Prepare for v3.1.0 release

This logging can now be enabled on a case-by-case basis using
GitHub Actions debugging.

.github/workflow-samples/groovy-dsl/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.enterprise" version "3.16.1"
+    id "com.gradle.enterprise" version "3.16.2"
     id "com.gradle.common-custom-user-data-gradle-plugin" version "1.12.1"
 }
 

.github/workflow-samples/kotlin-dsl/build.gradle.kts

@@ -10,7 +10,7 @@ dependencies {
     api("org.apache.commons:commons-math3:3.6.1")
     implementation("com.google.guava:guava:33.0.0-jre")
 
-    testImplementation("org.junit.jupiter:junit-jupiter:5.10.1")
+    testImplementation("org.junit.jupiter:junit-jupiter:5.10.2")
 }
 
 tasks.test {

.github/workflow-samples/kotlin-dsl/settings.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id("com.gradle.enterprise") version "3.16.1"
+    id("com.gradle.enterprise") version "3.16.2"
     id("com.gradle.common-custom-user-data-gradle-plugin") version "1.12.1"
 }
 

.github/workflow-samples/no-wrapper-gradle-5/build.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.build-scan" version "3.16.1" 
+    id "com.gradle.build-scan" version "3.16.2" 
 }
 
 gradleEnterprise {

.github/workflow-samples/no-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.enterprise" version "3.16.1"
+    id "com.gradle.enterprise" version "3.16.2"
 }
 
 gradleEnterprise {

.github/workflow-samples/non-executable-wrapper/build.gradle

@@ -0,0 +1 @@
+// Required to keep dependabot happy

.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,8 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionSha256Sum=9d926787066a081739e8200858338b4a69e837c3a821a33aca9db09dd4a41026
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists

.github/workflow-samples/non-executable-wrapper/gradlew

@@ -0,0 +1,249 @@
+#!/bin/sh
+
+#
+# Copyright © 2015-2021 the original authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
+##############################################################################
+
+# Attempt to set APP_HOME
+
+# Resolve links: $0 may be a link
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
+done
+
+# This is normally unused
+# shellcheck disable=SC2034
+APP_BASE_NAME=${0##*/}
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD=maximum
+
+warn () {
+    echo "$*"
+} >&2
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+} >&2
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD=$JAVA_HOME/jre/sh/java
+    else
+        JAVACMD=$JAVA_HOME/bin/java
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD=java
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+fi
+
+# Increase the maximum file descriptors if we can.
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
+    esac
+fi
+
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
+fi
+
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'
+
+exec "$JAVACMD" "$@"

.github/workflow-samples/non-executable-wrapper/gradlew.bat

@@ -0,0 +1,92 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%"=="" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if %ERRORLEVEL% equ 0 goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if %ERRORLEVEL% equ 0 goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega

.github/workflow-samples/non-executable-wrapper/settings.gradle

@@ -0,0 +1,21 @@
+plugins {
+    id "com.gradle.enterprise" version "3.16.2"
+}
+
+gradleEnterprise {
+    buildScan {
+        termsOfServiceUrl = "https://gradle.com/terms-of-service"
+        termsOfServiceAgree = "yes"
+        publishAlways()
+        uploadInBackground = false
+    }
+}
+
+rootProject.name = 'no-wrapper'
+
+println "Using Gradle version: ${gradle.gradleVersion}"
+
+def gradleVersionCheck = System.properties.gradleVersionCheck
+if (gradleVersionCheck && gradle.gradleVersion != gradleVersionCheck) {
+    throw new RuntimeException("Got the wrong version: expected ${gradleVersionCheck} but was ${gradle.gradleVersion}")
+}

.github/workflows/ci-init-script-check.yml

@@ -20,7 +20,7 @@ jobs:
         distribution: temurin
         java-version: 8
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3-beta # Use a released version to avoid breakages
+      uses: gradle/actions/setup-gradle@v3 # Use a released version to avoid breakages
     - name: Run integration tests
       working-directory: sources/test/init-scripts
       run: ./gradlew check

.github/workflows/demo-job-summary.yml

@@ -4,9 +4,6 @@ on:
   workflow_dispatch:
   push:
 
-env:
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
-
 jobs:
   many-gradle-builds:
     runs-on: ubuntu-latest

.github/workflows/dependency-submission-save.yml

@@ -7,9 +7,6 @@ on:
 permissions:
   contents: read
 
-env:
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
-
 jobs:
   dependency-submission-save:
     runs-on: ubuntu-latest
@@ -20,6 +17,6 @@ jobs:
       uses: ./dependency-submission
       with:
         build-root-directory: .github/workflow-samples/groovy-dsl
-        dependency-graph-action: generate-and-save
+        dependency-graph: generate-and-upload
       env:
         GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository

.github/workflows/dependency-submission-submit.yml

@@ -8,9 +8,6 @@ on:
 permissions:
   contents: write
 
-env:
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
-
 jobs:
   dependency-submission-submit:
     runs-on: ubuntu-latest
@@ -20,4 +17,4 @@ jobs:
     - name: Download and submit dependency graph
       uses: ./dependency-submission
       with:
-        dependency-graph-action: retrieve-and-submit
+        dependency-graph: download-and-submit

.github/workflows/dependency-submission.yml

@@ -7,9 +7,6 @@ on:
 permissions:
   contents: write
 
-env:
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
-
 jobs:
   test-dependency-submission:
     runs-on: ubuntu-latest
@@ -22,3 +19,43 @@ jobs:
         build-root-directory: .github/workflow-samples/groovy-dsl
       env:
         GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository
+
+  test-gradle-versions:
+    strategy:
+      matrix:
+        gradle: [8.0.2, 7.6.4, 7.1.1, 6.9.4, 6.0.1, 5.6.4, 5.2.1]
+        include:
+          - gradle: 5.6.4
+            build-root-suffix: -gradle-5
+          - gradle: 5.2.1
+            build-root-suffix: -gradle-5
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Generate and submit dependencies
+      uses: ./dependency-submission
+      with:
+        gradle-version: ${{ matrix.gradle }}
+        build-root-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
+      env:
+        GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository
+
+  test-after-setup-gradle:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Setup Gradle
+      uses: ./setup-gradle
+    - name: Generate and submit dependencies
+      id: dependency-submission
+      uses: ./dependency-submission
+      continue-on-error: true
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+    - name: Assert step failure
+      if: steps.dependency-submission.outcome != 'failure'
+      run: |
+        echo "Dependency submission step should fail after setup-gradle"
+        exit 1

.github/workflows/integ-test-action-inputs.yml

@@ -15,7 +15,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: action-inputs-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   action-inputs:

.github/workflows/integ-test-cache-cleanup.yml

@@ -15,7 +15,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: integ-test-cache-cleanup-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   full-build:

.github/workflows/integ-test-caching-config.yml

@@ -15,7 +15,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: action-inputs-caching-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   seed-build:

.github/workflows/integ-test-dependency-graph-failures.yml

@@ -15,9 +15,34 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-graph-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
+  failing-build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./setup-gradle
+      with:
+        dependency-graph: generate
+        dependency-graph-continue-on-failure: true
+    - name: Run build that will fail
+      id: gradle-build
+      continue-on-error: true
+      run: ./gradlew build fail
+      working-directory: .github/workflow-samples/groovy-dsl
+    - name: Check no dependency graph is generated
+      shell: bash
+      run: |
+        if [ ! -z "$(ls -A dependency-graph-reports)" ]; then
+            echo "Expected no dependency graph files to be generated"
+            ls -l dependency-graph-reports
+            exit 1
+        fi        
+
   unsupported-gradle-version-warning:
     runs-on: ubuntu-latest
     steps:

.github/workflows/integ-test-dependency-graph.yml

@@ -18,7 +18,6 @@ permissions:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-graph-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   groovy-generate:

.github/workflows/integ-test-detect-java-toolchains.yml

@@ -15,7 +15,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: detect-java-toolchain-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   # Test that pre-installed runner JDKs are detected

.github/workflows/integ-test-execution.yml

@@ -15,7 +15,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: execution-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:   
   # Tests for executing with different Gradle versions. 
@@ -46,6 +45,12 @@ jobs:
         gradle-version: release-candidate
         build-root-directory: .github/workflow-samples/no-wrapper
         arguments: help
+    - name: Test with non-executable wrapper
+      uses: ./setup-gradle
+      with:
+        gradle-version: wrapper
+        build-root-directory: .github/workflow-samples/non-executable-wrapper
+        arguments: help
 
   gradle-versions:
     strategy:

.github/workflows/integ-test-inject-develocity.yml

@@ -18,16 +18,15 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: provision-gradle-versions-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   inject-develocity:
     env:
       DEVELOCITY_INJECTION_ENABLED: true
       DEVELOCITY_URL: https://ge.solutions-team.gradle.com
-      DEVELOCITY_PLUGIN_VERSION: 3.16.1
+      DEVELOCITY_PLUGIN_VERSION: 3.16.2
       DEVELOCITY_CCUD_PLUGIN_VERSION: 1.12.1
-      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} # This env var has not (yet) been renamed/aliased in GE plugin 3.16.1
+      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} # This env var has not (yet) been renamed/aliased in GE plugin 3.16.2
     strategy:
       matrix:
         gradle: [current, 7.6.2, 6.9.4, 5.6.4]

