[bot] Update dist directory

The cache-cleanup API has changed, so the init-script that worked with
Gradle 8.9 no longer works with 8.11.
We now provision and use Gradle 8.11 for cache cleanup.

This provides a band-aid fix for #417 but that issue will still impact
any build configured to run with Gradle > 8.11

.github/dependabot.yml

@@ -47,40 +47,40 @@ updates:
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/groovy-dsl"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/java-toolchain"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/kotlin-dsl"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/no-wrapper"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/no-wrapper-gradle-5"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"
   - package-ecosystem: "gradle"
     directory: "sources/test/init-scripts"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
+      interval: "weekly"

.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/groovy-dsl/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18.1"
     id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.1"
 }
 

.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/kotlin-dsl/build.gradle.kts

@@ -8,9 +8,9 @@ repositories {
 
 dependencies {
     api("org.apache.commons:commons-math3:3.6.1")
-    implementation("com.google.guava:guava:33.2.1-jre")
+    implementation("com.google.guava:guava:33.3.1-jre")
 
-    testImplementation("org.junit.jupiter:junit-jupiter:5.10.3")
+    testImplementation("org.junit.jupiter:junit-jupiter:5.11.3")
 }
 
 tasks.test {

.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/kotlin-dsl/settings.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id("com.gradle.develocity") version "3.17.6"
+    id("com.gradle.develocity") version "3.18.1"
     id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
 }
 

.github/workflow-samples/no-wrapper-gradle-5/build.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6" 
+    id "com.gradle.develocity" version "3.18.1" 
 }
 
 develocity {

.github/workflow-samples/no-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18.1"
 }
 
 develocity {

.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/non-executable-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18.1"
 }
 
 develocity {

.github/workflows/ci-check-and-unit-test.yml

@@ -23,6 +23,12 @@ jobs:
         node-version: 20
         cache: npm
         cache-dependency-path: sources/package-lock.json
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4 # Use a released version to avoid breakages
+      env:
+        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
+      with:
+        gradle-version: "8.11"
 
     - name: Check formatting and compile
       run: |

.github/workflows/ci-check-no-dist-update.yml

@@ -21,7 +21,7 @@ jobs:
 
     - name: Get changed files
       id: changed-files
-      uses: tj-actions/changed-files@v44
+      uses: tj-actions/changed-files@v45
       with:
         files: |
           dist/**

.github/workflows/ci-init-script-check.yml

@@ -26,7 +26,9 @@ jobs:
         distribution: temurin
         java-version: 11
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3 # Use a released version to avoid breakages
+      uses: gradle/actions/setup-gradle@v4 # Use a released version to avoid breakages
+      env:
+        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
     - name: Run integration tests
       working-directory: sources/test/init-scripts
       run: ./gradlew check

.github/workflows/ci-integ-test-full.yml

@@ -10,7 +10,7 @@ permissions:
   contents: write
 
 concurrency:
-  group: integ-test-${{ github.ref }}
+  group: integ-test
   cancel-in-progress: false
 
 jobs:

.github/workflows/ci-integ-test.yml

@@ -15,7 +15,7 @@ permissions:
   contents: write
 
 concurrency:
-  group: integ-test-${{ github.ref }}
+  group: integ-test
   cancel-in-progress: false
 
 jobs:

.github/workflows/demo-job-summary.yml

@@ -94,3 +94,20 @@ jobs:
     - name: Run build
       working-directory: .github/workflow-samples/groovy-dsl
       run: ./gradlew assemble
+
+  cache-read-only:
+    needs: build-distribution
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Setup Gradle
+      uses: ./setup-gradle
+      with:
+        cache-read-only: true
+    - name: Build kotlin-dsl project
+      working-directory: .github/workflow-samples/kotlin-dsl
+      run: ./gradlew assemble

.github/workflows/integ-test-cache-cleanup.yml

@@ -21,6 +21,7 @@ env:
 jobs:
   cache-cleanup-full-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -43,6 +44,7 @@ jobs:
   cache-cleanup-assemble-build:
     needs: cache-cleanup-full-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -65,6 +67,7 @@ jobs:
   cache-cleanup-check-clean-cache:
     needs: cache-cleanup-assemble-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-caching-config.yml

@@ -20,6 +20,7 @@ env:
 jobs:
   caching-config-seed-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -50,6 +51,7 @@ jobs:
   caching-config-verify-build:
     needs: caching-config-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -78,6 +80,7 @@ jobs:
   # Test that build scans are captured when caching is explicitly disabled
   caching-config-cache-disabled:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -132,6 +135,7 @@ jobs:
     env:
       GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: caching-config-write-only-${{ inputs.cache-key-prefix }}
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -155,6 +159,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: caching-config-write-only-${{ inputs.cache-key-prefix }}
     needs: caching-config-seed-write-only
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-dependency-graph.yml

@@ -23,11 +23,7 @@ env:
 
 jobs:
   dependency-graph-groovy-upload:
-    strategy:
+    runs-on: "ubuntu-latest"
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
       uses: actions/checkout@v4
@@ -59,11 +55,7 @@ jobs:
         DEPENDENCY_GRAPH_DOWNLOAD_ARTIFACT_NAME: groovy-upload
 
   dependency-graph-kotlin-generate-and-submit:
-    strategy:
+    runs-on: "ubuntu-latest"
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
       uses: actions/checkout@v4
@@ -79,11 +71,7 @@ jobs:
       working-directory: .github/workflow-samples/kotlin-dsl
 
   dependency-graph-multiple-builds:
-    strategy:
+    runs-on: "ubuntu-latest"
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
       uses: actions/checkout@v4

.github/workflows/integ-test-dependency-submission.yml

@@ -24,6 +24,7 @@ env:
 jobs:
   dependency-submission-groovy-generate-and-upload:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -46,6 +47,7 @@ jobs:
   dependency-submission-groovy-restore-cache:
     needs: [dependency-submission-groovy-generate-and-upload]
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -67,6 +69,7 @@ jobs:
   dependency-submission-groovy-download-and-submit:
     needs: [dependency-submission-groovy-generate-and-upload]
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -86,6 +89,7 @@ jobs:
 
   dependency-submission-kotlin-generate-and-submit:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -103,6 +107,7 @@ jobs:
 
   dependency-submission-multiple-builds:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -148,6 +153,7 @@ jobs:
 
   dependency-submission-multiple-builds-upload:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -299,6 +305,7 @@ jobs:
 
   dependency-submission-custom-report-dir-submit:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-inject-develocity.yml

@@ -33,11 +33,11 @@ jobs:
       matrix:
         gradle: [current, 7.6.2, 6.9.4, 5.6.4]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.17.6]
+        plugin-version: [3.16.2, 3.18.1]
         include:
         - plugin-version: 3.16.2
           accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
-        - plugin-version: 3.17.6
+        - plugin-version: 3.18.1
           accessKeyEnv: DEVELOCITY_ACCESS_KEY
 
     runs-on: ${{ matrix.os }}
@@ -84,7 +84,7 @@ jobs:
       matrix:
         gradle: [current, 7.6.2, 6.9.4, 5.6.4]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.17.6]
+        plugin-version: [3.16.2, 3.18.1]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout sources
@@ -133,7 +133,7 @@ jobs:
       matrix:
         gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.17.6 ]
+        plugin-version: [ 3.16.2, 3.18.1 ]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
@@ -169,7 +169,7 @@ jobs:
       matrix:
         gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.17.6 ]
+        plugin-version: [ 3.16.2, 3.18.1 ]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout sources

.github/workflows/integ-test-provision-gradle-versions.yml

@@ -23,6 +23,7 @@ jobs:
   # Each build verifies that it is executed with the expected Gradle version.
   provision-gradle:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -74,7 +75,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        gradle: [8.9, 8.8, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1] # 8.8 is the latest installed on windows runners
+        gradle: ["8.10", 8.9, 8.1, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1]
         os: ${{fromJSON(inputs.runner-os)}}
         include:
           - java-version: 11

.github/workflows/integ-test-restore-configuration-cache.yml

@@ -25,6 +25,7 @@ jobs:
     env:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-groovy
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -57,6 +58,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_1
     needs: restore-cc-seed-build-groovy
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -98,6 +100,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_2
     needs: restore-cc-verify-build-groovy
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -138,6 +141,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_x
     needs: restore-cc-seed-build-groovy
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -169,6 +173,7 @@ jobs:
     env:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-kotlin
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -201,6 +206,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_1
     needs: restore-cc-seed-build-kotlin
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -233,6 +239,7 @@ jobs:
       GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_2
     needs: restore-cc-modify-build-kotlin
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-restore-gradle-home.yml

