[bot] Update dist directory

If the `DEPENDENCY_GRAPH_REPORT_DIR` var is set, use this value when locating dependency-graph files to upload/submit.

Fixes #188

.github/workflow-samples/groovy-dsl/settings.gradle

@@ -1,6 +1,6 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.1"
-    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0"
+    id "com.gradle.develocity" version "3.17.2"
+    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.1"
 }
 
 develocity {

.github/workflow-samples/kotlin-dsl/settings.gradle.kts

@@ -1,6 +1,6 @@
 plugins {
-    id("com.gradle.develocity") version "3.17.1"
-    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0"
+    id("com.gradle.develocity") version "3.17.2"
+    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
 }
 
 develocity {

.github/workflow-samples/no-wrapper-gradle-5/build.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.1" 
+    id "com.gradle.develocity" version "3.17.2" 
 }
 
 develocity {

.github/workflow-samples/no-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.1"
+    id "com.gradle.develocity" version "3.17.2"
 }
 
 develocity {

.github/workflow-samples/non-executable-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17"
+    id "com.gradle.develocity" version "3.17.2"
 }
 
 develocity {

.github/workflows/integ-test-dependency-submission-failures.yml

@@ -1,4 +1,4 @@
-name: Test dependency graph
+name: Test dependency submission failures
 
 on:
   workflow_call:

.github/workflows/integ-test-dependency-submission.yml

@@ -1,4 +1,4 @@
-name: Test dependency graph
+name: Test dependency submission
 
 on:
   workflow_call:
@@ -245,3 +245,79 @@ jobs:
       uses: ./dependency-submission
       with:
         build-root-directory: .github/workflow-samples/groovy-dsl
+
+  custom-report-dir-submit:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Generate dependency graph
+      id: dependency-graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: generate-and-submit
+        build-root-directory: .github/workflow-samples/groovy-dsl
+      env: 
+        DEPENDENCY_GRAPH_REPORT_DIR: '${{ github.workspace }}/custom/report-dir'
+    - name: Check generated dependency graphs
+      shell: bash
+      run: |
+        echo "report file: ${{ steps.dependency-graph.outputs.dependency-graph-file }}"
+        
+        if [ ! -e "${{ steps.dependency-graph.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find dependency graph file"
+            exit 1
+        fi
+
+        if [ -z "$(ls -A "${{ github.workspace }}/custom/report-dir")" ]; then
+          echo "No dependency graph files found in custom directory"
+          exit 1
+        fi
+
+  custom-report-dir-upload:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Generate and upload dependency graph
+      id: dependency-graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: generate-and-upload
+        build-root-directory: .github/workflow-samples/groovy-dsl
+      env: 
+        DEPENDENCY_GRAPH_REPORT_DIR: '${{ github.workspace }}/custom/report-dir'
+
+  custom-report-dir-download-and-submit:
+    needs: custom-report-dir-upload
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Download and submit dependency graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: download-and-submit
+        build-root-directory: .github/workflow-samples/groovy-dsl
+      env: 
+        DEPENDENCY_GRAPH_REPORT_DIR: '${{ github.workspace }}/custom/report-dir'
+    - name: Check downloaded dependency graph
+      shell: bash
+      run: |
+        if [ -z "$(ls -A "${{ github.workspace }}/custom/report-dir")" ]; then
+          echo "No dependency graph files found in custom directory"
+          exit 1
+        fi

.github/workflows/integ-test-inject-develocity.yml

@@ -33,7 +33,7 @@ jobs:
       matrix:
         gradle: [current, 7.6.2, 6.9.4, 5.6.4]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.17]
+        plugin-version: [3.16.2, 3.17.2]
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources

.github/workflows/update-checksums-file.yml

@@ -48,7 +48,7 @@ jobs:
           body: |
             Automatically generated pull request to update the known wrapper checksums.
 
-            In case of conflicts, manually run the workflow from the [Actions tab](https://github.com/gradle/wrapper-validation-action/actions/workflows/update-checksums-file.yml), the changes will then be force-pushed onto this pull request branch.
+            In case of conflicts, manually run the workflow from the [Actions tab](https://github.com/gradle/actions/actions/workflows/update-checksums-file.yml), the changes will then be force-pushed onto this pull request branch.
             Do not manually update the pull request branch; those changes might get overwritten.
 