.github/workflows/integ-test-restore-configuration-cache.yml

@@ -18,7 +18,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-configuration-cache-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   seed-build-groovy:
@@ -43,7 +42,7 @@ jobs:
       with:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
         cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6-rc-1
+        gradle-version: 8.6
     - name: Groovy build with configuration-cache enabled
       working-directory: .github/workflow-samples/groovy-dsl
       run: gradle test --configuration-cache
@@ -71,7 +70,7 @@ jobs:
       with:
         cache-read-only: true
         cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6-rc-1
+        gradle-version: 8.6
     - name: Groovy build with configuration-cache enabled
       id: execute
       working-directory: .github/workflow-samples/groovy-dsl
@@ -111,7 +110,7 @@ jobs:
       with:
         cache-read-only: true
         cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6-rc-1
+        gradle-version: 8.6
     - name: Check execute Gradle build with configuration cache enabled (but not restored)
       working-directory: .github/workflow-samples/groovy-dsl
       run: gradle test --configuration-cache
@@ -138,7 +137,7 @@ jobs:
       with:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
         cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6-rc-1
+        gradle-version: 8.6
     - name: Execute 'help' with configuration-cache enabled
       working-directory: .github/workflow-samples/kotlin-dsl
       run: gradle help --configuration-cache
@@ -166,7 +165,7 @@ jobs:
       with:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
         cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6-rc-1
+        gradle-version: 8.6
     - name: Execute 'test' with configuration-cache enabled
       working-directory: .github/workflow-samples/kotlin-dsl
       run: gradle test --configuration-cache
@@ -195,7 +194,7 @@ jobs:
       with:
         cache-read-only: true
         cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6-rc-1
+        gradle-version: 8.6
     - name: Execute 'test' again with configuration-cache enabled
       id: execute
       working-directory: .github/workflow-samples/kotlin-dsl

.github/workflows/integ-test-restore-containerized-gradle-home.yml

@@ -12,7 +12,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-custom-gradle-home-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   seed-build:

.github/workflows/integ-test-restore-custom-gradle-home.yml

@@ -12,7 +12,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-custom-gradle-home-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   seed-build:

.github/workflows/integ-test-restore-gradle-home.yml

@@ -16,7 +16,6 @@ env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-gradle-home-${{ inputs.cache-key-prefix }}
   GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-gradle-home
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   seed-build:

.github/workflows/integ-test-restore-java-toolchain.yml

@@ -15,7 +15,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-java-toolchain-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   seed-build:

.github/workflows/integ-test-sample-gradle-plugin.yml

@@ -15,7 +15,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: sample-gradle-plugin-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   seed-build:

.github/workflows/integ-test-sample-kotlin-dsl.yml

@@ -15,7 +15,6 @@ on:
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: sample-kotlin-dsl-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
   seed-build:

.github/workflows/purge-old-workflow-runs.yml

@@ -1,28 +0,0 @@
-name: Purge old workflow runs
-on:
-  workflow_dispatch:
-    inputs:
-      days:
-        description: 'Purge runs older than days'
-        required: true
-        default: 30
-      minimum_runs:
-        description: 'The minimum runs to keep for each workflow.'
-        required: true
-        default: 6
-      delete_workflow_pattern:
-        description: 'The name of the workflow. if not set then it will target all workflows.'
-        required: false
-
-jobs:
-  del_runs:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Purge workflow runs
-        uses: Mattraks/delete-workflow-runs@v2
-        with:
-          token: ${{ github.token }}
-          repository: ${{ github.repository }}
-          retain_days: ${{ github.event.inputs.days }}
-          keep_minimum_runs: ${{ github.event.inputs.minimum_runs }}
-          delete_workflow_pattern: ${{ github.event.inputs.delete_workflow_pattern }}

.github/workflows/setup-gradle.yml

@@ -1,20 +0,0 @@
-name: Test setup-gradle
-
-on:
-  workflow_dispatch:
-  push:
-
-env:
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
-
-jobs:
-  test-setup-gradle:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Setup Gradle
-      uses: ./setup-gradle
-    - name: Build groovy-dsl project
-      working-directory: .github/workflow-samples/groovy-dsl
-      run: ./gradlew assemble

README.md

@@ -20,7 +20,7 @@ jobs:
     - name: Checkout sources
       uses: actions/checkout@v4
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3
     - name: Build with Gradle
       run: ./gradlew build
 ```
@@ -51,7 +51,7 @@ jobs:
     - name: Checkout sources
       uses: actions/checkout@v4
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3-beta
+      uses: gradle/actions/dependency-submission@v3
 ```
 
 See the [full action documentation](dependency-submission/README.md) for more advanced usage scenarios.

dependency-submission/README.md

@@ -1,8 +1,17 @@
 # The `dependency-submission` action
 
-Generates and submits a dependency graph for a Gradle project. This action is designed to be used in a standalone workflow.
+The `gradle/actions/dependency-submission` action provides the simplest (and recommended) way to generate a 
-The intention is to provide a simple, standardised way to enable Dependency Graph support for Gradle repositories,
+dependency graph for your project. This action will attempt to detect all dependencies used by your build
-with a long-term goal of having this functionality enabled by default for Gradle projects on GitHub.
+without building and testing the project itself.
+
+The dependency graph snapshot is generated via integration with the [GitHub Dependency Graph Gradle Plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin), and submitted to your repository via the 
+[GitHub Dependency Submission API](https://docs.github.com/en/rest/dependency-graph/dependency-submission).
+The generated snapshot files can be submitted in the same job, or saved for submission in a subsequent job.
+
+The generated dependency graph includes all of the dependencies in your build, and is used by GitHub to generate 
+[Dependabot Alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) 
+for vulnerable dependencies, as well as to populate the 
+[Dependency Graph insights view](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#viewing-the-dependency-graph).
 
 ## General usage
 
@@ -26,14 +35,14 @@ jobs:
     - name: Checkout sources
       uses: actions/checkout@v4
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3-beta
+      uses: gradle/actions/dependency-submission@v3
 ```
 
 ### Configuration parameters
 
 In some cases, the default action configuration will not be sufficient, and additional action parameters will need to be specified.
 
-See the example below for a summary, and the [Action Metadata file](../dependency-submission/action.yml) for a more detailed description of each input parameter.
+See the example below for a summary, and the [Action Metadata file](action.yml) for a more detailed description of each input parameter.
 
 ```yaml
 name: Dependency Submission with advanced config
@@ -50,10 +59,10 @@ jobs:
     - name: Checkout sources
       uses: actions/checkout@v4
     - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v3-beta
+      uses: gradle/actions/dependency-submission@v3
       with:
         # Use a particular Gradle version instead of the configured wrapper.
-        gradle-version: 8.6-rc-2
+        gradle-version: 8.6
 
         # The gradle project is not in the root of the repository.
         build-root-directory: my-gradle-project
@@ -62,7 +71,216 @@ jobs:
         cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
 