@@ -21,6 +21,7 @@ env:
 jobs:
   restore-gradle-home-seed-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -43,6 +44,7 @@ jobs:
   restore-gradle-home-dependencies-cache:
     needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -65,6 +67,7 @@ jobs:
   restore-gradle-home-build-cache:
     needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -87,6 +90,7 @@ jobs:
   restore-gradle-home-no-extracted-cache-entries-restored:
     needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -111,6 +115,7 @@ jobs:
   restore-gradle-home-pre-existing-gradle-home:
     needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-restore-java-toolchain.yml

@@ -20,6 +20,7 @@ env:
 jobs:
   restore-java-toolchain-seed-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -42,6 +43,7 @@ jobs:
   restore-java-toolchain-verify-build:
     needs: restore-java-toolchain-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-sample-gradle-plugin.yml

@@ -20,6 +20,7 @@ env:
 jobs:
   sample-gradle-plugin-seed-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -41,6 +42,7 @@ jobs:
   sample-gradle-plugin-verify-build:
     needs: sample-gradle-plugin-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/integ-test-sample-kotlin-dsl.yml

@@ -20,6 +20,7 @@ env:
 jobs:
   sample-kotlin-dsl-seed-build:
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
@@ -41,6 +42,7 @@ jobs:
   sample-kotlin-dsl-verify-build:
     needs: sample-kotlin-dsl-seed-build
     strategy:
+      max-parallel: 1
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}

.github/workflows/update-checksums-file.yml

@@ -37,7 +37,7 @@ jobs:
 
       # If there are no changes, this action will not create a pull request
       - name: Create or update pull request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v7
         with:
           branch: bot/wrapper-checksums-update
           commit-message: Update known wrapper checksums

README.md

@@ -30,7 +30,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
     - name: Build with Gradle
       run: ./gradlew build
 ```
@@ -68,7 +68,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 ```
 
 See the [full action documentation](docs/dependency-submission.md) for more advanced usage scenarios.
@@ -79,6 +79,9 @@ The `wrapper-validation` action validates the checksums of _all_ [Gradle Wrapper
 
 The action should be run in the root of the repository, as it will recursively search for any files named `gradle-wrapper.jar`.
 
+Starting with v4 the `setup-gradle` action will [perform wrapper validation](docs/setup-gradle.md#gradle-wrapper-validation) on each execution.
+If you are using `setup-gradle` in your workflows, it is unlikely that you will need to use the `wrapper-validation` action.
+
 ### Example workflow
 
 ```yaml
@@ -94,7 +97,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v3
+      - uses: gradle/actions/wrapper-validation@v4
 ```
 
 See the [full action documentation](docs/wrapper-validation.md) for more advanced usage scenarios.

RELEASING.md

@@ -5,58 +5,27 @@
 - Check that https://github.com/gradle/actions/actions is green for all workflows for the main branch.
   - This should include any workflows triggered by `[bot] Update dist directory`
 - Decide on the version number to use for the release. The action releases should follow semantic versioning.
-  - By default, a patch release is assumed (eg. `3.0.0` → `3.0.1`)
+  - By default, a patch release is assumed (eg. `4.0.0` → `4.0.1`)
-  - If new features have been added, bump the minor version (eg `3.1.1` → `3.2.0`)
+  - If new features have been added, bump the minor version (eg `4.1.1` → `4.2.0`)
-  - If a new major release is required, bump the major version (eg `3.1.1` → `4.0.0`)
+  - If a new major release is required, bump the major version (eg `4.1.1` → `5.0.0`)
   - Note: The gradle actions follow the GitHub Actions convention of including a .0 patch number for the first release of a minor version, unlike the Gradle convention which omits the trailing .0.
 
 ## Release gradle/actions
-- Create a tag for the release. The tag should have the format `v3.1.0`
+- Create a tag for the release. The tag should have the format `v4.1.0`
-  - From CLI: `git tag v3.1.0 && git push --tags`
+  - From CLI: `git tag v4.1.0 && git push --tags`
 - Go to https://github.com/gradle/actions/releases and "Draft new release"
   - Use the newly created tag and copy the tag name exactly as the release title.
   - Craft release notes content based on issues closed, PRs merged and commits
   - Include a Full changelog link in the format https://github.com/gradle/actions/compare/v2.12.0...v3.0.0
 - Publish the release.
-- Force push the `v3` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
+- Force push the `v4` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
-  - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
+  - From CLI: `git tag -f -a -m "v4.0.0" v4 v4.0.0 && git push -f --tags`
   - Note that we set the commit message for the tag to the newly released version.
 
-## Release gradle/gradle-build-action
-
-During the 3.x release series, we will continue to publish parallel releases of `gradle/gradle-build-action`. These releases will simply delegate to `gradle/actions/setup-gradle` with the same version.
-
-- Update the [gradle-build-action action.yml](https://github.com/gradle/gradle-build-action/blob/main/action.yml#L162) file to point to the newly released version of `gradle/actions/setup-gradle`.
-- Ensure that any parameters that have been added to the setup-gradle action are added to the gradle-build-action definition, and that these are passed on to setup-gradle.
-- Create and push a tag for the release.
-  - From CLI: `git tag v3.1.0 && git push --tags`
-- Go to https://github.com/gradle/gradle-build-action/releases and "Draft new release"
-  - Use the newly created tag and copy the tag name exactly as the release title.
-  - In the release notes, point users to the gradle/actions release. Include a header informing users to switch to `gradle/actions/setup-gradle`.
-- Publish the release.
-- Force push the `v3` tag (or current major version) to point to the new release.
-  - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
-
-## Release gradle/wrapper-validation-action
-
-During the 3.x release series, we will continue to publish parallel releases of `gradle/wrapper-validation-action`. These releases will simply delegate to `gradle/actions/wrapper-validation` with the same version.
-
-- Update the [wrapper-validation-action action.yml](https://github.com/gradle/wrapper-validation-action/blob/main/action.yml#L162) file to point to the newly released version of `gradle/actions/wrapper-validation`.
-- Ensure that any parameters that have been added to the `wrapper-validation` action (if any) are added to the action definition, and that these are passed on to setup-gradle.
-- Create and push a tag for the release.
-  - From CLI: `git tag v3.1.0 && git push --tags`
-- Go to https://github.com/gradle/wrapper-validation-action/releases and "Draft new release"
-  - Use the newly created tag and copy the tag name exactly as the release title.
-  - In the release notes, point users to the gradle/actions release. Include a header informing users to switch to `gradle/actions/wrapper-validation`.
-- Publish the release.
-- Force push the `v3` tag (or current major version) to point to the new release.
-  - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
-
 ## Post release steps
 
 Submit PRs to update the GitHub starter workflow. Starter workflows contain content that should reference the Git hash of the current gradle/actions release:
-https://github.com/actions/starter-workflows has [gradle](https://github.com/actions/starter-workflows/blob/main/ci/gradle.yml) and [gradle-publish](https://github.com/actions/starter-workflows/blob/main/ci/gradle-publish.yml): see [the v2.1.4 update PR](https://github.com/actions/starter-workflows/pull/1489) for an example.
+https://github.com/actions/starter-workflows has [gradle](https://github.com/actions/starter-workflows/blob/main/ci/gradle.yml) and [gradle-publish](https://github.com/actions/starter-workflows/blob/main/ci/gradle-publish.yml): see [the v4.0.0 update PR](https://github.com/actions/starter-workflows/pull/2468) for an example.
 
 Submit PRs to update the GitHub documentation. The documentation contains content that should reference the Git hash of the current gradle/actions release:
-https://github.com/github/docs has [building-and-testing-java-with-gradle](https://github.com/github/docs/blob/main/content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md) and [publishing-java-packages-with-gradle](https://github.com/github/docs/blob/main/content/actions/publishing-packages/publishing-java-packages-with-gradle.md) : see [the v2.1.4 update PR](https://github.com/github/docs/pull/16392) for an example.
+https://github.com/github/docs has [building-and-testing-java-with-gradle](https://github.com/github/docs/blob/main/content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md) and [publishing-java-packages-with-gradle](https://github.com/github/docs/blob/main/content/actions/publishing-packages/publishing-java-packages-with-gradle.md) : see [the v4.0.0 update PR](https://github.com/github/docs/pull/34239) for an example.
-

dependency-submission/README.md

@@ -29,7 +29,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 ```
 
 See the [full action documentation](../docs/dependency-submission.md) for more advanced usage scenarios.

dependency-submission/action.yml

@@ -60,7 +60,8 @@ inputs:
   cache-cleanup:
     description: |
       Specifies if the action should attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
-      By default, no cleanup is performed. It can be configured to run every time, or only when all Gradle builds succeed for the Job. 
+      By default ('on-success'), cleanup is performed when all Gradle builds succeed for the Job. 
+      This behaviour can be disabled ('never'), or configured to always run irrespective of the build outcome ('always').
       Valid values are 'never', 'on-success' and 'always'.
     required: false
     default: 'on-success'

docs/dependency-submission.md

@@ -43,7 +43,7 @@ jobs:
         java-version: 17
 
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 ```
 
 ### Gradle execution
@@ -68,7 +68,7 @@ Three input parameters are required, one to enable publishing and two more to ac
 