             > [!IMPORTANT]  

.gitignore

@@ -1,3 +1,2 @@
 .git
 .vscode
-actions.code-workspace

README.md

@@ -15,7 +15,8 @@ The recommended way to execute any Gradle build is with the help of the [Gradle
 ```yaml
 name: Build
 
-on: [ push ]
+on:
+  push:
 
 jobs:
   build:
@@ -48,7 +49,9 @@ Simply add this as a new workflow file to your repository (eg `.github/workflows
 ```yaml
 name: Dependency Submission
 
-on: [ push ]
+on:
+  push:
+    branches: [ 'main' ]
 
 permissions:
   contents: write
@@ -80,7 +83,10 @@ The action should be run in the root of the repository, as it will recursively s
 
 ```yaml
 name: "Validate Gradle Wrapper"
-on: [push, pull_request]
+
+on:
+  push:
+  pull_request:
 
 jobs:
   validation:

RELEASING.md

@@ -1,8 +1,9 @@
 # Gradle GitHub Actions release process
 
 ## Preparation
-- Push any outstanding changes to branch main. For any change that impacts the released action, you must run npm via `./build all` and commit the various files generated into the dist directory.
+- Push any outstanding changes to branch main.
 - Check that https://github.com/gradle/actions/actions is green for all workflows for the main branch.
+  - This should include any workflows triggered by `[bot] Update dist directory`
 - Decide on the version number to use for the release. The action releases should follow semantic versioning.
   - By default, a patch release is assumed (eg. `3.0.0` → `3.0.1`)
   - If new features have been added, bump the minor version (eg `3.1.1` → `3.2.0`)
@@ -11,14 +12,12 @@
 
 ## Release gradle/actions
 - Create a tag for the release. The tag should have the format `v3.1.0`
-  - From CLI: `git tag v3.1.0`
-- Push the commit and tag
-  - From CLI: `git push --tags`
+  - From CLI: `git tag v3.1.0 && git push --tags`
 - Go to https://github.com/gradle/actions/releases and "Draft new release"
   - Use the newly created tag and copy the tag name exactly as the release title.
   - Craft release notes content based on issues closed, PRs merged and commits
   - Include a Full changelog link in the format https://github.com/gradle/actions/compare/v2.12.0...v3.0.0
-- Publish the release. Before using "Publish release", check that [action workflows](https://github.com/gradle/actions/actions) are green for the version tag. eg https://github.com/gradle/actions/actions?query=branch%3Av3.0.0
+- Publish the release.
 - Force push the `v3` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
   - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
   - Note that we set the commit message for the tag to the newly released version.
@@ -38,6 +37,21 @@ During the 3.x release series, we will continue to publish parallel releases of
 - Force push the `v3` tag (or current major version) to point to the new release.
   - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
 
+## Release gradle/wrapper-validation-action
+
+During the 3.x release series, we will continue to publish parallel releases of `gradle/wrapper-validation-action`. These releases will simply delegate to `gradle/actions/wrapper-validation` with the same version.
+
+- Update the [wrapper-validation-action action.yml](https://github.com/gradle/wrapper-validation-action/blob/main/action.yml#L162) file to point to the newly released version of `gradle/actions/wrapper-validation`.
+- Ensure that any parameters that have been added to the `wrapper-validation` action (if any) are added to the action definition, and that these are passed on to setup-gradle.
+- Create and push a tag for the release.
+  - From CLI: `git tag v3.1.0 && git push --tags`
+- Go to https://github.com/gradle/wrapper-validation-action/releases and "Draft new release"
+  - Use the newly created tag and copy the tag name exactly as the release title.
+  - In the release notes, point users to the gradle/actions release. Include a header informing users to switch to `gradle/actions/wrapper-validation`.
+- Publish the release.
+- Force push the `v3` tag (or current major version) to point to the new release.
+  - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
+
 ## Post release steps
 
 Submit PRs to update the GitHub starter workflow. Starter workflows contain content that should reference the Git hash of the current gradle/actions release:

actions.code-workspace

@@ -0,0 +1,11 @@
+{
+	"folders": [
+		{
+			"path": "."
+		},
+		{
+			"path": "sources"
+		}
+	],
+	"settings": {}
+}

dependency-submission/README.md

@@ -10,7 +10,9 @@ Simply add this as a new workflow file to your repository (eg `.github/workflows
 ```yaml
 name: Dependency Submission
 
-on: [ push ]
+on:
+  push:
+    branches: ['main']
 