         # Do not attempt to submit the dependency-graph. Save it as a workflow artifact.
-        dependency-graph-action: generate-and-save
+        dependency-graph: generate-and-upload
+```
+
+# Resolving a dependency vulnerability
+
+## Finding the source of a dependency vulnerability
+
+Once you have submitted a dependency graph, you may receive Dependabot Alerts warning about vulnerabilities in
+dependencies of your project. In the case of transitive dependencies, it may not be obvious how that dependency is
+used or what you can do to address the vulnerability alert.
+
+The first step to investigating a Dependabot Alert is to determine the source of the dependency. One of the best ways to 
+do so is with a free Develocity Build Scan®, which makes it easy to explore the dependencies resolved in your build.
+
+<img width="1069" alt="image" src="https://github.com/gradle/actions/assets/179734/3a637dfd-396c-4e94-8332-dcc6eb5a35ac">
+
+In this example, we are searching for dependencies matching the name 'com.squareup.okio:okio' in the _Build Dependencies_ of 
+the project. You can easily see that this dependency originates from 'com.github.ben-manes:gradle-versions-plugin'.
+Knowing the source of the dependency can help determine how to deal with the Dependabot Alert.
+
+Note that you may need to look at both the _Dependencies_ and the _Build Dependencies_ of your project to find the
+offending dependency.
+
+### Publishing a Develocity Build Scan® from your dependency submission workflow
+
+You can automatically publish a Build Scan on every run of `gradle/actions/dependency-submission`. Three input parameters are 
+required, one to enable publishing and two more to accept the [Develocity terms of service](https://gradle.com/terms-of-service).
+
+```yaml
+    - name: Generate and submit dependency graph
+      uses: gradle/actions/dependency-submission@v3
+      with:
+        build-scan-publish: true
+        build-scan-terms-of-service-url: "https://gradle.com/terms-of-service"
+        build-scan-terms-of-service-agree: "yes"
+```
+
+### When you cannot publish a Build Scan®
+
+If publishing a free Build Scan to https://scans.gradle.com isn't an option, and you don't have access to a private [Develocity
+server](https://gradle.com/) for your project, you can obtain information about the each resolved dependency by running the `dependency-submission` workflow with debug logging enabled.
+
+The simplest way to do so is to re-run the dependency-submission job with debug logging enabled:
+
+<img width="665" alt="image" src="https://github.com/gradle/actions/assets/179734/d95b889a-09fb-4731-91f2-baebbf647e31">
+
+When you do so, the Gradle build that generates the dependency-graph will include a log message for each dependency version included in the graph.
+Given the details in one log message, you can run (locally) the built-in [dependencyInsight](https://docs.gradle.org/current/userguide/viewing_debugging_dependencies.html#dependency_insights) task
+to determine exactly how the dependency was resolved. 
+
+For example, given the following message in the logs:
+```
+Detected dependency 'com.google.guava:guava:32.1.3-jre': project = ':my-subproject', configuration = 'compileClasspath'
+```
+
+You would run the following command locally:
+```
+./gradlew :my-subproject:dependencyInsight --configuration compileClasspath --dependency com.google.guava:guava:32.1.3-jre
+```
+
+#### Dealing with 'classpath' configuration
+
+If the configuration value in the log message is "classpath" then instead of running `dependency-insight` you'll need to run the Gradle
+`buildEnvironment` task.
+
+For example, given the following message in the logs:
+```
+Detected dependency 'xerces:xercesImpl:2.12.2': project = ':my-subproject', configuration = 'classpath'
+```
+
+You would run the following command locally to expose the `xercesImpl` dependency:
+```
+./gradlew :my-subproject:buildEnvironment | grep -C 5 xercesImpl
+```
+
+## Updating the dependency version
+
+Once you've discovered the source of the dependency, the most obvious fix is to update the dependency to a patched version that does not
+suffer the vulnerability. For direct dependencies, this is often straightforward.  But for transitive dependencies it can be tricky.
+
+### Dependency source is specified directly in the build
+
+If the dependency is used to compile your code or run your tests, it's normal for the underlying "source" of the dependency to have a
+version configured directly in the build. For example, if you have a vulnerable version of `com.squareup.okio:okio` in your `compileClasspath`, then
+it's likely you have a dependency like `com.squareup.moshi:moshi` configured as an `api` or `implementation` dependency.
+
+In this case there are 2 possibilities:
+1. There is a newer, compatible version of `com.squareup.moshi:moshi` available, and you can just bump the version number.
+2. There isn't a newer, compatible version of `com.squareup.moshi:moshi`
+
+In the second case, you can add a Dependency Constraint, to force the use of the newest version of `com.squareup.okio`:
+
+```kotlin
+dependencies {
+  implementation("com.squareup.moshi:moshi:1.12.0")
+  constraints {
+    // Force a newer version of okio in transitive resolution
+    implementation("com.squareup.okio:okio:3.6.0")
+  }
+}
+```
+
+### Dependency source is a plugin classpath
+
+If the vulnerable dependency is introduced by a Gradle plugin, again the best option is to look for a newer version of the plugin.
+But if none is available, you can still use a dependency constraint to force a newer transitive version to be used.
+
+The dependency constraint must be added to the `classpath` configuration of the buildscript that loads the plugin.
+
+```kotlin
+buildscript {
+  repositories {
+    gradlePluginPortal()
+  }
+  dependencies {
+    constraints {
+      // Force a newer version of okio in transitive resolution
+      classpath("com.squareup.okio:okio:3.6.0")
+    }
+  }
+}
+plugins {
+  id("com.github.ben-manes.versions") version("0.51.0")
+}
+```
+
+## Limiting the dependencies that appear in the dependency graph
+
+By default, the `dependency-submission` action attempts to detect all dependencies declared and used by your Gradle build.
+At times it may helpful to limit the dependencies reported to GitHub, to avoid security alerts for dependencies that 
+don't form a critical part of your product. For example, a vulnerability in the tool you use to generate documentation 
+may not be as important as a vulnerability in one of your runtime dependencies.
+
+The `dependency-submission` action provides a convenient mechanism to filter the projects and configurations that
+contribute to the dependency graph.
+
+> [!NOTE]
+> Ideally, all dependencies involved in building and testing a project will be extracted and reported in a dependency graph. 
+> These dependencies would be assigned to different scopes (eg development, runtime, testing) and the GitHub UI would make it easy to opt-in to security alerts for different dependency scopes.
+> However, this functionality does not yet exist.
+
+### Excluding certain Gradle projects from to the dependency graph
+
+If you do not want the dependency graph to include dependencies from every project in your build, 
+you can easily exclude certain projects from the dependency extraction process.
+
+To restrict which Gradle subprojects contribute to the report, specify which projects to exclude via a regular expression.
+You can provide this value via the `DEPENDENCY_GRAPH_EXCLUDE_PROJECTS` environment variable or system property.
+
+Note that excluding a project in this way only removes dependencies that are _resolved_ as part of that project, and may
+not necessarily remove all dependencies _declared_ in that project. If another project depends on the excluded project
+then it may transitively resolve dependencies declared in the excluded project: these dependencies will still be included
+in the generated dependency graph.
+
+### Excluding certain Gradle configurations from to the dependency graph
+
+Similarly to Gradle projects, it is possible to exclude a set of configuration instances from dependency graph generation,
+so that dependencies resolved by those configurations are not included.
+
+To restrict which Gradle configurations contribute to the report, specify which configurations to exclude via a regular expression.
+You can provide this value via the `DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS` environment variable or system property.
+
+Note that configuration exclusion applies to the configuration in which the dependency is _resolved_ which is not necessarily
+the configuration where the dependency is _declared_. For example if you decare a dependency as `implementation` in
+a Java project, that dependency will be resolved in `compileClasspath`, `runtimeClasspath` and possibly other configurations.
+
+### Example of project and configuration filtering
+
+For example, if you want to exclude dependencies in the `buildSrc` project, and exclude dependencies from the `testCompileClasspath` and `testRuntimeClasspath` configurations, you would use the following configuration:
+
+```yaml
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Generate and submit dependency graph
+      uses: gradle/actions/dependency-submission@v3
+      env:
+        # Exclude all dependencies that originate solely in the 'buildSrc' project
+        DEPENDENCY_GRAPH_EXCLUDE_PROJECTS: ':buildSrc'
+        # Exclude dependencies that are only resolved in test classpaths
+        DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS: '.*[Tt]est(Compile|Runtime)Classpath'
+```
+
+### Other filtering options
+
+The [GitHub Dependency Graph Gradle Plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin)
+has other filtering options that may be useful.
+ See [the docs](https://github.com/gradle/github-dependency-graph-gradle-plugin?tab=readme-ov-file#filtering-which-gradle-configurations-contribute-to-the-dependency-graph) for details.
+
+# Advance usage scenarios
+
+## Using a custom plugin repository
+
+By default, the action downloads the `github-dependency-graph-gradle-plugin` from the Gradle Plugin Portal (https://plugins.gradle.org). If your GitHub Actions environment does not have access to this URL, you can specify a custom plugin repository to use. 
+Do so by setting the `GRADLE_PLUGIN_REPOSITORY_URL` environment variable.
+
+```yaml
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Generate and submit dependency graph
+      uses: gradle/actions/dependency-submission@v3
+      env:
+        GRADLE_PLUGIN_REPOSITORY_URL: "https://gradle-plugins-proxy.mycorp.com"
 ```
 
 ## Integrating the `dependency-review-action`
@@ -88,7 +306,7 @@ jobs:
     - name: Checkout sources
       uses: actions/checkout@v4
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3-beta
+      uses: gradle/actions/dependency-submission@v3
   
   dependency-review:
     needs: dependency-submission
@@ -107,8 +325,8 @@ This `contents: write` permission is [not available for any workflow that is tri
 This limitation is designed to prevent a malicious pull request from effecting repository changes.
 
 Because of this restriction, we require 2 separate workflows in order to generate and submit a dependency graph:
-1. The first workflow runs directly against the pull request sources and will `generate-and-save` the dependency graph.
+1. The first workflow runs directly against the pull request sources and will `generate-and-upload` the dependency graph.
-2. The second workflow is triggered on `workflow_run` of the first workflow, and will `retrieve-and-submit` the previously saved dependency graph.
+2. The second workflow is triggered on `workflow_run` of the first workflow, and will `download-and-submit` the previously saved dependency graph.
 
 ***Main workflow file***
 ```yaml
@@ -125,15 +343,15 @@ jobs:
     steps:
     - name: Checkout sources
       uses: actions/checkout@v4
-    - name: Generate and submit dependency graph
+    - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v3-beta
+      uses: gradle/actions/dependency-submission@v3
       with:
-        dependency-graph-action: generate-and-save
+        dependency-graph: generate-and-upload
 ```
 
 ***Dependent workflow file***
 ```yaml
-name: Retrieve and submit dependency graph
+name: Download and submit dependency graph
 
 on:
   workflow_run:
@@ -147,10 +365,10 @@ jobs:
   submit-dependency-graph:
     runs-on: ubuntu-latest
     steps:
-    - name: Retrieve and submit dependency graph
+    - name: Download and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3-beta
+      uses: gradle/actions/dependency-submission@v3
       with:
-        dependency-graph-action: retrieve-and-submit # Download saved dependency-graph and submit
+        dependency-graph: download-and-submit # Download saved dependency-graph and submit
 ```
 
 ### Integrating `dependency-review-action` for pull requests from public forked repositories
@@ -180,11 +398,13 @@ jobs:
         retry-on-snapshot-warnings-timeout: 600
 ```
 
-The `retry-on-snapshot-warnings-timeout` (in seconds) needs to be long enough to allow the entire `Generate and save dependency graph` and `Retrieve and submit dependency graph` workflows (above) to complete.
+The `retry-on-snapshot-warnings-timeout` (in seconds) needs to be long enough to allow the entire `Generate and save dependency graph` and `Download and submit dependency graph` workflows (above) to complete.
 
-## Gradle version compatibility
+# Gradle version compatibility
 
 Dependency-graph generation is compatible with most versions of Gradle >= `5.2`, and is tested regularly against 
 Gradle versions `5.2.1`, `5.6.4`, `6.0.1`, `6.9.4`, `7.1.1` and `7.6.3`, as well as all patched versions of Gradle 8.x.
 
 A known exception to this is that Gradle `7.0`, `7.0.1` and `7.0.2` are not supported.
+
+See [here](https://github.com/gradle/github-dependency-graph-gradle-plugin?tab=readme-ov-file#gradle-compatibility) for complete compatibility information.

dependency-submission/action.yml

@@ -16,54 +16,69 @@ inputs:
       A suitable key can be generated with `openssl rand -base64 16`.
       Configuration-cache data will not be saved/restored without an encryption key being provided.
     required: false
-  dependency-graph-action:
+  dependency-graph:
     description: |
       Specifies how the dependency-graph should be handled by this action. By default a dependency-graph will be generated and submitted.
       Valid values are:
         'generate-and-submit' (default): Generates a dependency graph for the project and submits it in the same Job.
-        'generate-and-save': Generates a dependency graph for the project and saves it as a workflow artifact.
+        'generate-and-upload': Generates a dependency graph for the project and saves it as a workflow artifact.
-        'retrieve-and-submit': Retrieves a previously saved dependency-graph and submits it to the repository.
+        'download-and-submit': Retrieves a previously saved dependency-graph and submits it to the repository.
 