 ```yaml
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
       with:
         build-scan-publish: true
         build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
@@ -83,7 +83,7 @@ In some cases, the default action configuration will not be sufficient, and addi
 
 ```yaml
     - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
       with:
         # Use a particular Gradle version instead of the configured wrapper.
         gradle-version: 8.6
@@ -273,7 +273,7 @@ For example, if you want to exclude dependencies resolved by the `buildSrc` proj
 
 ```yaml
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
       with:
         # Exclude all dependencies that originate solely in the 'buildSrc' project
         dependency-graph-exclude-projets: ':buildSrc'
@@ -317,10 +317,10 @@ jobs:
         java-version: 17
 
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 
     - name: Perform dependency review
-      uses: actions/dependency-review-action@v3
+      uses: actions/dependency-review-action@v4
 ```
 
 ## Usage with pull requests from public forked repositories
@@ -353,7 +353,7 @@ jobs:
         java-version: 17
 
     - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
       with:
         dependency-graph: generate-and-upload
 ```
@@ -376,7 +376,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Download and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
       with:
         dependency-graph: download-and-submit # Download saved dependency-graph and submit
 ```
@@ -403,7 +403,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: 'Dependency Review'
-      uses: actions/dependency-review-action@v3
+      uses: actions/dependency-review-action@v4
       with:
         retry-on-snapshot-warnings: true
         retry-on-snapshot-warnings-timeout: 600

docs/deprecation-upgrade-guide.md

@@ -20,7 +20,7 @@ To convert your workflows, simply replace:
 ```
 with
 ```
-    uses: gradle/actions/setup-gradle@v3
+    uses: gradle/actions/setup-gradle@v4
 ```
 
 ## The action `gradle/wrapper-validation-action` has been replaced by `gradle/actions/wrapper-validation`
@@ -40,7 +40,7 @@ To convert your workflows, simply replace:
 ```
 with
 ```
-    uses: gradle/actions/wrapper-validation@v3
+    uses: gradle/actions/wrapper-validation@v4
 ```
 
 ## Using the action to execute Gradle via the `arguments` parameter is deprecated
@@ -82,7 +82,7 @@ The exact syntax depends on whether or not your project is configured with the [
 
 ```
 - name: Setup Gradle
-  uses: gradle/actions/setup-gradle@v3
+  uses: gradle/actions/setup-gradle@v4
 
 - name: Assemble the project
   run: ./gradlew assemble
@@ -99,9 +99,9 @@ The exact syntax depends on whether or not your project is configured with the [
 
 ```
 - name: Setup Gradle for a non-wrapper project
-  uses: gradle/actions/setup-gradle@v3
+  uses: gradle/actions/setup-gradle@v4
   with:
-    gradle-version: 8.9
+    gradle-version: "8.10"
 
 - name: Assemble the project
   run: gradle assemble

docs/setup-gradle.md

@@ -45,7 +45,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
 
     - name: Execute Gradle build
       run: ./gradlew build
@@ -57,11 +57,11 @@ The `setup-gradle` action can download and install a specified Gradle version, a
 Downloaded Gradle versions are stored in the GitHub Actions cache, to avoid having to download them again later.
 
 ```yaml
- - name: Setup Gradle 8.5
+ - name: Setup Gradle 8.10
-   uses: gradle/actions/setup-gradle@v3
+   uses: gradle/actions/setup-gradle@v4
    with:
-     gradle-version: 8.5
+     gradle-version: "8.10" # Quotes required to prevent YAML converting to number
-  - name: Build with Gradle 8.5
+  - name: Build with Gradle 8.10
     run: gradle build
 ```
 
@@ -96,7 +96,7 @@ jobs:
         distribution: temurin
         java-version: 17
 
-    - uses: gradle/actions/setup-gradle@v3
+    - uses: gradle/actions/setup-gradle@v4
       id: setup-gradle
       with:
         gradle-version: release-candidate
@@ -213,7 +213,7 @@ jobs:
         distribution: temurin
         java-version: 17
 
-    - uses: gradle/actions/setup-gradle@v3
+    - uses: gradle/actions/setup-gradle@v4
       with:
         gradle-version: 8.6
         cache-encryption-key: ${{ secrets.GradleEncryptionKey }}
@@ -455,7 +455,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         add-job-summary-as-pr-comment: on-failure # Valid values are 'never' (default), 'always', and 'on-failure'
 
@@ -492,17 +492,17 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
 
     - name: Run build with Gradle wrapper
       run: ./gradlew build --scan
 
     - name: Upload build reports
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: always()
       with:
         name: build-reports
-        path: build/reports/
+        path: **/build/reports/
 ```
 
 ### Use of custom init-scripts in Gradle User Home
@@ -523,7 +523,7 @@ If you do not want wrapper-validation to occur automatically, you can disable it
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         validate-wrappers: false
 ```
@@ -535,7 +535,7 @@ These are not allowed by default.
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         validate-wrappers: true
         allow-snapshot-wrappers: true
@@ -600,7 +600,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         dependency-graph: generate-and-submit
     - name: Run the usual CI build (dependency-graph will be generated and submitted post-job)
@@ -627,7 +627,7 @@ graph cannot be generated or submitted. You can enable this behavior with the `d
 
 ```yaml
 # Ensure that the workflow Job will fail if the dependency graph cannot be submitted
-- uses: gradle/actions/setup-gradle@v3
+- uses: gradle/actions/setup-gradle@v4
   with:
     dependency-graph: generate-and-submit
     dependency-graph-continue-on-failure: false
@@ -652,7 +652,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         dependency-graph: generate-and-submit
     - name: Run a build, resolving the 'dependency-graph' plugin from the plugin portal proxy
@@ -682,7 +682,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         dependency-graph: generate-and-submit
     - name: Build the app, generating a graph of dependencies required
@@ -718,20 +718,112 @@ To reduce storage costs for these artifacts, you can set the `artifact-retention
 
 ```yaml
     - name: Generate dependency graph, but only retain artifact for one day
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         dependency-graph: generate
         artifact-retention-days: 1
 ```
 
-# Develocity plugin injection
+# Develocity Build Scan® integration
 
-The `setup-gradle` action provides support for injecting and configuring the Develocity Gradle plugin into any Gradle build, without any modification to the project sources.
+Publishing a Develocity Build Scan can be very helpful for Gradle builds run on GitHub Actions. Each Build Scan provides a
-This is achieved via an init-script installed into Gradle User Home, which is enabled and parameterized via environment variables.
+detailed report of the execution of the build, including which tasks were executed and the results of any test execution.
+
+The `setup-gradle` plugin provides a number of features to enable and enhance publishing Build Scans® to a Develocity instance.
+
+## Publishing to scans.gradle.com
+
+If you don't have a a private Develocity instance, you can easily publish Build Scans to the 
+free, public Develocity instance (https://scans.gradle.com).
+
+To publish to https://scans.gradle.com, you must specify in your workflow that you accept the [Gradle Terms of Use](https://gradle.com/help/legal-terms-of-use).
+
+```yaml
+    - name: Setup Gradle to publish build scans
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        build-scan-publish: true
+        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
+        build-scan-terms-of-use-agree: "yes"
+
+    - name: Run a Gradle build - a build scan will be published automatically
+      run: ./gradlew build
+```
+
+## Managing Develocity access keys
+
+Develocity access keys are long-lived, creating risks if they are leaked. To mitigate this risk this, 
+the `setup-gradle` action can automatically attempt to obtain a [short-lived access token](https://docs.gradle.com/develocity/gradle-plugin/current/#short_lived_access_tokens)
+to use when authenticating with Develocity. 
+The short-lived access token will then be used wherever a Develocity access key is required.
+
+```yaml
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }} # Long-lived access key, visiblility is restricted to this step.
+
+    # Subsequent steps will automatically use a short-lived access token to authenticate with Develocity
+    - name: Run a Gradle build that is configured to publish to Develocity.
+      run: ./gradlew build
+```
+
+### Increasing the expiry time for Develocity access tokens
+
+By default, a short-lived Develocity access token will be valid for 2 hours from the time it is generated. If your workflows take longer than
+2 hours to complete, you may see failure to publish Build Scans due to access token expiry.
+
+To avoid this, use the `develocity-token-expiry` parameter to specify a different token expiry in hours.
+
+```yaml
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
+        develocity-token-expiry: 8 # The number of hours that the access token should remain valid (max 24).
+```
+
+### Develocity access key supplied as environment variable
+
+The preferred mechanism is to supply the long-lived Develocity access key directly to `setup-gradle` via 
+the `develocity-access-key` input variable. However, the action will also detect an access key configured as an environment variable,
+such as `DEVELOCITY_ACCESS_KEY` or `GRADLE_ENTERPRISE_ACCESS_KEY`. In this case, the environment variable value will be replaced by 
+a short-lived access token, thus hiding the long-lived access key from subsequent steps.
+
+```yaml
+env:
+  DEVELOCITY_ACCESS_KEY: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
+
+jobs:
+  build-with-gradle:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4
+
+    # The build will automatically use a short-lived access token to authenticate with Develocity
+    - name: Run a Gradle build that is configured to publish to Develocity.
+      run: ./gradlew build
+```
+
+### Failure to obtain a short-lived access token
+
+If a short-lived token cannot be retrieved (for example, if the Develocity server version is lower than `2024.1`):
+ - If the access key is provided via `develocity-access-key`, then no access token is set and authentication with Develocity will not succeed.
+ - If the access key is provided via an environment variable, a warning will be logged and the environment variable will be left as-is. 
+   This can result in long-lived access keys being unintentionally exposed to other workflow steps.
+For more information on short-lived tokens, see [Develocity API documentation](https://docs.gradle.com/develocity/api-manual/#short_lived_access_tokens).
+
+## Develocity plugin injection
+
+The `setup-gradle` action provides support for transparently injecting and configuring the Develocity Gradle plugin into any Gradle build, 
+without any modification to the project sources. This allows Build Scans to be published for a repository without any changes to the project sources.
+
+Develocity injection is achieved via an init-script installed into Gradle User Home, which is enabled and parameterized via environment variables.
 
