.10'), 8, 23)
 
     static final List<TestGradleVersion> ALL_VERSIONS = [
         GRADLE_3_X, // First version where TestKit supports environment variables
         GRADLE_4_X,
         GRADLE_5_X,
+        GRADLE_6_0,
         GRADLE_6_NO_BUILD_SERVICE, // Last version without build service support
         GRADLE_6_X,
+        GRADLE_7_1,
         GRADLE_7_X,
         GRADLE_8_0,
         GRADLE_8_X,
@@ -44,7 +47,7 @@ class BaseInitScriptTest extends Specification {
         [GRADLE_7_X, GRADLE_8_0, GRADLE_8_X]
 
     static final List<TestGradleVersion> SETTINGS_PLUGIN_VERSIONS =
-        [GRADLE_6_X, GRADLE_7_X, GRADLE_8_0, GRADLE_8_X]
+        [GRADLE_6_X, GRADLE_7_1, GRADLE_7_X, GRADLE_8_0, GRADLE_8_X]
 
     static final String PUBLIC_BUILD_SCAN_ID = 'i2wepy2gr7ovw'
     static final String DEFAULT_SCAN_UPLOAD_TOKEN = 'scan-upload-token'

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestBuildResultRecorder.groovy

@@ -196,7 +196,7 @@ class TestBuildResultRecorder extends BaseInitScriptTest {
         when:
         settingsFile.text = """
             plugins {
-                id 'com.gradle.develocity' version '3.17.6' apply(false)
+                id 'com.gradle.develocity' version '3.18' apply(false)
             }
             gradle.settingsEvaluated {
                 apply plugin: 'com.gradle.develocity'

sources/test/jest/cache-cleanup.test.ts

@@ -53,7 +53,7 @@ test('will cleanup unused gradle versions', async () => {
     const transforms3 = path.resolve(gradleUserHome, "caches/transforms-3")
     const metadata100 = path.resolve(gradleUserHome, "caches/modules-2/metadata-2.100")
     const wrapper802 = path.resolve(gradleUserHome, "wrapper/dists/gradle-8.0.2-bin")
-    const gradleCurrent = path.resolve(gradleUserHome, "caches/8.9")
+    const gradleCurrent = path.resolve(gradleUserHome, "caches/8.10")
     const metadataCurrent = path.resolve(gradleUserHome, "caches/modules-2/metadata-2.106")
 
     expect(fs.existsSync(gradle802)).toBe(true)

wrapper-validation/README.md

@@ -4,6 +4,12 @@ The `wrapper-validation` action validates the checksums of _all_ [Gradle Wrapper
 
 The action should be run in the root of the repository, as it will recursively search for any files named `gradle-wrapper.jar`.
 
+> [!NOTE]
+> Starting with v4 the `setup-gradle` action will automatically [perform wrapper validation](../docs/setup-gradle.md#gradle-wrapper-validation)
+> on each execution.
+> 
+> If you are using `setup-gradle` in your workflows, it is unlikely that you will need to use the `wrapper-validation` action.
+
 ### Example workflow
 
 ```yaml
@@ -19,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v3
+      - uses: gradle/actions/wrapper-validation@v4
 ```
 
 See the [full action documentation](../docs/wrapper-validation.md) for more advanced usage scenarios.