       The `generate-and-upload` and `download-and-submit` options are designed to be used in an untrusted workflow scenario,
       where the workflow generating the dependency-graph cannot (or should not) be given the `contents: write` permissions
       required to submit via the Dependency Submission API.
     required: false
     default: 'generate-and-submit'
+  additional-arguments:
+    description: |
+      Additional arguments to pass to Gradle. For example, `--no-configuration-cache --stacktrace`.
+    required: false
+
+  build-scan-publish:
+    description: |
+      Set to 'true' to automatically publish build results as a Build Scan on scans.gradle.com.
+      For publication to succeed without user input, you must also provide values for `build-scan-terms-of-service-url` and 'build-scan-terms-of-service-agree'.
+    required: false
+    default: false
+  build-scan-terms-of-service-url:
+    description: The URL to the Build Scan® terms of service. This input must be set to 'https://gradle.com/terms-of-service'.
+    required: false
+  build-scan-terms-of-service-agree:
+    description: Indicate that you agree to the Build Scan® terms of service. This input value must be "yes".
+    required: false
 
 runs:
   using: "composite"
   steps:
-    - name: Generate and submit dependency graph
+    - name: Check no setup-gradle
-      if: ${{ inputs.dependency-graph-action == 'generate-and-submit' }}
+      shell: bash
-      uses: gradle/actions/setup-gradle@v3-beta
+      run: |
+        if [ -n "${GRADLE_BUILD_ACTION_SETUP_COMPLETED}" ]; then
+          echo "The dependency-submission action cannot be used in the same Job as the setup-gradle action. Please use a separate Job for dependency submission."
+          exit 1
+        fi
+    - name: Generate dependency graph
+      if: ${{ inputs.dependency-graph == 'generate-and-submit' || inputs.dependency-graph == 'generate-and-upload' }}
+      uses: gradle/actions/setup-gradle@v3.1.0
       with:
-        dependency-graph: 'generate-and-submit'
+        dependency-graph: ${{ inputs.dependency-graph }}
         dependency-graph-continue-on-failure: false
         gradle-version: ${{ inputs.gradle-version }}
         build-root-directory: ${{ inputs.build-root-directory }}
         cache-encryption-key: ${{ inputs.cache-encryption-key }}
+        build-scan-publish: ${{ inputs.build-scan-publish }}
+        build-scan-terms-of-service-url: ${{ inputs.build-scan-terms-of-service-url }}
+        build-scan-terms-of-service-agree: ${{ inputs.build-scan-terms-of-service-agree }}
+        artifact-retention-days: 1
         arguments: |
-          --no-configure-on-demand
+          -Dorg.gradle.configureondemand=false
-          --dependency-verification=off
+          -Dorg.gradle.dependency.verification=off
-          --stacktrace
+          -Dorg.gradle.unsafe.isolated-projects=false
-          :ForceDependencyResolutionPlugin_resolveAllDependencies
-    - name: Generate and save dependency graph
-      if: ${{ inputs.dependency-graph-action == 'generate-and-save' }}
-      uses: gradle/actions/setup-gradle@v3-beta
-      with:
-        dependency-graph: generate-and-upload
-        dependency-graph-continue-on-failure: false
-        gradle-version: ${{ inputs.gradle-version }}
-        build-root-directory: ${{ inputs.build-root-directory }}
-        cache-encryption-key: ${{ inputs.cache-encryption-key }}
-        arguments: |
-          --no-configure-on-demand
-          --dependency-verification=off
-          --stacktrace
           :ForceDependencyResolutionPlugin_resolveAllDependencies
+          ${{ inputs.additional-arguments }}
     - name: Download and submit dependency graph
-      if: ${{ inputs.dependency-graph-action == 'retrieve-and-submit' }}
+      if: ${{ inputs.dependency-graph == 'download-and-submit' }}
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3.1.0
       with:
         dependency-graph: download-and-submit
         dependency-graph-continue-on-failure: false

dist/setup-gradle/main/index.js

@@ -138939,7 +138939,7 @@ const input_params_1 = __nccwpck_require__(23885);
 function setup() {
     if ((0, input_params_1.getBuildScanPublishEnabled)() && verifyTermsOfServiceAgreement()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true');
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.16.1');
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.16.2');
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '1.12.1');
         maybeExportVariable('BUILD_SCAN_TERMS_OF_SERVICE_URL', (0, input_params_1.getBuildScanTermsOfServiceUrl)());
         maybeExportVariable('BUILD_SCAN_TERMS_OF_SERVICE_AGREE', (0, input_params_1.getBuildScanTermsOfServiceAgree)());
@@ -139144,6 +139144,9 @@ class GradleStateCache {
         fs_1.default.mkdirSync(actionCacheDir, { recursive: true });
         this.copyInitScripts();
         this.registerToolchains();
+        if (core.isDebug()) {
+            this.configureInfoLogLevel();
+        }
     }
     copyInitScripts() {
         const initScriptsDir = path_1.default.resolve(this.gradleUserHome, 'init.d');
@@ -139179,12 +139182,25 @@ class GradleStateCache {
         }
     }
     readResourceFileAsString(...paths) {
-        const absolutePath = path_1.default.resolve(__dirname, '..', '..', 'sources', 'src', 'resources', ...paths);
+        const absolutePath = path_1.default.resolve(__dirname, '..', '..', '..', 'sources', 'src', 'resources', ...paths);
         return fs_1.default.readFileSync(absolutePath, 'utf8');
     }
+    configureInfoLogLevel() {
+        const infoProperties = `org.gradle.logging.level=info\norg.gradle.logging.stacktrace=all\n`;
+        const propertiesFile = path_1.default.resolve(this.gradleUserHome, 'gradle.properties');
+        if (fs_1.default.existsSync(propertiesFile)) {
+            core.info(`Merged --info and --stacktrace into existing ${propertiesFile} file`);
+            const existingProperties = fs_1.default.readFileSync(propertiesFile, 'utf-8');
+            fs_1.default.writeFileSync(propertiesFile, `${infoProperties}\n${existingProperties}`);
+        }
+        else {
+            core.info(`Created a new ${propertiesFile} with --info and --stacktrace`);
+            fs_1.default.writeFileSync(propertiesFile, infoProperties);
+        }
+    }
     debugReportGradleUserHomeSize(label) {
         return __awaiter(this, void 0, void 0, function* () {
-            if (!(0, cache_utils_1.isCacheDebuggingEnabled)()) {
+            if (!(0, cache_utils_1.isCacheDebuggingEnabled)() && !core.isDebug()) {
                 return;
             }
             if (!fs_1.default.existsSync(this.gradleUserHome)) {
@@ -140722,6 +140738,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.gradleWrapperScript = exports.installScriptFilename = exports.wrapperScriptFilename = void 0;
+const core = __importStar(__nccwpck_require__(42186));
 const path = __importStar(__nccwpck_require__(71017));
 const fs_1 = __importDefault(__nccwpck_require__(57147));
 const IS_WINDOWS = process.platform === 'win32';
@@ -140755,7 +140772,8 @@ function verifyIsExecutableScript(toExecute) {
         fs_1.default.accessSync(toExecute, fs_1.default.constants.X_OK);
     }
     catch (err) {
-        throw new Error(`Gradle script '${toExecute}' is not executable.`);
+        core.warning(`Gradle wrapper script '${toExecute}' is not executable. Action will set executable permission and continue.`);
+        fs_1.default.chmodSync(toExecute, '755');
     }
 }
 
@@ -141039,7 +141057,9 @@ function addPRComment(jobSummary) {
         const pull_request_number = context.payload.pull_request.number;
         core.info(`Adding Job Summary as comment to PR #${pull_request_number}.`);
         const prComment = `<h3>Job Summary for Gradle</h3>
-<h5>${github.context.workflow} :: <em>${github.context.job}</em></h5>
+<a href="${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}" target="_blank">
+<h5>${context.workflow} :: <em>${context.job}</em></h5>
+</a>
 
 ${jobSummary}`;
         const github_token = params.getGithubToken();
@@ -141108,7 +141128,7 @@ function renderBuildScan(result) {
 function renderBuildScanBadge(outcomeText, outcomeColor, targetUrl) {
     const badgeUrl = `https://img.shields.io/badge/Build%20Scan%C2%AE-${outcomeText}-${outcomeColor}?logo=Gradle`;
     const badgeHtml = `<img src="${badgeUrl}" alt="Build Scan ${outcomeText}" />`;
-    return `<a href="${targetUrl}" rel="nofollow">${badgeHtml}</a>`;
+    return `<a href="${targetUrl}" rel="nofollow" target="_blank">${badgeHtml}</a>`;
 }
 function shouldGenerateJobSummary(buildResults) {
     if (!process.env[summary_1.SUMMARY_ENV_VAR]) {
@@ -141135,77 +141155,6 @@ function shouldAddJobSummary(option, buildResults) {
 }
 
 
-/***/ }),
-
-/***/ 70399:
-/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
-
-"use strict";
-
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.run = void 0;
-const core = __importStar(__nccwpck_require__(42186));
-const setupGradle = __importStar(__nccwpck_require__(18652));
-const execution = __importStar(__nccwpck_require__(23584));
-const provisioner = __importStar(__nccwpck_require__(32501));
-const layout = __importStar(__nccwpck_require__(28182));
-const params = __importStar(__nccwpck_require__(23885));
-function run() {
-    return __awaiter(this, void 0, void 0, function* () {
-        try {
-            yield setupGradle.setup();
-            const executable = yield provisioner.provisionGradle();
-            const args = params.getArguments();
-            if (args.length > 0) {
-                const buildRootDirectory = layout.buildRootDirectory();
-                yield execution.executeGradleBuild(executable, buildRootDirectory, args);
-            }
-        }
-        catch (error) {
-            core.setFailed(String(error));
-            if (error instanceof Error && error.stack) {
-                core.info(error.stack);
-            }
-        }
-        process.exit();
-    });
-}
-exports.run = run;
-run();
-
-
 /***/ }),
 