 The same auto-injection behavior is available for the Common Custom User Data Gradle plugin, which enriches any build scans published with additional useful information.
 
-## Enabling Develocity injection
+### Enabling Develocity injection
 
 To enable Develocity injection for your build, you must provide the required configuration via inputs.
 
@@ -739,7 +831,7 @@ Here's a minimal example:
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         develocity-injection-enabled: true
         develocity-url: https://develocity.your-server.com
@@ -749,14 +841,14 @@ Here's a minimal example:
       run: ./gradlew build
 ```
 
-This configuration will automatically apply `v3.17.6` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+This configuration will automatically apply `v3.18.1` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
 
 This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
 In the likely scenario that your Develocity server requires authentication, you will also need to pass a valid [Develocity access key](https://docs.gradle.com/develocity/gradle-plugin/#via_environment_variable) taken from a secret:
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
 
@@ -770,14 +862,7 @@ In the likely scenario that your Develocity server requires authentication, you
 
 This access key will be used during the action execution to get a short-lived token and set it to the DEVELOCITY_ACCESS_KEY environment variable.
 
-### Short-lived access tokens
+### Configuring Develocity injection
-Develocity access keys are long-lived, creating risks if they are leaked. To avoid this, users can use short-lived access tokens to authenticate with Develocity. Access tokens can be used wherever an access key would be used. Access tokens are only valid for the Develocity instance that created them.
-If a short-lived token fails to be retrieved (for example, if the Develocity server version is lower than `2024.1`):
- - if a `GRADLE_ENTERPRISE_ACCESS_KEY` env var has been set, we're falling back to it with a deprecation warning
- - otherwise no access key env var will be set. In that case Develocity authenticated operations like build cache read/write and build scan publication will fail without failing the build.
-For more information on short-lived tokens, see [Develocity API documentation](https://docs.gradle.com/develocity/api-manual/#short_lived_access_tokens).
-
-## Configuring Develocity injection
 
 The `init-script` supports several additional configuration parameters that you may find useful. All configuration options (required and optional) are detailed below:
 
@@ -814,33 +899,16 @@ Here's an example using the env vars:
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
 
     - name: Run a Gradle build with Develocity injection enabled with environment variables
       run: ./gradlew build
       env:
         DEVELOCITY_INJECTION_ENABLED: true
         DEVELOCITY_URL: https://develocity.your-server.com
-        DEVELOCITY_PLUGIN_VERSION: 3.17.6
+        DEVELOCITY_ENFORCE_URL: true
-```
+        DEVELOCITY_PLUGIN_VERSION: "3.18.1"
-
+        DEVELOCITY_CCUD_PLUGIN_VERSION: "2.0.2"
-## Publishing to scans.gradle.com
-
-Develocity injection is designed to enable the publishing of build scans to a Develocity instance,
-but is also useful for publishing to the public Build Scans instance (https://scans.gradle.com).
-
-To publish to https://scans.gradle.com, you must specify in your workflow that you accept the [Gradle Terms of Use](https://gradle.com/help/legal-terms-of-use).
-
-```yaml
-    - name: Setup Gradle to publish build scans
-      uses: gradle/actions/setup-gradle@v3
-      with:
-        build-scan-publish: true
-        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
-        build-scan-terms-of-use-agree: "yes"
-
-    - name: Run a Gradle build - a build scan will be published automatically
-      run: ./gradlew build
 ```
 
 # Dependency verification

docs/wrapper-validation.md

@@ -4,8 +4,11 @@ This action validates the checksums of _all_ [Gradle Wrapper](https://docs.gradl
 
 The action should be run in the root of the repository, as it will recursively search for any files named `gradle-wrapper.jar`.
 
-The `setup-gradle` action will perform wrapper validation on each execution. If you are using `setup-gradle` in your
+> [!NOTE]
-workflows, it is unlikely that you will need to use this action.
+> Starting with v4 the `setup-gradle` action will automatically [perform wrapper validation](../docs/setup-gradle.md#gradle-wrapper-validation)
+> on each execution.
+> 
+> If you are using `setup-gradle` in your workflows, it is unlikely that you will need to use the `wrapper-validation` action.
 
 ## The Gradle Wrapper Problem in Open Source
 
@@ -47,7 +50,7 @@ We created an example [Homoglyph attack PR here](https://github.com/JLLeitschuh/
 Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build:
 
 ```yaml
-uses: gradle/actions/wrapper-validation@v3
+uses: gradle/actions/wrapper-validation@v4
 ```
 
 This action step should precede any step using `gradle/gradle-build-action` or `gradle/actions/setup-gradle`.
@@ -70,7 +73,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v3
+      - uses: gradle/actions/wrapper-validation@v4
 ```
 
 ## Contributing to an external GitHub Repository

setup-gradle/README.md

@@ -26,7 +26,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
     - name: Build with Gradle
       run: ./gradlew build
 ```

setup-gradle/action.yml

@@ -43,7 +43,8 @@ inputs:
   cache-cleanup:
     description: |
       Specifies if the action should attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
-      By default, no cleanup is performed. It can be configured to run every time, or only when all Gradle builds succeed for the Job. 
+      By default ('on-success'), cleanup is performed when all Gradle builds succeed for the Job. 
+      This behaviour can be disabled ('never'), or configured to always run irrespective of the build outcome ('always').
       Valid values are 'never', 'on-success' and 'always'.
     required: false
     default: 'on-success'

sources/.tool-versions

@@ -1,3 +1,3 @@
 # Configuration file for asdf version manager
 nodejs 20.10.0
-gradle 8.9
+gradle 8.11

sources/package.json

@@ -32,41 +32,40 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@actions/artifact": "2.1.4",
+    "@actions/artifact": "2.1.11",
-    "@actions/cache": "3.2.4",
+    "@actions/cache": "3.3.0",
-    "@actions/core": "1.10.1",
+    "@actions/core": "1.11.1",
     "@actions/exec": "1.1.1",
     "@actions/github": "6.0.0",
-    "@actions/glob": "0.4.0",
+    "@actions/glob": "0.5.0",
-    "@actions/http-client": "2.2.1",
+    "@actions/http-client": "2.2.3",
     "@actions/tool-cache": "2.0.1",
-    "@octokit/rest": "20.1.0",
+    "@octokit/rest": "21.0.2",
-    "@octokit/webhooks-types": "7.5.0",
+    "@octokit/webhooks-types": "7.6.1",
-    "cheerio": "^1.0.0-rc.12",
+    "cheerio": "^1.0.0",
-    "semver": "7.6.0",
+    "semver": "7.6.3",
     "string-argv": "0.3.2",
-    "typed-rest-client": "1.8.11",
+    "typed-rest-client": "2.1.0",
     "unhomoglyph": "1.0.6",
-    "which": "4.0.0"
+    "which": "5.0.0"
   },
   "devDependencies": {
-    "@types/jest": "29.5.12",
+    "@types/jest": "29.5.14",
-    "@types/node": "20.12.4",
+    "@types/node": "20.17.6",
-    "@types/unzipper": "0.10.9",
+    "@types/unzipper": "0.10.10",
     "@types/which": "3.0.4",
-    "@typescript-eslint/parser": "7.5.0",
+    "@typescript-eslint/parser": "7.18.0",
-    "@vercel/ncc": "0.38.1",
+    "@vercel/ncc": "0.38.2",
-    "eslint": "8.57.0",
+    "eslint": "8.57.1",
-    "eslint-plugin-github": "4.10.2",
+    "eslint-plugin-github": "5.0.2",
-    "eslint-plugin-jest": "27.9.0",
+    "eslint-plugin-jest": "28.9.0",
-    "eslint-plugin-prettier": "5.1.3",
     "jest": "29.7.0",
     "js-yaml": "4.1.0",
-    "nock": "13.5.4",
+    "nock": "13.5.6",
     "npm-run-all": "4.1.5",
     "patch-package": "8.0.0",
-    "prettier": "3.2.5",
+    "prettier": "3.3.3",
-    "ts-jest": "29.1.2",
+    "ts-jest": "29.2.5",
-    "typescript": "5.4.3"
+    "typescript": "5.6.3"
   }
 }