 permissions:
   contents: write

dist/dependency-submission/main/index.js

@@ -143003,7 +143003,7 @@ function setup(config) {
     maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions');
     if (config.getBuildScanPublishEnabled()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true');
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17');
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17.2');
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0');
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl());
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree());
@@ -144345,6 +144345,9 @@ class DependencyGraphConfig {
     getJobCorrelator() {
         return DependencyGraphConfig.constructJobCorrelator(github.context.workflow, github.context.job, getJobMatrix());
     }
+    getReportDirectory() {
+        return path_1.default.resolve(getWorkspaceDirectory(), 'dependency-graph-reports');
+    }
     static constructJobCorrelator(workflow, jobId, matrixJson) {
         const matrixString = this.describeMatrix(matrixJson);
         const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`;
@@ -144694,7 +144697,7 @@ async function setup(config) {
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_REF', github.context.ref);
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_SHA', getShaFromContext());
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_WORKSPACE', (0, configuration_1.getWorkspaceDirectory)());
-    maybeExportVariable('DEPENDENCY_GRAPH_REPORT_DIR', path.resolve((0, configuration_1.getWorkspaceDirectory)(), 'dependency-graph-reports'));
+    maybeExportVariable('DEPENDENCY_GRAPH_REPORT_DIR', config.getReportDirectory());
     if (option === configuration_1.DependencyGraphOption.Clear) {
         core.exportVariable('DEPENDENCY_GRAPH_INCLUDE_PROJECTS', '');
         core.exportVariable('DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS', '');
@@ -144716,10 +144719,10 @@ async function complete(config) {
                 return;
             case configuration_1.DependencyGraphOption.GenerateAndSubmit:
             case configuration_1.DependencyGraphOption.Clear:
-                await submitDependencyGraphs(await findGeneratedDependencyGraphFiles());
+                await submitDependencyGraphs(await findDependencyGraphFiles());
                 return;
             case configuration_1.DependencyGraphOption.GenerateAndUpload:
-                await uploadDependencyGraphs(await findGeneratedDependencyGraphFiles(), config);
+                await uploadDependencyGraphs(await findDependencyGraphFiles(), config);
         }
     }
     catch (e) {
@@ -144727,11 +144730,11 @@ async function complete(config) {
     }
 }
 exports.complete = complete;
-async function findGeneratedDependencyGraphFiles() {
-    const workspaceDirectory = (0, configuration_1.getWorkspaceDirectory)();
-    return await findDependencyGraphFiles(workspaceDirectory);
-}
 async function uploadDependencyGraphs(dependencyGraphFiles, config) {
+    if (dependencyGraphFiles.length === 0) {
+        core.info('No dependency graph files found to upload.');
+        return;
+    }
     if (isRunningInActEnvironment()) {
         core.info('Dependency graph upload not supported in the ACT environment.');
         core.info(`Would upload: ${dependencyGraphFiles.join(', ')}`);
@@ -144761,6 +144764,10 @@ async function downloadAndSubmitDependencyGraphs(config) {
     }
 }
 async function submitDependencyGraphs(dependencyGraphFiles) {
+    if (dependencyGraphFiles.length === 0) {
+        core.info('No dependency graph files found to submit.');
+        return;
+    }
     if (isRunningInActEnvironment()) {
         core.info('Dependency graph submit not supported in the ACT environment.');
         core.info(`Would submit: ${dependencyGraphFiles.join(', ')}`);
@@ -144802,7 +144809,6 @@ async function submitDependencyGraphFile(jsonFile) {
     core.notice(`Submitted ${relativeJsonFile}: ${response.data.message}`);
 }
 async function downloadDependencyGraphs() {
-    const workspaceDirectory = (0, configuration_1.getWorkspaceDirectory)();
     const findBy = github.context.payload.workflow_run
         ? {
             token: (0, configuration_1.getGithubToken)(),
@@ -144812,27 +144818,29 @@ async function downloadDependencyGraphs() {
         }
         : undefined;
     const artifactClient = new artifact_1.DefaultArtifactClient();
-    const downloadPath = path.resolve(workspaceDirectory, 'dependency-graph');
     const dependencyGraphArtifacts = (await artifactClient.listArtifacts({
         latest: true,
         findBy
-    })).artifacts.filter(candidate => candidate.name.startsWith(DEPENDENCY_GRAPH_PREFIX));
+    })).artifacts.filter(artifact => artifact.name.startsWith(DEPENDENCY_GRAPH_PREFIX));
     for (const artifact of dependencyGraphArtifacts) {
         const downloadedArtifact = await artifactClient.downloadArtifact(artifact.id, {
-            path: downloadPath,
             findBy
         });
         core.info(`Downloading dependency-graph artifact ${artifact.name} to ${downloadedArtifact.downloadPath}`);
     }
-    return findDependencyGraphFiles(downloadPath);
+    return findDependencyGraphFiles();
 }
-async function findDependencyGraphFiles(dir) {
-    const globber = await glob.create(`${dir}/dependency-graph-reports/*.json`);
+async function findDependencyGraphFiles() {
+    const globber = await glob.create(`${getReportDirectory()}/**/*.json`);
     const allFiles = await globber.glob();
     const unprocessedFiles = allFiles.filter(file => !isProcessed(file));
     unprocessedFiles.forEach(markProcessed);
+    core.info(`Found dependency graph files: ${unprocessedFiles.join(', ')}`);
     return unprocessedFiles;
 }
+function getReportDirectory() {
+    return process.env.DEPENDENCY_GRAPH_REPORT_DIR;
+}
 function isProcessed(dependencyGraphFile) {
     const markerFile = `${dependencyGraphFile}.processed`;
     return fs_1.default.existsSync(markerFile);