 /***/ 32501:
@@ -141602,6 +141551,77 @@ function determineUserHome() {
 }
 
 
+/***/ }),
+
+/***/ 4637:
+/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
+
+"use strict";
+
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.run = void 0;
+const core = __importStar(__nccwpck_require__(42186));
+const setupGradle = __importStar(__nccwpck_require__(18652));
+const execution = __importStar(__nccwpck_require__(23584));
+const provisioner = __importStar(__nccwpck_require__(32501));
+const layout = __importStar(__nccwpck_require__(28182));
+const params = __importStar(__nccwpck_require__(23885));
+function run() {
+    return __awaiter(this, void 0, void 0, function* () {
+        try {
+            yield setupGradle.setup();
+            const executable = yield provisioner.provisionGradle();
+            const args = params.getArguments();
+            if (args.length > 0) {
+                const buildRootDirectory = layout.buildRootDirectory();
+                yield execution.executeGradleBuild(executable, buildRootDirectory, args);
+            }
+        }
+        catch (error) {
+            core.setFailed(String(error));
+            if (error instanceof Error && error.stack) {
+                core.info(error.stack);
+            }
+        }
+        process.exit();
+    });
+}
+exports.run = run;
+run();
+
+
 /***/ }),
 
 /***/ 22877:
@@ -141995,7 +142015,7 @@ module.exports = JSON.parse('[[[0,44],"disallowed_STD3_valid"],[[45,46],"valid"]
 /******/ 	// startup
 /******/ 	// Load entry module and return exports
 /******/ 	// This entry module is referenced by other modules so it can't be inlined
-/******/ 	var __webpack_exports__ = __nccwpck_require__(70399);
+/******/ 	var __webpack_exports__ = __nccwpck_require__(4637);
 /******/ 	module.exports = __webpack_exports__;
 /******/ 	
 /******/ })()

dist/setup-gradle/post/index.js

@@ -136392,7 +136392,7 @@ const input_params_1 = __nccwpck_require__(23885);
 function setup() {
     if ((0, input_params_1.getBuildScanPublishEnabled)() && verifyTermsOfServiceAgreement()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true');
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.16.1');
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.16.2');
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '1.12.1');
         maybeExportVariable('BUILD_SCAN_TERMS_OF_SERVICE_URL', (0, input_params_1.getBuildScanTermsOfServiceUrl)());
         maybeExportVariable('BUILD_SCAN_TERMS_OF_SERVICE_AGREE', (0, input_params_1.getBuildScanTermsOfServiceAgree)());
@@ -136597,6 +136597,9 @@ class GradleStateCache {
         fs_1.default.mkdirSync(actionCacheDir, { recursive: true });
         this.copyInitScripts();
         this.registerToolchains();
+        if (core.isDebug()) {
+            this.configureInfoLogLevel();
+        }
     }
     copyInitScripts() {
         const initScriptsDir = path_1.default.resolve(this.gradleUserHome, 'init.d');
@@ -136632,12 +136635,25 @@ class GradleStateCache {
         }
     }
     readResourceFileAsString(...paths) {
-        const absolutePath = path_1.default.resolve(__dirname, '..', '..', 'sources', 'src', 'resources', ...paths);
+        const absolutePath = path_1.default.resolve(__dirname, '..', '..', '..', 'sources', 'src', 'resources', ...paths);
         return fs_1.default.readFileSync(absolutePath, 'utf8');
     }
+    configureInfoLogLevel() {
+        const infoProperties = `org.gradle.logging.level=info\norg.gradle.logging.stacktrace=all\n`;
+        const propertiesFile = path_1.default.resolve(this.gradleUserHome, 'gradle.properties');
+        if (fs_1.default.existsSync(propertiesFile)) {
+            core.info(`Merged --info and --stacktrace into existing ${propertiesFile} file`);
+            const existingProperties = fs_1.default.readFileSync(propertiesFile, 'utf-8');
+            fs_1.default.writeFileSync(propertiesFile, `${infoProperties}\n${existingProperties}`);
+        }
+        else {
+            core.info(`Created a new ${propertiesFile} with --info and --stacktrace`);
+            fs_1.default.writeFileSync(propertiesFile, infoProperties);
+        }
+    }
     debugReportGradleUserHomeSize(label) {
         return __awaiter(this, void 0, void 0, function* () {
-            if (!(0, cache_utils_1.isCacheDebuggingEnabled)()) {
+            if (!(0, cache_utils_1.isCacheDebuggingEnabled)() && !core.isDebug()) {
                 return;
             }
             if (!fs_1.default.existsSync(this.gradleUserHome)) {
@@ -138360,7 +138376,9 @@ function addPRComment(jobSummary) {
         const pull_request_number = context.payload.pull_request.number;
         core.info(`Adding Job Summary as comment to PR #${pull_request_number}.`);
         const prComment = `<h3>Job Summary for Gradle</h3>
-<h5>${github.context.workflow} :: <em>${github.context.job}</em></h5>
+<a href="${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}" target="_blank">
+<h5>${context.workflow} :: <em>${context.job}</em></h5>
+</a>
 
 ${jobSummary}`;
         const github_token = params.getGithubToken();
@@ -138429,7 +138447,7 @@ function renderBuildScan(result) {
 function renderBuildScanBadge(outcomeText, outcomeColor, targetUrl) {
     const badgeUrl = `https://img.shields.io/badge/Build%20Scan%C2%AE-${outcomeText}-${outcomeColor}?logo=Gradle`;
     const badgeHtml = `<img src="${badgeUrl}" alt="Build Scan ${outcomeText}" />`;
-    return `<a href="${targetUrl}" rel="nofollow">${badgeHtml}</a>`;
+    return `<a href="${targetUrl}" rel="nofollow" target="_blank">${badgeHtml}</a>`;
 }
 function shouldGenerateJobSummary(buildResults) {
     if (!process.env[summary_1.SUMMARY_ENV_VAR]) {
@@ -138456,77 +138474,6 @@ function shouldAddJobSummary(option, buildResults) {
 }
 
 
-/***/ }),
-
-/***/ 87051:
-/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
-
-"use strict";
-
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.run = void 0;
-const core = __importStar(__nccwpck_require__(42186));
-const setupGradle = __importStar(__nccwpck_require__(18652));
-const errors_1 = __nccwpck_require__(36976);
-process.on('uncaughtException', e => handleFailure(e));
-function run() {
-    return __awaiter(this, void 0, void 0, function* () {
-        try {
-            yield setupGradle.complete();
-        }
-        catch (error) {
-            if (error instanceof errors_1.PostActionJobFailure) {
-                core.setFailed(String(error));
-            }
-            else {
-                handleFailure(error);
-            }
-        }
-        process.exit();
-    });
-}
-exports.run = run;
-function handleFailure(error) {
-    core.warning(`Unhandled error in Gradle post-action - job will continue: ${error}`);
-    if (error instanceof Error && error.stack) {
-        core.info(error.stack);
-    }
-}
-run();
-
-
 /***/ }),
 
 /***/ 28182:
@@ -138699,6 +138646,77 @@ function determineUserHome() {
 }
 
 
+/***/ }),
+
+/***/ 88766:
+/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
+
+"use strict";
+
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.run = void 0;
+const core = __importStar(__nccwpck_require__(42186));
+const setupGradle = __importStar(__nccwpck_require__(18652));
+const errors_1 = __nccwpck_require__(36976);
+process.on('uncaughtException', e => handleFailure(e));
+function run() {
+    return __awaiter(this, void 0, void 0, function* () {
+        try {
+            yield setupGradle.complete();
+        }
+        catch (error) {
+            if (error instanceof errors_1.PostActionJobFailure) {
+                core.setFailed(String(error));
+            }
+            else {
+                handleFailure(error);
+            }
+        }
+        process.exit();
+    });
+}
+exports.run = run;
+function handleFailure(error) {
+    core.warning(`Unhandled error in Gradle post-action - job will continue: ${error}`);
+    if (error instanceof Error && error.stack) {
+        core.info(error.stack);
+    }
+}
+run();
+
+
 /***/ }),
 
 /***/ 22877:
@@ -139092,7 +139110,7 @@ module.exports = JSON.parse('[[[0,44],"disallowed_STD3_valid"],[[45,46],"valid"]
 /******/ 	// startup
 /******/ 	// Load entry module and return exports
 /******/ 	// This entry module is referenced by other modules so it can't be inlined
-/******/ 	var __webpack_exports__ = __nccwpck_require__(87051);
+/******/ 	var __webpack_exports__ = __nccwpck_require__(88766);
 /******/ 	module.exports = __webpack_exports__;
 /******/ 	
 /******/ })()

setup-gradle/README.md

@@ -40,7 +40,7 @@ jobs:
         java-version: 11
         
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3
     
     - name: Execute Gradle build
       run: ./gradlew build
@@ -52,7 +52,7 @@ The `setup-gradle` action can download and install a specified Gradle version, a
 Downloaded Gradle versions are stored in the GitHub Actions cache, to avoid requiring downloading again later.
 
 ```yaml
- - uses: gradle/actions/setup-gradle@v3-beta
+ - uses: gradle/actions/setup-gradle@v3
    with:
      gradle-version: 6.5
 ```
@@ -87,7 +87,7 @@ jobs:
       with:
         distribution: temurin
         java-version: 11
-    - uses: gradle/actions/setup-gradle@v3-beta
+    - uses: gradle/actions/setup-gradle@v3
       id: setup-gradle
       with:
         gradle-version: release-candidate
@@ -167,7 +167,7 @@ secrets](https://docs.gradle.org/release-nightly/userguide/configuration_cache.h
 In order to benefit from configuration caching in your GitHub Actions workflow, you must:
 - Execute your build with Gradle 8.6 or newer. This can be achieved directly, or via the Gradle Wrapper.
 - Enable the configuration cache for your build.
-- Generate a [valid Gradle encryption key](https://docs.gradle.org/8.6-rc-1/userguide/configuration_cache.html#config_cache:secrets:configuring_encryption_key) and save it as a [GitHub Actions secret](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions).
+- Generate a [valid Gradle encryption key](https://docs.gradle.org/8.6/userguide/configuration_cache.html#config_cache:secrets:configuring_encryption_key) and save it as a [GitHub Actions secret](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions).
 - Provide the secret key via the `cache-encryption-key` action parameter.
 
 ```yaml
@@ -176,9 +176,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: gradle/actions/setup-gradle@v3-beta
+    - uses: gradle/actions/setup-gradle@v3
       with:
-        gradle-version: 8.6-rc-1
+        gradle-version: 8.6
         cache-encryption-key: ${{ secrets.GradleEncryptionKey }}
     - run: gradle build --configuration-cache
 ```
@@ -193,20 +193,6 @@ Specifically:
 
 Using either of these mechanisms may interfere with the caching provided by this action. If you choose to use a different mechanism to save and restore the Gradle User Home, you should disable the caching provided by this action, as described above.
 