sources/src/caching/cache-cleaner.ts

@@ -44,22 +44,24 @@ export class CacheCleaner {
                 settings.caches {
                     cleanup = Cleanup.ALWAYS
             
-                    releasedWrappers.removeUnusedEntriesOlderThan.set(cleanupTime)
+                    releasedWrappers.setRemoveUnusedEntriesOlderThan(cleanupTime)
-                    snapshotWrappers.removeUnusedEntriesOlderThan.set(cleanupTime)
+                    snapshotWrappers.setRemoveUnusedEntriesOlderThan(cleanupTime)
-                    downloadedResources.removeUnusedEntriesOlderThan.set(cleanupTime)
+                    downloadedResources.setRemoveUnusedEntriesOlderThan(cleanupTime)
-                    createdResources.removeUnusedEntriesOlderThan.set(cleanupTime)
+                    createdResources.setRemoveUnusedEntriesOlderThan(cleanupTime)
-                    buildCache.removeUnusedEntriesOlderThan.set(cleanupTime)
+                    buildCache.setRemoveUnusedEntriesOlderThan(cleanupTime)
                 }
             }
             `
         )
         fs.writeFileSync(path.resolve(cleanupProjectDir, 'build.gradle'), 'task("noop") {}')
 
-        const executable = await provisioner.provisionGradle('current')
+        // Gradle >= 8.11 required for cache cleanup
+        // TODO: This is ineffective: we should be using the newest version of Gradle that ran a build, or a newer version if it's available on PATH.
+        const executable = await provisioner.provisionGradleAtLeast('8.11')
 
         await core.group('Executing Gradle to clean up caches', async () => {
             core.info(`Cleaning up caches last used before ${cleanTimestamp}`)
-            await this.executeCleanupBuild(executable!, cleanupProjectDir)
+            await this.executeCleanupBuild(executable, cleanupProjectDir)
         })
     }
 
@@ -77,11 +79,8 @@ export class CacheCleaner {
             'noop'
         ]
 
-        const result = await exec.getExecOutput(executable, args, {
+        await exec.exec(executable, args, {
-            cwd: cleanupProjectDir,
+            cwd: cleanupProjectDir
-            silent: true
         })
-
-        core.info(result.stdout)
     }
 }

sources/src/caching/cache-reporting.ts

@@ -110,10 +110,12 @@ export class CacheEntryListener {
     requestedRestoreKeys: string[] | undefined
     restoredKey: string | undefined
     restoredSize: number | undefined
+    restoredTime: number | undefined
     notRestored: string | undefined
 
     savedKey: string | undefined
     savedSize: number | undefined
+    savedTime: number | undefined
     notSaved: string | undefined
 
     constructor(entryName: string) {
@@ -130,9 +132,10 @@ export class CacheEntryListener {
         return this
     }
 
-    markRestored(key: string, size: number | undefined): CacheEntryListener {
+    markRestored(key: string, size: number | undefined, time: number): CacheEntryListener {
         this.restoredKey = key
         this.restoredSize = size
+        this.restoredTime = time
         return this
     }
 
@@ -141,9 +144,10 @@ export class CacheEntryListener {
         return this
     }
 
-    markSaved(key: string, size: number | undefined): CacheEntryListener {
+    markSaved(key: string, size: number | undefined, time: number): CacheEntryListener {
         this.savedKey = key
         this.savedSize = size
+        this.savedTime = time
         return this
     }
 
@@ -182,14 +186,16 @@ ${renderEntryTable(entries)}
 function renderEntryTable(entries: CacheEntryListener[]): string {
     return `
 <table>
-    <tr><td></td><th>Count</th><th>Total Size (Mb)</th></tr>
+    <tr><td></td><th>Count</th><th>Total Size (Mb)</th><th>Total Time (ms)</tr>
     <tr><td>Entries Restored</td>
         <td>${getCount(entries, e => e.restoredSize)}</td>
         <td>${getSize(entries, e => e.restoredSize)}</td>
+        <td>${getTime(entries, e => e.restoredTime)}</td>
     </tr>
     <tr><td>Entries Saved</td>
         <td>${getCount(entries, e => e.savedSize)}</td>
         <td>${getSize(entries, e => e.savedSize)}</td>
+        <td>${getTime(entries, e => e.savedTime)}</td>
     </tr>
 </table>
     `
@@ -202,9 +208,11 @@ function renderEntryDetails(listener: CacheListener): string {
     Requested Key : ${entry.requestedKey ?? ''}
     Restored  Key : ${entry.restoredKey ?? ''}
               Size: ${formatSize(entry.restoredSize)}
+              Time: ${formatTime(entry.restoredTime)}
               ${getRestoredMessage(entry, listener.cacheWriteOnly)}
     Saved     Key : ${entry.savedKey ?? ''}
               Size: ${formatSize(entry.savedSize)}
+              Time: ${formatTime(entry.savedTime)}
               ${getSavedMessage(entry, listener.cacheReadOnly)}
 `
         )
@@ -264,9 +272,23 @@ function getSize(
     return Math.round(bytes / (1024 * 1024))
 }
 
+function getTime(
+    cacheEntries: CacheEntryListener[],
+    predicate: (value: CacheEntryListener) => number | undefined
+): number {
+    return cacheEntries.map(e => predicate(e) ?? 0).reduce((p, v) => p + v, 0)
+}
+
 function formatSize(bytes: number | undefined): string {
     if (bytes === undefined || bytes === 0) {
         return ''
     }
     return `${Math.round(bytes / (1024 * 1024))} MB (${bytes} B)`
 }
+
+function formatTime(ms: number | undefined): string {
+    if (ms === undefined || ms === 0) {
+        return ''
+    }
+    return `${ms} ms`
+}

sources/src/caching/cache-utils.ts

@@ -38,13 +38,16 @@ export async function restoreCache(
 ): Promise<cache.CacheEntry | undefined> {
     listener.markRequested(cacheKey, cacheRestoreKeys)
     try {
+        const startTime = Date.now()
         // Only override the read timeout if the SEGMENT_DOWNLOAD_TIMEOUT_MINS env var has NOT been set
         const cacheRestoreOptions = process.env[SEGMENT_DOWNLOAD_TIMEOUT_VAR]
             ? {}
             : {segmentTimeoutInMs: SEGMENT_DOWNLOAD_TIMEOUT_DEFAULT}
         const restoredEntry = await cache.restoreCache(cachePath, cacheKey, cacheRestoreKeys, cacheRestoreOptions)
         if (restoredEntry !== undefined) {
-            listener.markRestored(restoredEntry.key, restoredEntry.size)
+            const restoreTime = Date.now() - startTime
+            listener.markRestored(restoredEntry.key, restoredEntry.size, restoreTime)
+            core.info(`Restored cache entry with key ${cacheKey} to ${cachePath.join()} in ${restoreTime}ms`)
         }
         return restoredEntry
     } catch (error) {
@@ -56,8 +59,11 @@ export async function restoreCache(
 
 export async function saveCache(cachePath: string[], cacheKey: string, listener: CacheEntryListener): Promise<void> {
     try {
+        const startTime = Date.now()
         const savedEntry = await cache.saveCache(cachePath, cacheKey)
-        listener.markSaved(savedEntry.key, savedEntry.size)
+        const saveTime = Date.now() - startTime
+        listener.markSaved(savedEntry.key, savedEntry.size, saveTime)
+        core.info(`Saved cache entry with key ${cacheKey} from ${cachePath.join()} in ${saveTime}ms`)
     } catch (error) {
         if (error instanceof cache.ReserveCacheError) {
             listener.markAlreadyExists(cacheKey)