dist/dependency-submission/post/index.js

@@ -94431,7 +94431,7 @@ function setup(config) {
     maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions');
     if (config.getBuildScanPublishEnabled()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true');
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17');
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17.2');
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0');
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl());
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree());
@@ -95773,6 +95773,9 @@ class DependencyGraphConfig {
     getJobCorrelator() {
         return DependencyGraphConfig.constructJobCorrelator(github.context.workflow, github.context.job, getJobMatrix());
     }
+    getReportDirectory() {
+        return path_1.default.resolve(getWorkspaceDirectory(), 'dependency-graph-reports');
+    }
     static constructJobCorrelator(workflow, jobId, matrixJson) {
         const matrixString = this.describeMatrix(matrixJson);
         const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`;

dist/setup-gradle/main/index.js

@@ -143003,7 +143003,7 @@ function setup(config) {
     maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions');
     if (config.getBuildScanPublishEnabled()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true');
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17');
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17.2');
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0');
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl());
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree());
@@ -144345,6 +144345,9 @@ class DependencyGraphConfig {
     getJobCorrelator() {
         return DependencyGraphConfig.constructJobCorrelator(github.context.workflow, github.context.job, getJobMatrix());
     }
+    getReportDirectory() {
+        return path_1.default.resolve(getWorkspaceDirectory(), 'dependency-graph-reports');
+    }
     static constructJobCorrelator(workflow, jobId, matrixJson) {
         const matrixString = this.describeMatrix(matrixJson);
         const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`;
@@ -144694,7 +144697,7 @@ async function setup(config) {
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_REF', github.context.ref);
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_SHA', getShaFromContext());
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_WORKSPACE', (0, configuration_1.getWorkspaceDirectory)());
-    maybeExportVariable('DEPENDENCY_GRAPH_REPORT_DIR', path.resolve((0, configuration_1.getWorkspaceDirectory)(), 'dependency-graph-reports'));
+    maybeExportVariable('DEPENDENCY_GRAPH_REPORT_DIR', config.getReportDirectory());
     if (option === configuration_1.DependencyGraphOption.Clear) {
         core.exportVariable('DEPENDENCY_GRAPH_INCLUDE_PROJECTS', '');
         core.exportVariable('DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS', '');
@@ -144716,10 +144719,10 @@ async function complete(config) {
                 return;
             case configuration_1.DependencyGraphOption.GenerateAndSubmit:
             case configuration_1.DependencyGraphOption.Clear:
-                await submitDependencyGraphs(await findGeneratedDependencyGraphFiles());
+                await submitDependencyGraphs(await findDependencyGraphFiles());
                 return;
             case configuration_1.DependencyGraphOption.GenerateAndUpload:
-                await uploadDependencyGraphs(await findGeneratedDependencyGraphFiles(), config);
+                await uploadDependencyGraphs(await findDependencyGraphFiles(), config);
         }
     }
     catch (e) {
@@ -144727,11 +144730,11 @@ async function complete(config) {
     }
 }
 exports.complete = complete;
-async function findGeneratedDependencyGraphFiles() {
-    const workspaceDirectory = (0, configuration_1.getWorkspaceDirectory)();
-    return await findDependencyGraphFiles(workspaceDirectory);
-}
 async function uploadDependencyGraphs(dependencyGraphFiles, config) {
+    if (dependencyGraphFiles.length === 0) {
+        core.info('No dependency graph files found to upload.');
+        return;
+    }
     if (isRunningInActEnvironment()) {
         core.info('Dependency graph upload not supported in the ACT environment.');
         core.info(`Would upload: ${dependencyGraphFiles.join(', ')}`);
@@ -144761,6 +144764,10 @@ async function downloadAndSubmitDependencyGraphs(config) {
     }
 }
 async function submitDependencyGraphs(dependencyGraphFiles) {
+    if (dependencyGraphFiles.length === 0) {
+        core.info('No dependency graph files found to submit.');
+        return;
+    }
     if (isRunningInActEnvironment()) {
         core.info('Dependency graph submit not supported in the ACT environment.');
         core.info(`Would submit: ${dependencyGraphFiles.join(', ')}`);
@@ -144802,7 +144809,6 @@ async function submitDependencyGraphFile(jsonFile) {
     core.notice(`Submitted ${relativeJsonFile}: ${response.data.message}`);
 }
 async function downloadDependencyGraphs() {
-    const workspaceDirectory = (0, configuration_1.getWorkspaceDirectory)();
     const findBy = github.context.payload.workflow_run
         ? {
             token: (0, configuration_1.getGithubToken)(),
@@ -144812,27 +144818,29 @@ async function downloadDependencyGraphs() {
         }
         : undefined;
     const artifactClient = new artifact_1.DefaultArtifactClient();
-    const downloadPath = path.resolve(workspaceDirectory, 'dependency-graph');
     const dependencyGraphArtifacts = (await artifactClient.listArtifacts({
         latest: true,
         findBy
-    })).artifacts.filter(candidate => candidate.name.startsWith(DEPENDENCY_GRAPH_PREFIX));
+    })).artifacts.filter(artifact => artifact.name.startsWith(DEPENDENCY_GRAPH_PREFIX));
     for (const artifact of dependencyGraphArtifacts) {
         const downloadedArtifact = await artifactClient.downloadArtifact(artifact.id, {
-            path: downloadPath,
             findBy
         });
         core.info(`Downloading dependency-graph artifact ${artifact.name} to ${downloadedArtifact.downloadPath}`);
     }
-    return findDependencyGraphFiles(downloadPath);
+    return findDependencyGraphFiles();
 }
-async function findDependencyGraphFiles(dir) {
-    const globber = await glob.create(`${dir}/dependency-graph-reports/*.json`);
+async function findDependencyGraphFiles() {
+    const globber = await glob.create(`${getReportDirectory()}/**/*.json`);
     const allFiles = await globber.glob();
     const unprocessedFiles = allFiles.filter(file => !isProcessed(file));
     unprocessedFiles.forEach(markProcessed);
+    core.info(`Found dependency graph files: ${unprocessedFiles.join(', ')}`);
     return unprocessedFiles;
 }
+function getReportDirectory() {
+    return process.env.DEPENDENCY_GRAPH_REPORT_DIR;
+}
 function isProcessed(dependencyGraphFile) {
     const markerFile = `${dependencyGraphFile}.processed`;
     return fs_1.default.existsSync(markerFile);