-### Cache debugging and analysis
-
-A report of all cache entries restored and saved is printed to the Job Summary when saving the cache entries. 
-This report can provide valuable insight into how much cache space is being used.
-
-It is possible to enable additional debug logging for cache operations. You do via the `GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED` environment variable:
-
-```yaml
-env:
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
-```
-
-Note that this setting will also prevent certain cache operations from running in parallel, further assisting with debugging.
-
 ## How Gradle User Home caching works
 
 ### Properties of the GitHub Actions cache
@@ -327,7 +313,6 @@ See [Using the cache read-only](#using-the-cache-read-only) for more details.
 Note there are some cases where writing cache entries is typically unhelpful (these are disabled by default):
 - For `pull_request` triggered runs, the cache scope is limited to the merge ref (`refs/pull/.../merge`) and can only be restored by re-runs of the same pull request.
 - For `merge_group` triggered runs, the cache scope is limited to a temporary branch with a special prefix created to validate pull request changes, and won't be available on subsequent Merge Queue executions.
-
   
 ### Exclude content from Gradle User Home cache
 
@@ -366,6 +351,32 @@ Gradle Home cache cleanup is considered experimental and is disabled by default.
 ```yaml
 gradle-home-cache-cleanup: true
 ```
+## Debugging and Troubleshooting
+
+In order to debug a failed job, it can be useful to run with [debug logging enabled](https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging).
+You can enable debug logging either by adding an `ACTIONS_STEP_DEBUG` variable to your repository configuration, or by re-running a Job and checking the "Enable debug logging" box.
+
+### Increased logging from Gradle builds
+
+When debug logging is enabled, this action will cause all builds to run with the `--info` and `--stacktrace` options. 
+This is done by inserting the relevant [Gradle properties](https://docs.gradle.org/current/userguide/build_environment.html#sec:gradle_configuration_properties) 
+at the top of the `${GRADLE_USER_HOME}/gradle.properties` file.
+
+If the additional Gradle logging produced is problematic, you may opt-out of this behaviour by setting these properties manually in your project `gradle.properties` file:
+
+```properties
+# default lifecycle
+org.gradle.logging.level=lifecycle
+org.gradle.logging.stacktrace=internal
+```
+
+### Cache debugging and analysis
+
+A report of all cache entries restored and saved is printed to the Job Summary when saving the cache entries. 
+This report can provide valuable insight into how much cache space is being used.
+
+When debug logging is enabled, more detailed logging of cache operations is included in the GitHub actions log.
+This includes a breakdown of the contents of the Gradle User Home directory, which may assist in cache optimization.
 
 ## Build reporting
 
@@ -400,7 +411,7 @@ jobs:
     - name: Checkout project sources
       uses: actions/checkout@v4
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3
       with:
         add-job-summary-as-pr-comment: on-failure # Valid values are 'never' (default), 'always', and 'on-failure'
     - run: ./gradlew build --scan
@@ -432,7 +443,7 @@ jobs:
     - name: Checkout project sources
       uses: actions/checkout@v4
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3
     - name: Run build with Gradle wrapper
       run: ./gradlew build --scan
     - name: Upload build reports
@@ -459,7 +470,15 @@ You can use The `setup-gradle` action on GitHub Enterprise Server, and benefit f
 - Save/restore of Gradle User Home (requires GHES v3.5+ : GitHub Actions cache was introduced in GHES 3.5)
 - Support for GitHub Actions Job Summary (requires GHES 3.6+ : GitHub Actions Job Summary support was introduced in GHES 3.6). In earlier versions of GHES the build-results summary and caching report will be written to the workflow log, as part of the post-action step.
 
-# GitHub Dependency Graph support
+## GitHub Dependency Graph support
+
+> [!IMPORTANT]
+> The simplest (and recommended) way to generate a dependency graph is via a separate workflow 
+> using `gradle/actions/dependency-submission`. This action will attempt to detect all dependencies used by your build
+> without building and testing the project itself.
+>
+> See the [dependency-submission documentation](../dependency-submission/README.md) for up-to-date documentation.
+
 
 The `setup-gradle` action has support for submitting a [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) snapshot via the [GitHub Dependency Submission API](https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28).
 
@@ -467,7 +486,7 @@ The dependency graph snapshot is generated via integration with the [GitHub Depe
 
 The generated dependency graph snapshot reports all of the dependencies that were resolved during a build execution, and is used by GitHub to generate [Dependabot Alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) for vulnerable dependencies, as well as to populate the [Dependency Graph insights view](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#viewing-the-dependency-graph).
 
-## Enable Dependency Graph generation for a workflow
+### Basic usage
  
 You enable GitHub Dependency Graph support by setting the `dependency-graph` action parameter. Valid values are:
 
@@ -494,7 +513,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3
       with:
         dependency-graph: generate-and-submit
     - name: Run the usual CI build (dependency-graph will be generated and submitted post-job)
@@ -521,7 +540,7 @@ graph cannot be generated or submitted. You can enable this behaviour with the `
 
 ```yaml
 # Ensure that the workflow Job will fail if the dependency graph cannot be submitted
-- uses: gradle/actions/setup-gradle@v3-beta
+- uses: gradle/actions/setup-gradle@v3
   with:
     dependency-graph: generate-and-submit
     dependency-graph-continue-on-failure: false
@@ -539,7 +558,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3
       with:
         dependency-graph: generate-and-submit
     - name: Run a build, resolving the 'dependency-graph' plugin from the plugin portal proxy
@@ -548,65 +567,6 @@ jobs:
         GRADLE_PLUGIN_REPOSITORY_URL: "https://gradle-plugins-proxy.mycorp.com"
 ```
 
-### Integrating the `dependency-review-action`
-
-The GitHub [dependency-review-action](https://github.com/actions/dependency-review-action) helps you 
-understand dependency changes (and the security impact of these changes) for a pull request.
-For the `dependency-review-action` to succeed, it must run _after_ the dependency graph has been submitted for a PR.
-
-When using `generate-and-submit`, dependency graph files are submitted at the end of the job, after all steps have been
-executed. For this reason, the `dependency-review-action` must be executed in a dependent job,
-and not as a subsequent step in the job that generates the dependency graph.
-
-Example of a pull request workflow that executes a build for a pull request and runs the `dependency-review-action`:
-
-```yaml
-name: PR check
-
-on:
-  pull_request:
-  
-permissions:
-  contents: write
-  # Note that this permission will not be available if the PR is from a forked repository
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3-beta
-      with:
-        dependency-graph: generate-and-submit
-    - name: Run a build and generate the dependency graph which will be submitted post-job
-      run: ./gradlew build
-
-  dependency-review:
-    needs: build
-    runs-on: ubuntu-latest
-    - name: Perform dependency review
-      uses: actions/dependency-review-action@v4
-```
-
-See [Dependency Graphs for pull request workflows](#dependency-graphs-for-pull-request-workflows) for a more complex
-(and less functional) example that will work for pull requests submitted from forked repositories.
-
-## Limiting the scope of the dependency graph
-
-At times it is helpful to limit the dependencies reported to GitHub, in order to security alerts for dependencies that don't form a critical part of your product.
-For example, a vulnerability in the tool you use to generate documentation is unlikely to be as important as a vulnerability in one of your runtime dependencies.
-
-There are a number of techniques you can employ to limit the scope of the generated dependency graph:
-- [Don't generate a dependency graph for all Gradle executions](#choosing-which-gradle-invocations-will-generate-a-dependency-graph)
-- [For a Gradle execution, filter which Gradle projects and configurations will contribute dependencies](#filtering-which-gradle-configurations-contribute-to-the-dependency-graph)
-- [Use a separate workflow that only resolves the required dependencies](#use-a-dedicated-workflow-for-dependency-graph-generation)
-
-> [!NOTE]
-> Ideally, all dependencies involved in building and testing a project will be extracted and reported in a dependency graph. 
-> These dependencies would be assigned to different scopes (eg development, runtime, testing) and the GitHub UI would make it easy to opt-in to security alerts for different dependency scopes.
-> However, this functionality does not yet exist.
-
 ### Choosing which Gradle invocations will generate a dependency graph
 
 Once you enable the dependency graph support for a workflow job (via the `dependency-graph` parameter), dependencies will be collected and reported for all subsequent Gradle invocations.
@@ -619,7 +579,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3
       with:
         dependency-graph: generate-and-submit
     - name: Build the app, generating a graph of dependencies required
@@ -632,162 +592,22 @@ jobs:
 
 ### Filtering which Gradle Configurations contribute to the dependency graph
 
-If you do not want the dependency graph to include every dependency configuration in every project in your build, you can limit the
+If you do not want the dependency graph to include every dependency configuration in every project in your build, 
-dependency extraction to a subset of these.
+you can limit the dependency extraction to a subset of these.
 
-To restrict which Gradle subprojects contribute to the report, specify which projects to include via a regular expression.
+See the documentation for [dependency-submission](../dependency-submission/README.md) and the
-You can provide this value via the `DEPENDENCY_GRAPH_INCLUDE_PROJECTS` environment variable or system property.
+[GitHub Dependency Graph Gradle Plugin](https://github.com/gradle/github-dependency-graph-gradle-plugin?tab=readme-ov-file#filtering-which-gradle-configurations-contribute-to-the-dependency-graph) for details.
 