sources/src/caching/gradle-home-extry-extractor.ts

@@ -2,7 +2,6 @@ import path from 'path'
 import fs from 'fs'
 import * as core from '@actions/core'
 import * as glob from '@actions/glob'
-import * as semver from 'semver'
 
 import {CacheEntryListener, CacheListener} from './cache-reporting'
 import {cacheDebug, hashFileNames, isCacheDebuggingEnabled, restoreCache, saveCache, tryDelete} from './cache-utils'
@@ -10,6 +9,7 @@ import {cacheDebug, hashFileNames, isCacheDebuggingEnabled, restoreCache, saveCa
 import {BuildResult, loadBuildResults} from '../build-results'
 import {CacheConfig, ACTION_METADATA_DIR} from '../configuration'
 import {getCacheKeyBase} from './cache-key'
+import {versionIsAtLeast} from '../execution/gradle'
 
 const SKIP_RESTORE_VAR = 'GRADLE_BUILD_ACTION_SKIP_RESTORE'
 const CACHE_PROTOCOL_VERSION = 'v1'
@@ -132,9 +132,8 @@ abstract class AbstractEntryExtractor {
         pattern: string,
         listener: CacheEntryListener
     ): Promise<ExtractedCacheEntry> {
-        const restoredEntry = await restoreCache([pattern], cacheKey, [], listener)
+        const restoredEntry = await restoreCache(pattern.split('\n'), cacheKey, [], listener)
         if (restoredEntry) {
-            core.info(`Restored ${artifactType} with key ${cacheKey} to ${pattern}`)
             return new ExtractedCacheEntry(artifactType, pattern, cacheKey)
         } else {
             core.info(`Did not restore ${artifactType} with key ${cacheKey} to ${pattern}`)
@@ -232,8 +231,7 @@ abstract class AbstractEntryExtractor {
             cacheDebug(`No change to previously restored ${artifactType}. Not saving.`)
             entryListener.markNotSaved('contents unchanged')
         } else {
-            core.info(`Caching ${artifactType} with path '${pattern}' and cache key: ${cacheKey}`)
+            await saveCache(pattern.split('\n'), cacheKey, entryListener)
-            await saveCache([pattern], cacheKey, entryListener)
         }
 
         for (const file of matchingFiles) {
@@ -434,8 +432,7 @@ export class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
             // If any associated build result used Gradle < 8.6, then mark it as not cacheable
             if (
                 pathResults.find(result => {
-                    const gradleVersion = semver.coerce(result.gradleVersion)
+                    return !versionIsAtLeast(result.gradleVersion, '8.6.0')
-                    return gradleVersion && semver.lt(gradleVersion, '8.6.0')
                 })
             ) {
                 core.info(

sources/src/caching/gradle-user-home-cache.ts

@@ -60,7 +60,8 @@ export class GradleUserHomeCache {
     restoreKeys:[${cacheKey.restoreKeys}]`
         )
 
-        const cacheResult = await restoreCache(this.getCachePath(), cacheKey.key, cacheKey.restoreKeys, entryListener)
+        const cachePath = this.getCachePath()
+        const cacheResult = await restoreCache(cachePath, cacheKey.key, cacheKey.restoreKeys, entryListener)
         if (!cacheResult) {
             core.info(`${this.cacheDescription} cache not found. Will initialize empty.`)
             return
@@ -68,8 +69,6 @@ export class GradleUserHomeCache {
 
         core.saveState(RESTORED_CACHE_KEY_KEY, cacheResult.key)
 
-        core.info(`Restored ${this.cacheDescription} from cache key: ${cacheResult.key}`)
-
         try {
             await this.afterRestore(listener)
         } catch (error) {
@@ -120,10 +119,8 @@ export class GradleUserHomeCache {
             return
         }
 
-        core.info(`Caching ${this.cacheDescription} with cache key: ${cacheKey}`)
         const cachePath = this.getCachePath()
         await saveCache(cachePath, cacheKey, gradleHomeEntryListener)
-
         return
     }
 

sources/src/develocity/build-scan.ts

@@ -7,7 +7,7 @@ export async function setup(config: BuildScanConfig): Promise<void> {
     maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions')
     if (config.getBuildScanPublishEnabled()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17.6')
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.18.1')
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0')
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())

sources/src/develocity/short-lived-token.ts

@@ -72,7 +72,7 @@ class ShortLivedTokenClient {
     retryInterval = 1000
 
     async fetchToken(serverUrl: string, accessKey: HostnameAccessKey, expiry: string): Promise<HostnameAccessKey> {
-        const queryParams = expiry ? `?expiresInHours${expiry}` : ''
+        const queryParams = expiry ? `?expiresInHours=${expiry}` : ''
         const sanitizedServerUrl = !serverUrl.endsWith('/') ? `${serverUrl}/` : serverUrl
         const headers = {
             'Content-Type': 'application/json',

sources/src/execution/gradle.ts

@@ -1,6 +1,8 @@
 import * as core from '@actions/core'
 import * as exec from '@actions/exec'
 
+import which from 'which'
+import * as semver from 'semver'
 import * as provisioner from './provision'
 import * as gradlew from './gradlew'
 
@@ -31,3 +33,42 @@ async function executeGradleBuild(executable: string | undefined, root: string,
         core.setFailed(`Gradle build failed: see console output for details`)
     }
 }
+
+export function versionIsAtLeast(actualVersion: string, requiredVersion: string): boolean {
+    const splitVersion = actualVersion.split('-')
+    const coreVersion = splitVersion[0]
+    const prerelease = splitVersion.length > 1
+
+    const actualSemver = semver.coerce(coreVersion)!
+    const comparisonSemver = semver.coerce(requiredVersion)!
+
+    if (prerelease) {
+        return semver.gt(actualSemver, comparisonSemver)
+    } else {
+        return semver.gte(actualSemver, comparisonSemver)
+    }
+}
+
+export async function findGradleVersionOnPath(): Promise<GradleExecutable | undefined> {
+    const gradleExecutable = await which('gradle', {nothrow: true})
+    if (gradleExecutable) {
+        const output = await exec.getExecOutput(gradleExecutable, ['-v'], {silent: true})
+        const version = parseGradleVersionFromOutput(output.stdout)
+        return version ? new GradleExecutable(version, gradleExecutable) : undefined
+    }
+
+    return undefined
+}
+
+export function parseGradleVersionFromOutput(output: string): string | undefined {
+    const regex = /Gradle (\d+\.\d+(\.\d+)?(-.*)?)/
+    const versionString = output.match(regex)?.[1]
+    return versionString
+}
+
+class GradleExecutable {
+    constructor(
+        readonly version: string,
+        readonly executable: string
+    ) {}
+}

sources/src/execution/provision.ts

@@ -1,13 +1,12 @@
 import * as fs from 'fs'
 import * as os from 'os'
 import * as path from 'path'
-import which from 'which'
 import * as httpm from '@actions/http-client'
 import * as core from '@actions/core'
 import * as cache from '@actions/cache'
-import * as exec from '@actions/exec'
 import * as toolCache from '@actions/tool-cache'
 
+import {findGradleVersionOnPath, versionIsAtLeast} from './gradle'
 import * as gradlew from './gradlew'
 import {handleCacheFailure} from '../caching/cache-utils'
 import {CacheConfig} from '../configuration'
@@ -26,6 +25,16 @@ export async function provisionGradle(gradleVersion: string): Promise<string | u
     return undefined
 }
 
+/**
+ * Ensure that the Gradle version on PATH is no older than the specified version.
+ * If the version on PATH is older, install the specified version and add it to the PATH.
+ * @return Installed Gradle executable or undefined if no version configured.
+ */
+export async function provisionGradleAtLeast(gradleVersion: string): Promise<string> {
+    const installedVersion = await installGradleVersionAtLeast(await gradleRelease(gradleVersion))
+    return addToPath(installedVersion)
+}
+
 async function addToPath(executable: string): Promise<string> {
     core.addPath(path.dirname(executable))
     return executable
@@ -51,7 +60,7 @@ async function resolveGradleVersion(version: string): Promise<GradleVersionInfo>
         case 'release-nightly':
             return gradleReleaseNightly()
         default:
-            return gradle(version)
+            return gradleRelease(version)
     }
 }
 
@@ -76,7 +85,7 @@ async function gradleReleaseNightly(): Promise<GradleVersionInfo> {
     return await gradleVersionDeclaration(`${gradleVersionsBaseUrl}/release-nightly`)
 }
 