dist/setup-gradle/post/index.js

@@ -140456,7 +140456,7 @@ function setup(config) {
     maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions');
     if (config.getBuildScanPublishEnabled()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true');
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17');
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17.2');
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0');
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl());
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree());
@@ -141798,6 +141798,9 @@ class DependencyGraphConfig {
     getJobCorrelator() {
         return DependencyGraphConfig.constructJobCorrelator(github.context.workflow, github.context.job, getJobMatrix());
     }
+    getReportDirectory() {
+        return path_1.default.resolve(getWorkspaceDirectory(), 'dependency-graph-reports');
+    }
     static constructJobCorrelator(workflow, jobId, matrixJson) {
         const matrixString = this.describeMatrix(matrixJson);
         const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`;
@@ -142147,7 +142150,7 @@ async function setup(config) {
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_REF', github.context.ref);
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_SHA', getShaFromContext());
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_WORKSPACE', (0, configuration_1.getWorkspaceDirectory)());
-    maybeExportVariable('DEPENDENCY_GRAPH_REPORT_DIR', path.resolve((0, configuration_1.getWorkspaceDirectory)(), 'dependency-graph-reports'));
+    maybeExportVariable('DEPENDENCY_GRAPH_REPORT_DIR', config.getReportDirectory());
     if (option === configuration_1.DependencyGraphOption.Clear) {
         core.exportVariable('DEPENDENCY_GRAPH_INCLUDE_PROJECTS', '');
         core.exportVariable('DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS', '');
@@ -142169,10 +142172,10 @@ async function complete(config) {
                 return;
             case configuration_1.DependencyGraphOption.GenerateAndSubmit:
             case configuration_1.DependencyGraphOption.Clear:
-                await submitDependencyGraphs(await findGeneratedDependencyGraphFiles());
+                await submitDependencyGraphs(await findDependencyGraphFiles());
                 return;
             case configuration_1.DependencyGraphOption.GenerateAndUpload:
-                await uploadDependencyGraphs(await findGeneratedDependencyGraphFiles(), config);
+                await uploadDependencyGraphs(await findDependencyGraphFiles(), config);
         }
     }
     catch (e) {
@@ -142180,11 +142183,11 @@ async function complete(config) {
     }
 }
 exports.complete = complete;
-async function findGeneratedDependencyGraphFiles() {
-    const workspaceDirectory = (0, configuration_1.getWorkspaceDirectory)();
-    return await findDependencyGraphFiles(workspaceDirectory);
-}
 async function uploadDependencyGraphs(dependencyGraphFiles, config) {
+    if (dependencyGraphFiles.length === 0) {
+        core.info('No dependency graph files found to upload.');
+        return;
+    }
     if (isRunningInActEnvironment()) {
         core.info('Dependency graph upload not supported in the ACT environment.');
         core.info(`Would upload: ${dependencyGraphFiles.join(', ')}`);
@@ -142214,6 +142217,10 @@ async function downloadAndSubmitDependencyGraphs(config) {
     }
 }
 async function submitDependencyGraphs(dependencyGraphFiles) {
+    if (dependencyGraphFiles.length === 0) {
+        core.info('No dependency graph files found to submit.');
+        return;
+    }
     if (isRunningInActEnvironment()) {
         core.info('Dependency graph submit not supported in the ACT environment.');
         core.info(`Would submit: ${dependencyGraphFiles.join(', ')}`);