-To restrict which Gradle configurations contribute to the report, you can filter configurations by name using a regular expression.
+### Gradle version compatibility
-You can provide this value via the `DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS` environment variable or system property.
 
-For example, if you want to exclude dependencies in the `buildSrc` project, and only report on dependencies from the `runtimeClasspath` configuration,
+Dependency-graph generation is compatible with most versions of Gradle >= `5.2`, and is tested regularly against 
-you would use the following configuration:
+Gradle versions `5.2.1`, `5.6.4`, `6.0.1`, `6.9.4`, `7.1.1` and `7.6.3`, as well as all patched versions of Gradle 8.x.
 
-```yaml
+A known exception to this is that Gradle `7.0`, `7.0.1` and `7.0.2` are not supported.
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3-beta
-      with:
-        dependency-graph: generate-and-submit
-    - name: Run a build, generating the dependency graph from any resolved 'runtimeClasspath' configurations
-      run: ./gradlew build
-      env:
-        DEPENDENCY_GRAPH_INCLUDE_PROJECTS: "^:(?!buildSrc).*"
-        DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: runtimeClasspath
-```
 
-### Use a dedicated workflow for dependency graph generation
+See [here](https://github.com/gradle/github-dependency-graph-gradle-plugin?tab=readme-ov-file#gradle-compatibility) for complete compatibility information.
 
-Instead of generating a dependency graph from your existing CI workflow, it's possible to create a separate dedicated workflow (or Job) that is intended for generating a dependency graph.
+### Reducing storage costs for saved dependency graph artifacts
-Such a workflow will still need to execute Gradle, but can do so in a way that is targeted at resolving the specific dependencies required.
-
-For example, the following workflow will report those dependencies that are resolved in order to build the `distributionZip` for the `my-app` project. Test dependencies and other dependencies not required by the `distributionZip` will not be included.
-
-```yaml
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3-beta
-      with:
-        dependency-graph: generate-and-submit
-    - name: Build the distribution Zip for `my-app`
-      run: ./gradlew :my-app:distributionZip
-```
-
-Note that the above example will also include any `buildSrc` dependencies, dependencies resolved when configuring your Gradle build or dependencies resolved while applying plugin. All of these dependencies are resolved in the process of running the `distributionZip` task, and thus will form part of the generated dependency graph.
-
-If this isn't desirable, you will still need to use the filtering mechanism described above.
-
-## Dependency Graphs for pull request workflows
-
-This `contents: write` permission is not available for any workflow that is triggered by a pull request submitted from a forked repository, since it would permit a malicious pull request to make repository changes. 
-
-Because of this restriction, it is not possible to `generate-and-submit` a dependency graph generated for a pull-request that comes from a repository fork. In order to do so, 2 workflows will be required:
-1. The first workflow runs directly against the pull request sources and will generate the dependency graph snapshot.
-2. The second workflow is triggered on `workflow_run` of the first workflow, and will submit the previously saved dependency snapshots.
-
-Note: when `download-and-submit` is used in a workflow triggered via [workflow_run](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run), the action will download snapshots saved in the triggering workflow.
-
-***Main workflow file***
-```yaml
-name: run-build-and-generate-dependency-snapshot
-
-on:
-  pull_request:
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3-beta
-      with:
-        dependency-graph: generate-and-upload # Generate graphs and save as workflow artifacts
-    - name: Run a build, generating the dependency graph snapshot which will be submitted
-      run: ./gradlew build
-```
-
-***Dependent workflow file***
-```yaml
-name: submit-dependency-snapshot
-
-on:
-  workflow_run:
-    workflows: ['run-build-and-generate-dependency-snapshot']
-    types: [completed]
-
-permissions:
-  contents: write
-
-jobs:
-  submit-dependency-graph:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Retrieve dependency graph artifact and submit
-      uses: gradle/actions/setup-gradle@v3-beta
-      with:
-        dependency-graph: download-and-submit # Download saved workflow artifacts and submit
-```
-
-### Integrating `dependency-review-action` for pull request workflows
-
-The GitHub [dependency-review-action](https://github.com/actions/dependency-review-action) helps you 
-understand dependency changes (and the security impact of these changes) for a pull request.
-
-To integrate the `dependency-review-action` into the pull request workflows above, a separate workflow should be added.
-This workflow will be triggered directly on `pull_request`, but will need to wait until the dependency graph results are
-submitted before the dependency review can complete. How long to wait is controlled by the `retry-on-snapshot-warnings` input parameters.
-
-Here's an example of a separate "Dependency Review" workflow that will wait for 10 minutes for the PR check workflow to complete.
-
-```yaml
-name: dependency-review
-on:
-  pull_request:
-
-permissions:
-  contents: read
-  pull-requests: write
-
-jobs:
-  dependency-review:
-    runs-on: ubuntu-latest
-    steps:
-    - name: 'Dependency Review'
-      uses: actions/dependency-review-action@v4
-      with:
-        retry-on-snapshot-warnings: true
-        retry-on-snapshot-warnings-timeout: 600
-```
-
-The `retry-on-snapshot-warnings-timeout` (in seconds) needs to be long enough to allow the entire `run-build-and-generate-dependency-snapshot` and `submit-dependency-snapshot` workflows (above) to complete.
-
-## Gradle version compatibility
-
-The GitHub Dependency Graph plugin should be compatible with all versions of Gradle >= 5.0, and has been tested against 
-Gradle versions "5.6.4", "6.9.4", "7.0.2", "7.6.2", "8.0.2" and the current Gradle release.
-
-The plugin is compatible with running Gradle with the configuration-cache enabled. However, this support is
-limited to Gradle "8.1.0" and later:
-- With Gradle "8.0", the build should run successfully, but an empty dependency graph will be generated.
-- With Gradle <= "7.6.4", the plugin will cause the build to fail with configuration-cache enabled.
-
-To use this plugin with versions of Gradle older than "8.1.0", you'll need to invoke Gradle with the
-configuration-cache disabled.
-
-## Reducing storage costs for saved dependency graph artifacts
 
 When `generate` or `generate-and-submit` is used with the action, the dependency graph that is generated is stored as a workflow artifact. 
 By default, these artifacts are retained for a period of 30 days (or as configured for the repository).
@@ -796,14 +616,12 @@ To reduce storage costs for these artifacts, you can set the `artifact-retention
 ```yaml
     steps:
     - name: Generate dependency graph, but only retain artifact for one day
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3
       with:
         dependency-graph: generate
         artifact-retention-days: 1
 ```
 
-
-
 # Develocity plugin injection
 
 The `setup-gradle` action provides support for injecting and configuring the Develocity Gradle plugin into any Gradle build, without any modification to the project sources.
@@ -823,7 +641,7 @@ name: Run build with Develocity injection
 env:
   DEVELOCITY_INJECTION_ENABLED: true
   DEVELOCITY_URL: https://develocity.your-server.com
-  DEVELOCITY_PLUGIN_VERSION: 3.16.1
+  DEVELOCITY_PLUGIN_VERSION: 3.16.2
 
 jobs:
   build:
@@ -831,12 +649,12 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3
     - name: Run a Gradle build with Develocity injection enabled
       run: ./gradlew build
 ```
 
-This configuration will automatically apply `v3.16.1` of the [Develocity Gradle plugin](https://docs.gradle.com/enterprise/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+This configuration will automatically apply `v3.16.2` of the [Develocity Gradle plugin](https://docs.gradle.com/enterprise/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
 
 This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
 In the likely scenario that your Develocity server requires authentication, you will also need to configure an addition environment variable
@@ -872,7 +690,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Setup Gradle to publish build scans
-      uses: gradle/actions/setup-gradle@v3-beta
+      uses: gradle/actions/setup-gradle@v3
       with:
         build-scan-publish: true
         build-scan-terms-of-service-url: "https://gradle.com/terms-of-service"
@@ -881,4 +699,3 @@ jobs:
     - name: Run a Gradle build - a build scan will be published automatically
       run: ./gradlew build
 ```
-

setup-gradle/action.yml

@@ -1,4 +1,4 @@
-name: "Gradle Build Action"
+name: 'Setup Gradle'
 description: 'Configures Gradle for GitHub actions, caching state and generating a dependency graph via Dependency Submission.'
 
 # https://help.github.com/en/articles/metadata-syntax-for-github-actions
@@ -143,8 +143,8 @@ outputs:
 
 runs:
   using: 'node20'
-  main: '../dist/main/index.js'
+  main: '../dist/setup-gradle/main/index.js'
-  post: '../dist/post/index.js'
+  post: '../dist/setup-gradle/post/index.js'
 
 branding:
   icon: 'box'

sources/build

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+cd sources
+npm run build

sources/build-and-test

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+cd sources
+npm run all

sources/package.json

@@ -8,8 +8,8 @@
     "format": "prettier --write **/*.ts",
     "format-check": "prettier --check **/*.ts",
     "lint": "eslint src/**/*.ts",
-    "compile-main": "ncc build src/main.ts --out ../dist/main --source-map --no-source-map-register",
+    "compile-setup-gradle-main": "ncc build src/setup-gradle/main.ts --out ../dist/setup-gradle/main --source-map --no-source-map-register",
-    "compile-post": "ncc build src/post.ts --out ../dist/post --source-map --no-source-map-register",
+    "compile-setup-gradle-post": "ncc build src/setup-gradle/post.ts --out ../dist/setup-gradle/post --source-map --no-source-map-register",
     "compile": "npm-run-all --parallel compile-*",
     "check": "npm-run-all --parallel format lint",
     "test": "jest",

sources/src/build-scan.ts

@@ -8,7 +8,7 @@ import {
 export function setup(): void {
     if (getBuildScanPublishEnabled() && verifyTermsOfServiceAgreement()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.16.1')
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.16.2')
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '1.12.1')
         maybeExportVariable('BUILD_SCAN_TERMS_OF_SERVICE_URL', getBuildScanTermsOfServiceUrl())
         maybeExportVariable('BUILD_SCAN_TERMS_OF_SERVICE_AGREE', getBuildScanTermsOfServiceAgree())

sources/src/cache-base.ts

@@ -192,6 +192,10 @@ export class GradleStateCache {
 
         // Copy the default toolchain definitions to `~/.m2/toolchains.xml`
         this.registerToolchains()
+
+        if (core.isDebug()) {
+            this.configureInfoLogLevel()
+        }
     }
 
     private copyInitScripts(): void {
@@ -233,18 +237,38 @@ export class GradleStateCache {
         }
     }
 