-async function gradle(version: string): Promise<GradleVersionInfo> {
+async function gradleRelease(version: string): Promise<GradleVersionInfo> {
     const versionInfo = await findGradleVersionDeclaration(version)
     if (!versionInfo) {
         throw new Error(`Gradle version ${version} does not exists`)
@@ -97,10 +106,24 @@ async function findGradleVersionDeclaration(version: string): Promise<GradleVers
 
 async function installGradleVersion(versionInfo: GradleVersionInfo): Promise<string> {
     return core.group(`Provision Gradle ${versionInfo.version}`, async () => {
-        const preInstalledGradle = await findGradleVersionOnPath(versionInfo)
+        const gradleOnPath = await findGradleVersionOnPath()
-        if (preInstalledGradle !== undefined) {
+        if (gradleOnPath?.version === versionInfo.version) {
             core.info(`Gradle version ${versionInfo.version} is already available on PATH. Not installing.`)
-            return preInstalledGradle
+            return gradleOnPath.executable
+        }
+
+        return locateGradleAndDownloadIfRequired(versionInfo)
+    })
+}
+
+async function installGradleVersionAtLeast(versionInfo: GradleVersionInfo): Promise<string> {
+    return core.group(`Provision Gradle >= ${versionInfo.version}`, async () => {
+        const gradleOnPath = await findGradleVersionOnPath()
+        if (gradleOnPath && versionIsAtLeast(gradleOnPath.version, versionInfo.version)) {
+            core.info(
+                `Gradle version ${gradleOnPath.version} is available on PATH and >= ${versionInfo.version}. Not installing.`
+            )
+            return gradleOnPath.executable
         }
 
         return locateGradleAndDownloadIfRequired(versionInfo)
@@ -192,15 +215,3 @@ interface GradleVersionInfo {
     version: string
     downloadUrl: string
 }
-
-async function findGradleVersionOnPath(versionInfo: GradleVersionInfo): Promise<string | undefined> {
-    const gradleExecutable = await which('gradle', {nothrow: true})
-    if (gradleExecutable) {
-        const output = await exec.getExecOutput(gradleExecutable, ['-v'], {silent: true})
-        if (output.stdout.includes(`Gradle ${versionInfo.version}`)) {
-            return gradleExecutable
-        }
-    }
-
-    return undefined
-}

sources/src/job-summary.ts

@@ -43,7 +43,7 @@ export async function generateJobSummary(
 async function addPRComment(jobSummary: string): Promise<void> {
     const context = github.context
     if (context.payload.pull_request == null) {
-        core.info('No pull_request trigger: not adding PR comment')
+        core.info('No pull_request trigger detected: not adding PR comment')
         return
     }
 

sources/src/wrapper-validation/wrapper-checksums.json

@@ -1,4 +1,44 @@
 [
+  {
+    "version": "8.11",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.11-rc-3",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.11-rc-2",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.11-rc-1",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.11-milestone-1",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.10.2",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.10.2-milestone-1",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.10.1",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.10",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.10-rc-1",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
   {
     "version": "8.9",
     "checksum": "498495120a03b9a6ab5d155f5de3c8f0d986a449153702fb80fc80e134484f17"

sources/test/init-scripts/build.gradle

@@ -20,7 +20,7 @@ dependencies {
     testImplementation ('io.ratpack:ratpack-groovy-test:1.9.0') {
         exclude group: 'org.codehaus.groovy', module: 'groovy-all'
     }
-    testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.17.2'
+    testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.18.1'
 }
 
 test {

sources/test/init-scripts/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=d725d707bfabd4dfdc958c624003b3c80accc03f7037b5122c4b1d0ef15cecab
+distributionSha256Sum=31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

sources/test/init-scripts/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.6"
+    id "com.gradle.develocity" version "3.18.1"
     id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.1"
 }
 

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy

@@ -16,25 +16,28 @@ import java.nio.file.Files
 import java.util.zip.GZIPOutputStream
 
 class BaseInitScriptTest extends Specification {
-    static final String DEVELOCITY_PLUGIN_VERSION = '3.17.6'
+    static final String DEVELOCITY_PLUGIN_VERSION = '3.18.1'
     static final String CCUD_PLUGIN_VERSION = '2.0.1'
 
     static final TestGradleVersion GRADLE_3_X = new TestGradleVersion(GradleVersion.version('3.5.1'), 7, 9)
     static final TestGradleVersion GRADLE_4_X = new TestGradleVersion(GradleVersion.version('4.10.3'), 7, 10)
     static final TestGradleVersion GRADLE_5_X = new TestGradleVersion(GradleVersion.version('5.6.4'), 8, 12)
+    static final TestGradleVersion GRADLE_6_0 = new TestGradleVersion(GradleVersion.version('6.0.1'), 8, 13)
     static final TestGradleVersion GRADLE_6_NO_BUILD_SERVICE = new TestGradleVersion(GradleVersion.version('6.5.1'), 8, 14)
     static final TestGradleVersion GRADLE_6_X = new TestGradleVersion(GradleVersion.version('6.9.4'), 8, 15)
-    static final TestGradleVersion GRADLE_7_1 = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
+    static final TestGradleVersion GRADLE_7_1 = new TestGradleVersion(GradleVersion.version('7.1.1'), 8, 16)
     static final TestGradleVersion GRADLE_7_X = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
     static final TestGradleVersion GRADLE_8_0 = new TestGradleVersion(GradleVersion.version('8.0.2'), 8, 19)
-    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.9'), 8, 22)
+    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.10'), 8, 23)
 
     static final List<TestGradleVersion> ALL_VERSIONS = [
         GRADLE_3_X, // First version where TestKit supports environment variables
         GRADLE_4_X,
         GRADLE_5_X,
+        GRADLE_6_0,
         GRADLE_6_NO_BUILD_SERVICE, // Last version without build service support
         GRADLE_6_X,
+        GRADLE_7_1,
         GRADLE_7_X,
         GRADLE_8_0,
         GRADLE_8_X,
@@ -44,7 +47,7 @@ class BaseInitScriptTest extends Specification {
         [GRADLE_7_X, GRADLE_8_0, GRADLE_8_X]
 
     static final List<TestGradleVersion> SETTINGS_PLUGIN_VERSIONS =
-        [GRADLE_6_X, GRADLE_7_X, GRADLE_8_0, GRADLE_8_X]
+        [GRADLE_6_X, GRADLE_7_1, GRADLE_7_X, GRADLE_8_0, GRADLE_8_X]
 
     static final String PUBLIC_BUILD_SCAN_ID = 'i2wepy2gr7ovw'
     static final String DEFAULT_SCAN_UPLOAD_TOKEN = 'scan-upload-token'

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestBuildResultRecorder.groovy

@@ -196,7 +196,7 @@ class TestBuildResultRecorder extends BaseInitScriptTest {
         when:
         settingsFile.text = """
             plugins {
-                id 'com.gradle.develocity' version '3.17.6' apply(false)
+                id 'com.gradle.develocity' version '3.18.1' apply(false)
             }
             gradle.settingsEvaluated {
                 apply plugin: 'com.gradle.develocity'

sources/test/jest/cache-cleanup.test.ts

@@ -53,8 +53,8 @@ test('will cleanup unused gradle versions', async () => {
     const transforms3 = path.resolve(gradleUserHome, "caches/transforms-3")
     const metadata100 = path.resolve(gradleUserHome, "caches/modules-2/metadata-2.100")
     const wrapper802 = path.resolve(gradleUserHome, "wrapper/dists/gradle-8.0.2-bin")
-    const gradleCurrent = path.resolve(gradleUserHome, "caches/8.9")
+    const gradleCurrent = path.resolve(gradleUserHome, "caches/8.11")
-    const metadataCurrent = path.resolve(gradleUserHome, "caches/modules-2/metadata-2.106")
+    const metadataCurrent = path.resolve(gradleUserHome, "caches/modules-2/metadata-2.107")
 
     expect(fs.existsSync(gradle802)).toBe(true)
     expect(fs.existsSync(transforms3)).toBe(true)

sources/test/jest/cache-reporting.test.ts

@@ -1,3 +1,4 @@
+import exp from 'constants'
 import {CacheEntryListener, CacheListener} from '../../src/caching/cache-reporting'
 