@@ -142255,7 +142262,6 @@ async function submitDependencyGraphFile(jsonFile) {
     core.notice(`Submitted ${relativeJsonFile}: ${response.data.message}`);
 }
 async function downloadDependencyGraphs() {
-    const workspaceDirectory = (0, configuration_1.getWorkspaceDirectory)();
     const findBy = github.context.payload.workflow_run
         ? {
             token: (0, configuration_1.getGithubToken)(),
@@ -142265,27 +142271,29 @@ async function downloadDependencyGraphs() {
         }
         : undefined;
     const artifactClient = new artifact_1.DefaultArtifactClient();
-    const downloadPath = path.resolve(workspaceDirectory, 'dependency-graph');
     const dependencyGraphArtifacts = (await artifactClient.listArtifacts({
         latest: true,
         findBy
-    })).artifacts.filter(candidate => candidate.name.startsWith(DEPENDENCY_GRAPH_PREFIX));
+    })).artifacts.filter(artifact => artifact.name.startsWith(DEPENDENCY_GRAPH_PREFIX));
     for (const artifact of dependencyGraphArtifacts) {
         const downloadedArtifact = await artifactClient.downloadArtifact(artifact.id, {
-            path: downloadPath,
             findBy
         });
         core.info(`Downloading dependency-graph artifact ${artifact.name} to ${downloadedArtifact.downloadPath}`);
     }
-    return findDependencyGraphFiles(downloadPath);
+    return findDependencyGraphFiles();
 }
-async function findDependencyGraphFiles(dir) {
-    const globber = await glob.create(`${dir}/dependency-graph-reports/*.json`);
+async function findDependencyGraphFiles() {
+    const globber = await glob.create(`${getReportDirectory()}/**/*.json`);
     const allFiles = await globber.glob();
     const unprocessedFiles = allFiles.filter(file => !isProcessed(file));
     unprocessedFiles.forEach(markProcessed);
+    core.info(`Found dependency graph files: ${unprocessedFiles.join(', ')}`);
     return unprocessedFiles;
 }
+function getReportDirectory() {
+    return process.env.DEPENDENCY_GRAPH_REPORT_DIR;
+}
 function isProcessed(dependencyGraphFile) {
     const markerFile = `${dependencyGraphFile}.processed`;
     return fs_1.default.existsSync(markerFile);

dist/wrapper-validation/main/index.js

@@ -89925,6 +89925,9 @@ class DependencyGraphConfig {
     getJobCorrelator() {
         return DependencyGraphConfig.constructJobCorrelator(github.context.workflow, github.context.job, getJobMatrix());
     }
+    getReportDirectory() {
+        return path_1.default.resolve(getWorkspaceDirectory(), 'dependency-graph-reports');
+    }
     static constructJobCorrelator(workflow, jobId, matrixJson) {
         const matrixString = this.describeMatrix(matrixJson);
         const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`;

docs/dependency-submission.md

@@ -25,7 +25,9 @@ Simply add this as a new workflow file to your repository (eg `.github/workflows
 ```yaml
 name: Dependency Submission
 
-on: [ push ]
+on:
+  push:
+    branches: [ 'main' ]
 
 permissions:
   contents: write
@@ -104,6 +106,11 @@ In some cases, the default action configuration will not be sufficient, and addi
 
 See the [Action Metadata file](../dependency-submission/action.yml) for a more detailed description of each input parameter.
 
+The `GitHub Dependency Graph Gradle Plugin` can be further 
+[configured via a number of environment variables](https://github.com/gradle/github-dependency-graph-gradle-plugin?#required-environment-variables). 
+These will be automatically set by the `dependency-submission` action, but you may override these values 
+by setting them explicitly in your workflow file.
+
 # Resolving a dependency vulnerability
 
 ## Finding the source of a dependency vulnerability
@@ -292,7 +299,8 @@ Example of a pull request workflow that executes a build for a pull request and
 ```yaml
 name: Dependency review for pull requests
 