+    // TODO:DAZ Move this to a utility class
     private readResourceFileAsString(...paths: string[]): string {
         // Resolving relative to __dirname will allow node to find the resource at runtime
-        const absolutePath = path.resolve(__dirname, '..', '..', 'sources', 'src', 'resources', ...paths)
+        const absolutePath = path.resolve(__dirname, '..', '..', '..', 'sources', 'src', 'resources', ...paths)
         return fs.readFileSync(absolutePath, 'utf8')
     }
 
     /**
-     * When cache debugging is enabled, this method will give a detailed report
+     * When the GitHub environment ACTIONS_RUNNER_DEBUG is true, run Gradle with --info and --stacktrace.
-     * of the Gradle User Home contents.
+     * see https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging
+     *
+     * @VisibleForTesting
+     */
+    configureInfoLogLevel(): void {
+        const infoProperties = `org.gradle.logging.level=info\norg.gradle.logging.stacktrace=all\n`
+        const propertiesFile = path.resolve(this.gradleUserHome, 'gradle.properties')
+        if (fs.existsSync(propertiesFile)) {
+            core.info(`Merged --info and --stacktrace into existing ${propertiesFile} file`)
+            const existingProperties = fs.readFileSync(propertiesFile, 'utf-8')
+            fs.writeFileSync(propertiesFile, `${infoProperties}\n${existingProperties}`)
+        } else {
+            core.info(`Created a new ${propertiesFile} with --info and --stacktrace`)
+            fs.writeFileSync(propertiesFile, infoProperties)
+        }
+    }
+
+    /**
+     * When cache debugging is enabled (or ACTIONS_STEP_DEBUG is on),
+     * this method will give a detailed report of the Gradle User Home contents.
      */
     private async debugReportGradleUserHomeSize(label: string): Promise<void> {
-        if (!isCacheDebuggingEnabled()) {
+        if (!isCacheDebuggingEnabled() && !core.isDebug()) {
             return
         }
         if (!fs.existsSync(this.gradleUserHome)) {

sources/src/gradlew.ts

@@ -1,3 +1,4 @@
+import * as core from '@actions/core'
 import * as path from 'path'
 import fs from 'fs'
 
@@ -37,6 +38,9 @@ function verifyIsExecutableScript(toExecute: string): void {
     try {
         fs.accessSync(toExecute, fs.constants.X_OK)
     } catch (err) {
-        throw new Error(`Gradle script '${toExecute}' is not executable.`)
+        core.warning(
+            `Gradle wrapper script '${toExecute}' is not executable. Action will set executable permission and continue.`
+        )
+        fs.chmodSync(toExecute, '755')
     }
 }

sources/src/job-summary.ts

@@ -41,7 +41,9 @@ async function addPRComment(jobSummary: string): Promise<void> {
     core.info(`Adding Job Summary as comment to PR #${pull_request_number}.`)
 
     const prComment = `<h3>Job Summary for Gradle</h3>
-<h5>${github.context.workflow} :: <em>${github.context.job}</em></h5>
+<a href="${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}" target="_blank">
+<h5>${context.workflow} :: <em>${context.job}</em></h5>
+</a>
 
 ${jobSummary}`
 
@@ -123,7 +125,7 @@ function renderBuildScan(result: BuildResult): string {
 function renderBuildScanBadge(outcomeText: string, outcomeColor: string, targetUrl: string): string {
     const badgeUrl = `https://img.shields.io/badge/Build%20Scan%C2%AE-${outcomeText}-${outcomeColor}?logo=Gradle`
     const badgeHtml = `<img src="${badgeUrl}" alt="Build Scan ${outcomeText}" />`
-    return `<a href="${targetUrl}" rel="nofollow">${badgeHtml}</a>`
+    return `<a href="${targetUrl}" rel="nofollow" target="_blank">${badgeHtml}</a>`
 }
 
 function shouldGenerateJobSummary(buildResults: BuildResult[]): boolean {

sources/src/resources/init-scripts/gradle-actions.github-dependency-graph-gradle-plugin-apply.groovy

@@ -4,12 +4,13 @@ buildscript {
       return System.getProperty(name) ?: System.getenv(envVarName)
   }
   def pluginRepositoryUrl = getInputParam('gradle.plugin-repository.url') ?: 'https://plugins.gradle.org/m2'
+  def dependencyGraphPluginVersion = getInputParam('dependency-graph-plugin.version') ?: '1.2.2'
 
   repositories {
     maven { url pluginRepositoryUrl }
   }
   dependencies {
-    classpath "org.gradle:github-dependency-graph-gradle-plugin:1.1.1"
+    classpath "org.gradle:github-dependency-graph-gradle-plugin:${dependencyGraphPluginVersion}"
   }
 }
 apply plugin: org.gradle.github.GitHubDependencyGraphPlugin

sources/src/setup-gradle/main.ts

@@ -1,10 +1,10 @@
 import * as core from '@actions/core'
 
-import * as setupGradle from './setup-gradle'
+import * as setupGradle from '../setup-gradle'
-import * as execution from './execution'
+import * as execution from '../execution'
-import * as provisioner from './provision'
+import * as provisioner from '../provision'
-import * as layout from './repository-layout'
+import * as layout from '../repository-layout'
-import * as params from './input-params'
+import * as params from '../input-params'
 
 /**
  * The main entry point for the action, called by Github Actions for the step.

sources/src/setup-gradle/post.ts

@@ -1,6 +1,6 @@
 import * as core from '@actions/core'
-import * as setupGradle from './setup-gradle'
+import * as setupGradle from '../setup-gradle'
-import {PostActionJobFailure} from './errors'
+import {PostActionJobFailure} from '../errors'
 
 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
 // @actions/toolkit when a failed upload closes the file descriptor causing any in-process reads to

sources/test/init-scripts/build.gradle

@@ -20,7 +20,7 @@ dependencies {
     testImplementation ('io.ratpack:ratpack-groovy-test:1.9.0') {
         exclude group: 'org.codehaus.groovy', module: 'groovy-all'
     }
-    testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.16.0'
+    testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.16.1'
 }
 
 test {

sources/test/init-scripts/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.enterprise" version "3.16.1"
+    id "com.gradle.enterprise" version "3.16.2"
     id "com.gradle.common-custom-user-data-gradle-plugin" version "1.12.1"
 }
 

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy

@@ -16,7 +16,7 @@ import java.nio.file.Files
 import java.util.zip.GZIPOutputStream
 
 class BaseInitScriptTest extends Specification {
-    static final String DEVELOCITY_PLUGIN_VERSION = '3.16.1'
+    static final String DEVELOCITY_PLUGIN_VERSION = '3.16.2'
     static final String CCUD_PLUGIN_VERSION = '1.12.1'
 
     static final TestGradleVersion GRADLE_3_X = new TestGradleVersion(GradleVersion.version('3.5.1'), 7, 9)

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestBuildResultRecorder.groovy

@@ -171,7 +171,7 @@ class TestBuildResultRecorder extends BaseInitScriptTest {
         when:
         settingsFile.text = """
             plugins {
-                id 'com.gradle.enterprise' version '3.16.1' apply(false)
+                id 'com.gradle.enterprise' version '3.16.2' apply(false)
             }
             gradle.settingsEvaluated {
                 apply plugin: 'com.gradle.enterprise'

sources/test/jest/cache-debug.test.ts

@@ -0,0 +1,30 @@
+import {GradleStateCache} from "../../src/cache-base"
+import * as path from 'path'
+import * as fs from 'fs'
+
+describe("--info and --stacktrace", () => {
+    describe("will be created", () => {
+        it("when gradle.properties does not exists", async () => {
+            const emptyGradleHome = 'test/jest/resources/gradle-home/empty'
+            fs.rmSync(path.resolve(emptyGradleHome, "gradle.properties"), {force: true})
+
+            const stateCache = new GradleStateCache("ignored", emptyGradleHome)
+            stateCache.configureInfoLogLevel()
+
+            expect(fs.readFileSync(path.resolve(emptyGradleHome, "gradle.properties"), 'utf-8'))
+                .toBe("org.gradle.logging.level=info\norg.gradle.logging.stacktrace=all\n")
+        })
+    })
+    describe("will be added", () => {
+        it("and gradle.properties does exists", async () => {
+            const existingGradleHome = 'test/jest/resources/gradle-home/existing'
+            fs.writeFileSync(path.resolve(existingGradleHome, "gradle.properties"), "org.gradle.logging.level=debug\n")
+
+            const stateCache = new GradleStateCache("ignored", existingGradleHome)
+            stateCache.configureInfoLogLevel()
+
+            expect(fs.readFileSync(path.resolve(existingGradleHome, "gradle.properties"), 'utf-8'))
+                .toBe("org.gradle.logging.level=info\norg.gradle.logging.stacktrace=all\n\norg.gradle.logging.level=debug\n")
+        })
+    })
+})

sources/test/jest/resources/gradle-home/empty/.gitignore

@@ -0,0 +1 @@
+gradle.properties

sources/test/jest/resources/gradle-home/existing/gradle.properties

@@ -0,0 +1 @@
+org.gradle.logging.level=debug

sources/tsconfig.json

@@ -59,5 +59,6 @@
     // "experimentalDecorators": true,        /* Enables experimental support for ES7 decorators. */
     // "emitDecoratorMetadata": true,         /* Enables experimental support for emitting type metadata for decorators. */
   },
+  "include": ["src/**/*.ts"],
   "exclude": ["node_modules", "**/*.test.ts"]
 }