 describe('caching report', () => {
@@ -5,7 +6,7 @@ describe('caching report', () => {
         it('with one requested entry report', async () => {
             const report = new CacheListener()
             report.entry('foo').markRequested('1', ['2'])
-            report.entry('bar').markRequested('3').markRestored('4', 500)
+            report.entry('bar').markRequested('3').markRestored('4', 500, 1000)
             expect(report.fullyRestored).toBe(false)
         })
     })
@@ -22,13 +23,13 @@ describe('caching report', () => {
         })
         it('with restored entry report', async () => {
             const report = new CacheListener()
-            report.entry('bar').markRequested('3').markRestored('4', 300)
+            report.entry('bar').markRequested('3').markRestored('4', 300, 1000)
             expect(report.fullyRestored).toBe(true)
         })
         it('with multiple restored entry reportss', async () => {
             const report = new CacheListener()
-            report.entry('foo').markRestored('4', 3300)
+            report.entry('foo').markRestored('4', 3300, 111)
-            report.entry('bar').markRequested('3').markRestored('4', 333)
+            report.entry('bar').markRequested('3').markRestored('4', 333, 1000)
             expect(report.fullyRestored).toBe(true)
         })
     })
@@ -64,7 +65,7 @@ describe('caching report', () => {
             const report = new CacheListener()
             const entryReport = report.entry('foo')
             entryReport.markRequested('1', ['2', '3'])
-            entryReport.markSaved('4', 100)
+            entryReport.markSaved('4', 100, 1000)
 
             const stringRep = report.stringify()
             const reportClone: CacheListener = CacheListener.rehydrate(stringRep)
@@ -73,6 +74,8 @@ describe('caching report', () => {
             expect(entryClone.requestedKey).toBe('1')
             expect(entryClone.requestedRestoreKeys).toEqual(['2', '3'])
             expect(entryClone.savedKey).toBe('4')
+            expect(entryClone.savedSize).toBe(100)
+            expect(entryClone.savedTime).toBe(1000)
         })
         it('with live entry report', async () => {
             const report = new CacheListener()
@@ -85,7 +88,7 @@ describe('caching report', () => {
 
             // Check type and call method on rehydrated entry report
             expect(entryClone).toBeInstanceOf(CacheEntryListener)
-            entryClone.markSaved('4', 100)
+            entryClone.markSaved('4', 100, 1000)
 
             expect(entryClone.requestedKey).toBe('1')
             expect(entryClone.requestedRestoreKeys).toEqual(['2', '3'])

sources/test/jest/gradle-version.test.ts

@@ -0,0 +1,104 @@
+import { describe } from 'node:test'
+import { versionIsAtLeast, parseGradleVersionFromOutput } from '../../src/execution/gradle'
+
+describe('gradle', () => {
+    describe('can compare version with', () => {
+        it('same version', async () => {
+            expect(versionIsAtLeast('6.7.1', '6.7.1')).toBe(true)
+            expect(versionIsAtLeast('7.0', '7.0')).toBe(true)
+            expect(versionIsAtLeast('7.0', '7.0.0')).toBe(true)
+        })
+        it('newer version', async () => {
+            expect(versionIsAtLeast('6.7.1', '6.7.2')).toBe(false)
+            expect(versionIsAtLeast('7.0', '8.0')).toBe(false)
+            expect(versionIsAtLeast('7.0', '7.0.1')).toBe(false)
+        })
+        it('older version', async () => {
+            expect(versionIsAtLeast('6.7.2', '6.7.1')).toBe(true)
+            expect(versionIsAtLeast('8.0', '7.0')).toBe(true)
+            expect(versionIsAtLeast('7.0.1', '7.0')).toBe(true)
+        })
+        it('rc version', async () => {
+            expect(versionIsAtLeast('8.0.2-rc-1', '8.0.1')).toBe(true)
+            expect(versionIsAtLeast('8.0.2-rc-1', '8.0.2')).toBe(false)
+            expect(versionIsAtLeast('8.1-rc-1', '8.0')).toBe(true)
+            expect(versionIsAtLeast('8.0-rc-1', '8.0')).toBe(false)
+        })
+        it('snapshot version', async () => {
+            expect(versionIsAtLeast('8.11-20240829002031+0000', '8.10')).toBe(true)
+            expect(versionIsAtLeast('8.11-20240829002031+0000', '8.10.1')).toBe(true)
+            expect(versionIsAtLeast('8.11-20240829002031+0000', '8.11')).toBe(false)
+
+            expect(versionIsAtLeast('8.10.2-20240828012138+0000', '8.10')).toBe(true)
+            expect(versionIsAtLeast('8.10.2-20240828012138+0000', '8.10.1')).toBe(true)
+            expect(versionIsAtLeast('8.10.2-20240828012138+0000', '8.10.2')).toBe(false)
+            expect(versionIsAtLeast('8.10.2-20240828012138+0000', '8.11')).toBe(false)
+
+            expect(versionIsAtLeast('9.1-branch-provider_api_migration_public_api_changes-20240826121451+0000', '9.0')).toBe(true)
+            expect(versionIsAtLeast('9.1-branch-provider_api_migration_public_api_changes-20240826121451+0000', '9.0.1')).toBe(true)
+            expect(versionIsAtLeast('9.1-branch-provider_api_migration_public_api_changes-20240826121451+0000', '9.1')).toBe(false)
+        })
+    })
+    describe('can parse version from output', () => {
+        it('major version', async () => {
+            const output = `
+    ------------------------------------------------------------
+    Gradle 8.9
+    ------------------------------------------------------------
+    `
+            const version = await parseGradleVersionFromOutput(output)!
+            expect(version).toBe('8.9')
+        })
+    
+        it('patch version', async () => {
+            const output = `
+    ------------------------------------------------------------
+    Gradle 8.9.1
+    ------------------------------------------------------------
+    `
+            const version = await parseGradleVersionFromOutput(output)!
+            expect(version).toBe('8.9.1')
+        })
+    
+        it('rc version', async () => {
+            const output = `
+    ------------------------------------------------------------
+    Gradle 8.9-rc-1
+    ------------------------------------------------------------
+    `
+            const version = await parseGradleVersionFromOutput(output)!
+            expect(version).toBe('8.9-rc-1')
+        })
+    
+        it('milestone version', async () => {
+            const output = `
+    ------------------------------------------------------------
+    Gradle 8.0-milestone-6
+    ------------------------------------------------------------
+    `
+            const version = await parseGradleVersionFromOutput(output)!
+            expect(version).toBe('8.0-milestone-6')
+        })
+    
+        it('snapshot version', async () => {
+            const output = `
+    ------------------------------------------------------------
+    Gradle 8.10.2-20240828012138+0000
+    ------------------------------------------------------------
+    `
+            const version = await parseGradleVersionFromOutput(output)!
+            expect(version).toBe('8.10.2-20240828012138+0000')
+        })
+    
+        it('branch version', async () => {
+            const output = `
+    ------------------------------------------------------------
+    Gradle 9.0-branch-provider_api_migration_public_api_changes-20240830060514+0000
+    ------------------------------------------------------------
+    `
+            const version = await parseGradleVersionFromOutput(output)!
+            expect(version).toBe('9.0-branch-provider_api_migration_public_api_changes-20240830060514+0000')
+        })
+    })
+})
+

sources/test/jest/short-lived-token.test.ts

@@ -114,4 +114,14 @@ describe('short lived tokens', () => {
             .resolves
             .toBeNull()
     })
+
+    it('get short lived token with custom expiry', async () => {
+        nock('https://dev')
+            .post('/api/auth/token?expiresInHours=4')
+            .reply(200, 'token')
+        expect.assertions(1)
+        await expect(getToken('dev=key1', '4'))
+            .resolves
+            .toEqual({"keys": [{"hostname": "dev", "key": "token"}]})
+    })
 })

sources/test/jest/wrapper-validation/checksums.test.ts

@@ -37,7 +37,8 @@ test('fetches wrapper jar checksums for snapshots', async () => {
   const validChecksums = await checksums.fetchUnknownChecksums(true, new checksums.WrapperChecksums)
 
   // Expect that at least one snapshot checksum is different from the non-snapshot checksums
-  expect(validChecksums.size).toBeGreaterThan(nonSnapshotChecksums.size)
+  expect(nonSnapshotChecksums.size).toBeGreaterThan(10)
+  expect(validChecksums.size).toBeGreaterThanOrEqual(nonSnapshotChecksums.size)
 })
 
 test('fetches all wrapper checksum URLS for snapshots', async () => {

wrapper-validation/README.md

@@ -4,6 +4,12 @@ The `wrapper-validation` action validates the checksums of _all_ [Gradle Wrapper
 
 The action should be run in the root of the repository, as it will recursively search for any files named `gradle-wrapper.jar`.
 
+> [!NOTE]
+> Starting with v4 the `setup-gradle` action will automatically [perform wrapper validation](../docs/setup-gradle.md#gradle-wrapper-validation)
+> on each execution.
+> 
+> If you are using `setup-gradle` in your workflows, it is unlikely that you will need to use the `wrapper-validation` action.
+
 ### Example workflow
 
 ```yaml
@@ -19,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v3
+      - uses: gradle/actions/wrapper-validation@v4
 ```
 
 See the [full action documentation](../docs/wrapper-validation.md) for more advanced usage scenarios.