-on: [ pull_request ]
+on:
+  pull_request:
 
 permissions:
   contents: write
@@ -327,7 +335,8 @@ Because of this restriction, we require 2 separate workflows in order to generat
 ```yaml
 name: Generate and save dependency graph
 
-on: [ pull_request ]
+on:
+  pull_request:
 
 permissions:
   contents: read # 'write' permission is not available
@@ -381,7 +390,8 @@ Here's an example of a separate "Dependency Review" workflow that will wait for
 ```yaml
 name: dependency-review
 
-on: [ pull_request ]
+on:
+  pull_request:
 
 permissions:
   contents: read

docs/setup-gradle.md

@@ -28,7 +28,8 @@ The recommended way to execute any Gradle build is with the help of the [Gradle
 ```yaml
 name: Run Gradle on every push
 
-on: push
+on:
+  push:
 
 jobs:
   gradle:
@@ -720,10 +721,10 @@ Here's a minimal example:
       env:
         DEVELOCITY_INJECTION_ENABLED: true
         DEVELOCITY_URL: https://develocity.your-server.com
-        DEVELOCITY_PLUGIN_VERSION: 3.17
+        DEVELOCITY_PLUGIN_VERSION: 3.17.2
 ```
 
-This configuration will automatically apply `v3.17` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+This configuration will automatically apply `v3.17.2` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
 
 This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
 In the likely scenario that your Develocity server requires authentication, you will also need to configure an additional environment variable

docs/wrapper-validation.md

@@ -56,7 +56,10 @@ Here's a sample complete workflow you can add to your repositories:
 **`.github/workflows/gradle-wrapper-validation.yml`**
 ```yaml
 name: "Validate Gradle Wrapper"
-on: [push, pull_request]
+
+on:
+  push:
+  pull_request:
 
 jobs:
   validation:

setup-gradle/README.md

@@ -11,7 +11,8 @@ The recommended way to execute any Gradle build is with the help of the [Gradle
 ```yaml
 name: Build
 
-on: [ push ]
+on:
+  push:
 
 jobs:
   build:

sources/src/build-scan.ts

@@ -6,7 +6,7 @@ export function setup(config: BuildScanConfig): void {
     maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions')
     if (config.getBuildScanPublishEnabled()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17')
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17.2')
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0')
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())

sources/src/configuration.ts

@@ -45,6 +45,10 @@ export class DependencyGraphConfig {
         return DependencyGraphConfig.constructJobCorrelator(github.context.workflow, github.context.job, getJobMatrix())
     }
 
+    getReportDirectory(): string {
+        return path.resolve(getWorkspaceDirectory(), 'dependency-graph-reports')
+    }
+
     static constructJobCorrelator(workflow: string, jobId: string, matrixJson: string): string {
         const matrixString = this.describeMatrix(matrixJson)
         const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`

sources/src/dependency-graph.ts

@@ -34,10 +34,7 @@ export async function setup(config: DependencyGraphConfig): Promise<void> {
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_REF', github.context.ref)
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_SHA', getShaFromContext())
     maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_WORKSPACE', getWorkspaceDirectory())
-    maybeExportVariable(
-        'DEPENDENCY_GRAPH_REPORT_DIR',
-        path.resolve(getWorkspaceDirectory(), 'dependency-graph-reports')
-    )
+    maybeExportVariable('DEPENDENCY_GRAPH_REPORT_DIR', config.getReportDirectory())
 
     // To clear the dependency graph, we generate an empty graph by excluding all projects and configurations
     if (option === DependencyGraphOption.Clear) {
@@ -62,22 +59,22 @@ export async function complete(config: DependencyGraphConfig): Promise<void> {
                 return
             case DependencyGraphOption.GenerateAndSubmit:
             case DependencyGraphOption.Clear: // Submit the empty dependency graph
-                await submitDependencyGraphs(await findGeneratedDependencyGraphFiles())
+                await submitDependencyGraphs(await findDependencyGraphFiles())
                 return
             case DependencyGraphOption.GenerateAndUpload:
-                await uploadDependencyGraphs(await findGeneratedDependencyGraphFiles(), config)
+                await uploadDependencyGraphs(await findDependencyGraphFiles(), config)
         }
     } catch (e) {
         warnOrFail(config, option, e)
     }
 }
 
-async function findGeneratedDependencyGraphFiles(): Promise<string[]> {
-    const workspaceDirectory = getWorkspaceDirectory()
-    return await findDependencyGraphFiles(workspaceDirectory)
-}
-
 async function uploadDependencyGraphs(dependencyGraphFiles: string[], config: DependencyGraphConfig): Promise<void> {
+    if (dependencyGraphFiles.length === 0) {
+        core.info('No dependency graph files found to upload.')
+        return
+    }
+
     if (isRunningInActEnvironment()) {
         core.info('Dependency graph upload not supported in the ACT environment.')
         core.info(`Would upload: ${dependencyGraphFiles.join(', ')}`)
@@ -111,6 +108,11 @@ async function downloadAndSubmitDependencyGraphs(config: DependencyGraphConfig):
 }
 
 async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<void> {
+    if (dependencyGraphFiles.length === 0) {
+        core.info('No dependency graph files found to submit.')
+        return
+    }
+
     if (isRunningInActEnvironment()) {
         core.info('Dependency graph submit not supported in the ACT environment.')
         core.info(`Would submit: ${dependencyGraphFiles.join(', ')}`)
@@ -156,8 +158,6 @@ async function submitDependencyGraphFile(jsonFile: string): Promise<void> {
 }
 
 async function downloadDependencyGraphs(): Promise<string[]> {
-    const workspaceDirectory = getWorkspaceDirectory()
-
     const findBy = github.context.payload.workflow_run
         ? {
               token: getGithubToken(),
@@ -168,34 +168,37 @@ async function downloadDependencyGraphs(): Promise<string[]> {
         : undefined
 
     const artifactClient = new DefaultArtifactClient()
-    const downloadPath = path.resolve(workspaceDirectory, 'dependency-graph')
 
     const dependencyGraphArtifacts = (
         await artifactClient.listArtifacts({
             latest: true,
             findBy
         })
-    ).artifacts.filter(candidate => candidate.name.startsWith(DEPENDENCY_GRAPH_PREFIX))
+    ).artifacts.filter(artifact => artifact.name.startsWith(DEPENDENCY_GRAPH_PREFIX))
 
     for (const artifact of dependencyGraphArtifacts) {
         const downloadedArtifact = await artifactClient.downloadArtifact(artifact.id, {
-            path: downloadPath,
             findBy
         })
         core.info(`Downloading dependency-graph artifact ${artifact.name} to ${downloadedArtifact.downloadPath}`)
     }
 
-    return findDependencyGraphFiles(downloadPath)
+    return findDependencyGraphFiles()
 }
 
-async function findDependencyGraphFiles(dir: string): Promise<string[]> {
-    const globber = await glob.create(`${dir}/dependency-graph-reports/*.json`)
+async function findDependencyGraphFiles(): Promise<string[]> {
+    const globber = await glob.create(`${getReportDirectory()}/**/*.json`)
     const allFiles = await globber.glob()
     const unprocessedFiles = allFiles.filter(file => !isProcessed(file))
     unprocessedFiles.forEach(markProcessed)
+    core.info(`Found dependency graph files: ${unprocessedFiles.join(', ')}`)
     return unprocessedFiles
 }
 
+function getReportDirectory(): string {
+    return process.env.DEPENDENCY_GRAPH_REPORT_DIR!
+}
+
 function isProcessed(dependencyGraphFile: string): boolean {
     const markerFile = `${dependencyGraphFile}.processed`
     return fs.existsSync(markerFile)

sources/test/init-scripts/settings.gradle

@@ -1,6 +1,6 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.1"
-    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0"
+    id "com.gradle.develocity" version "3.17.2"
+    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.1"
 }
 
 develocity {

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy

@@ -16,8 +16,8 @@ import java.nio.file.Files
 import java.util.zip.GZIPOutputStream
 
 class BaseInitScriptTest extends Specification {
-    static final String DEVELOCITY_PLUGIN_VERSION = '3.17'
-    static final String CCUD_PLUGIN_VERSION = '2.0'
+    static final String DEVELOCITY_PLUGIN_VERSION = '3.17.2'
+    static final String CCUD_PLUGIN_VERSION = '2.0.1'
 
     static final TestGradleVersion GRADLE_3_X = new TestGradleVersion(GradleVersion.version('3.5.1'), 7, 9)
     static final TestGradleVersion GRADLE_4_X = new TestGradleVersion(GradleVersion.version('4.10.3'), 7, 10)

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestBuildResultRecorder.groovy

@@ -190,7 +190,7 @@ class TestBuildResultRecorder extends BaseInitScriptTest {
         when:
         settingsFile.text = """
             plugins {
-                id 'com.gradle.develocity' version '3.17' apply(false)
+                id 'com.gradle.develocity' version '3.17.2' apply(false)
             }
             gradle.settingsEvaluated {
                 apply plugin: 'com.gradle.develocity'

wrapper-validation/README.md

@@ -8,7 +8,10 @@ The action should be run in the root of the repository, as it will recursively s
 
 ```yaml
 name: "Validate Gradle Wrapper"
-on: [push, pull_request]
+
+on:
+  push:
+  pull_request:
 
 jobs:
   validation: