Bump path-to-regexp from 6.2.1 to 6.3.0 in /sources

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) from 6.2.1 to 6.3.0. - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](https://github.com/pillarjs/path-to-regexp/compare/v6.2.1...v6.3.0) --- updated-dependencies: - dependency-name: path-to-regexp dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bump the npm-dependencies group across 1 directory with 2 updates
2025-11-26 17:09:10 +08:00 · 2024-09-12 20:06:01 -06:00 · 2024-09-12 20:06:01 -06:00 · 2024-09-13 01:56:53 +00:00 · 2024-09-12 19:55:39 -06:00 · 2024-09-12 19:55:39 -06:00
136 changed files with 335572 additions and 47144 deletions
--- a/.github/actions/init-integ-test/action.yml
+++ b/.github/actions/init-integ-test/action.yml
@@ -9,6 +9,11 @@ runs:
        distribution: 'temurin'
        java-version: 11

+    - name: Configure environment
+      shell: bash
+      run: |
+        echo "ALLOWED_GRADLE_WRAPPER_CHECKSUMS=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" >> "$GITHUB_ENV"
+
    # Downloads a 'dist' directory artifact that was uploaded in an earlier 'build-dist' step
    - name: Download dist
      if: ${{ env.SKIP_DIST != 'true' && !env.ACT }}
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -47,40 +47,40 @@ updates:
    registries:
      - gradle-plugin-portal
    schedule:
-      interval: "daily"
+      interval: "weekly"
  - package-ecosystem: "gradle"
    directory: ".github/workflow-samples/groovy-dsl"
    registries:
      - gradle-plugin-portal
    schedule:
-      interval: "daily"
+      interval: "weekly"
  - package-ecosystem: "gradle"
    directory: ".github/workflow-samples/java-toolchain"
    registries:
      - gradle-plugin-portal
    schedule:
-      interval: "daily"
+      interval: "weekly"
  - package-ecosystem: "gradle"
    directory: ".github/workflow-samples/kotlin-dsl"
    registries:
      - gradle-plugin-portal
    schedule:
-      interval: "daily"
+      interval: "weekly"
  - package-ecosystem: "gradle"
    directory: ".github/workflow-samples/no-wrapper"
    registries:
      - gradle-plugin-portal
    schedule:
-      interval: "daily"
+      interval: "weekly"
  - package-ecosystem: "gradle"
    directory: ".github/workflow-samples/no-wrapper-gradle-5"
    registries:
      - gradle-plugin-portal
    schedule:
-      interval: "daily"
+      interval: "weekly"
  - package-ecosystem: "gradle"
    directory: "sources/test/init-scripts"
    registries:
      - gradle-plugin-portal
    schedule:
-      interval: "daily"
+      interval: "weekly"
--- a/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties
@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=544c35d6bd849ae8a5ed0bcea39ba677dc40f49df7d1835561582da2009b961d
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/gradle-plugin/gradlew
+++ b/.github/workflow-samples/gradle-plugin/gradlew
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#

 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
--- a/.github/workflow-samples/gradle-plugin/gradlew.bat
+++ b/.github/workflow-samples/gradle-plugin/gradlew.bat
@@ -13,6 +13,8 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem

@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute

-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe

 if exist "%JAVA_EXE%" goto execute

-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

--- a/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties
@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=544c35d6bd849ae8a5ed0bcea39ba677dc40f49df7d1835561582da2009b961d
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/groovy-dsl/gradlew
+++ b/.github/workflow-samples/groovy-dsl/gradlew
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#

 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
--- a/.github/workflow-samples/groovy-dsl/gradlew.bat
+++ b/.github/workflow-samples/groovy-dsl/gradlew.bat
@@ -13,6 +13,8 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem

@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute

-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe

 if exist "%JAVA_EXE%" goto execute

-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

--- a/.github/workflow-samples/groovy-dsl/settings.gradle
+++ b/.github/workflow-samples/groovy-dsl/settings.gradle
@@ -1,6 +1,6 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.1"
-    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0"
+    id "com.gradle.develocity" version "3.18.1"
+    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.1"
 }

 develocity {
--- a/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties
@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=544c35d6bd849ae8a5ed0bcea39ba677dc40f49df7d1835561582da2009b961d
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/java-toolchain/gradlew
+++ b/.github/workflow-samples/java-toolchain/gradlew
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#

 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
--- a/.github/workflow-samples/java-toolchain/gradlew.bat
+++ b/.github/workflow-samples/java-toolchain/gradlew.bat
@@ -13,6 +13,8 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem

@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute

-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe

 if exist "%JAVA_EXE%" goto execute

-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

--- a/.github/workflow-samples/kotlin-dsl/build.gradle.kts
+++ b/.github/workflow-samples/kotlin-dsl/build.gradle.kts
@@ -8,9 +8,9 @@ repositories {

 dependencies {
    api("org.apache.commons:commons-math3:3.6.1")
-    implementation("com.google.guava:guava:33.1.0-jre")
+    implementation("com.google.guava:guava:33.3.0-jre")

-    testImplementation("org.junit.jupiter:junit-jupiter:5.10.2")
+    testImplementation("org.junit.jupiter:junit-jupiter:5.11.0")
 }

 tasks.test {
--- a/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties
@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=544c35d6bd849ae8a5ed0bcea39ba677dc40f49df7d1835561582da2009b961d
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/kotlin-dsl/gradlew
+++ b/.github/workflow-samples/kotlin-dsl/gradlew
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#

 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
--- a/.github/workflow-samples/kotlin-dsl/gradlew.bat
+++ b/.github/workflow-samples/kotlin-dsl/gradlew.bat
@@ -13,6 +13,8 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem

@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute

-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe

 if exist "%JAVA_EXE%" goto execute

-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

--- a/.github/workflow-samples/kotlin-dsl/settings.gradle.kts
+++ b/.github/workflow-samples/kotlin-dsl/settings.gradle.kts
@@ -1,6 +1,6 @@
 plugins {
-    id("com.gradle.develocity") version "3.17.1"
-    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0"
+    id("com.gradle.develocity") version "3.18.1"
+    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.1"
 }

 develocity {
--- a/.github/workflow-samples/no-wrapper-gradle-5/build.gradle
+++ b/.github/workflow-samples/no-wrapper-gradle-5/build.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.1" 
+    id "com.gradle.develocity" version "3.18.1" 
 }

 develocity {
--- a/.github/workflow-samples/no-wrapper/settings.gradle
+++ b/.github/workflow-samples/no-wrapper/settings.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17.1"
+    id "com.gradle.develocity" version "3.18.1"
 }

 develocity {
--- a/.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.properties
@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=544c35d6bd849ae8a5ed0bcea39ba677dc40f49df7d1835561582da2009b961d
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionSha256Sum=5b9c5eb3f9fc2c94abaea57d90bd78747ca117ddbbf96c859d3741181a12bf2a
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/non-executable-wrapper/gradlew
+++ b/.github/workflow-samples/non-executable-wrapper/gradlew
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#

 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
--- a/.github/workflow-samples/non-executable-wrapper/gradlew.bat
+++ b/.github/workflow-samples/non-executable-wrapper/gradlew.bat
@@ -13,6 +13,8 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem

@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute

-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe

 if exist "%JAVA_EXE%" goto execute

-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

--- a/.github/workflow-samples/non-executable-wrapper/settings.gradle
+++ b/.github/workflow-samples/non-executable-wrapper/settings.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17"
+    id "com.gradle.develocity" version "3.18.1"
 }

 develocity {
--- a/.github/workflows/ci-check-no-dist-update.yml
+++ b/.github/workflows/ci-check-no-dist-update.yml
@@ -21,7 +21,7 @@ jobs:

    - name: Get changed files
      id: changed-files
-      uses: tj-actions/changed-files@v44
+      uses: tj-actions/changed-files@v45
      with:
        files: |
          dist/**
--- a/.github/workflows/ci-codeql.yml
+++ b/.github/workflows/ci-codeql.yml
@@ -5,6 +5,12 @@ on:
    branches:
    - 'main'
    - 'release/**'
+    - 'dev/**' # Allow running Code QL on dev branches without a PR
+    paths-ignore:
+    - 'dist/**'
+  pull_request:
+    branches:
+    - 'main'
    paths-ignore:
    - 'dist/**'
  schedule:
--- a/.github/workflows/ci-init-script-check.yml
+++ b/.github/workflows/ci-init-script-check.yml
@@ -24,9 +24,11 @@ jobs:
      uses: actions/setup-java@v4
      with:
        distribution: temurin
-        java-version: 8
+        java-version: 11
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3 # Use a released version to avoid breakages
+      uses: gradle/actions/setup-gradle@v4 # Use a released version to avoid breakages
+      env:
+        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
    - name: Run integration tests
      working-directory: sources/test/init-scripts
      run: ./gradlew check
--- a/.github/workflows/ci-integ-test-full.yml
+++ b/.github/workflows/ci-integ-test-full.yml
@@ -0,0 +1,35 @@
+name: CI-integ-test-full
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+    - 'dist/**'
+
+permissions:
+  contents: write
+
+concurrency:
+  group: integ-test
+  cancel-in-progress: false
+
+jobs:
+  caching-integ-tests:
+    uses: ./.github/workflows/suite-integ-test-caching.yml
+    concurrency:
+      group: CI-integ-test-full
+      cancel-in-progress: false
+    with:
+      runner-os: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+      skip-dist: true
+    secrets: inherit
+
+  other-integ-tests:
+    uses: ./.github/workflows/suite-integ-test-other.yml
+    concurrency:
+      group: CI-integ-test-full
+      cancel-in-progress: false
+    with:
+      runner-os: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+      skip-dist: true
+    secrets: inherit
--- a/.github/workflows/ci-integ-test.yml
+++ b/.github/workflows/ci-integ-test.yml
@@ -8,43 +8,18 @@ on:
    - 'main'
    - 'release/**'
    - 'dev/**' # Allow running tests on dev branches without a PR
+    paths-ignore:
+    - 'dist/**'
+
+permissions:
+  contents: write

 concurrency:
-  group: integ-tests-${{ github.ref }}
+  group: integ-test
  cancel-in-progress: false

 jobs:
-  determine-suite:
-    runs-on: ubuntu-latest
-    outputs:
-      runner-os: ${{ steps.determine-suite.outputs.suite == 'quick' && '["ubuntu-latest"]' || '["ubuntu-latest", "windows-latest", "macos-latest"]' }}
-      cache-key-prefix: '0' # TODO DAZ Try this again ${{ steps.determine-suite.outputs.suite == 'quick' && '0' || github.run_number }}
-      suite: ${{ steps.determine-suite.outputs.suite }}
-    steps:
-    - name: Determine suite to run
-      id: determine-suite
-      run: |
-        # Always run quick suite if we are not in the core `gradle/actions` repository
-        # This reduces the load for developers working on 'main' on forks
-        if [ "${{ github.repository }}" != "gradle/actions" ]; then
-          echo "Not in core repository: suite=quick"
-          echo "suite=quick" >> "$GITHUB_OUTPUT"
-          exit 0
-        fi
-
-        # Run full suite for push trigger with "[bot] Update dist directory" commit message
-        if [ "${{ github.event.head_commit.message }}" == "[bot] Update dist directory" ]; then
-          echo "Bot commit to main branch: suite=full"
-          echo "suite=full" >> "$GITHUB_OUTPUT"
-          exit 0
-        fi
-
-        # Run quick suite for everything else
-        echo "Everything else: suite=quick"
-        echo "suite=quick" >> "$GITHUB_OUTPUT"
-
  build-distribution:
-    needs: [determine-suite]
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
@@ -53,174 +28,16 @@ jobs:
      if: ${{ needs.determine-suite.outputs.suite != 'full' }}
      uses: ./.github/actions/build-dist

-  action-inputs:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-action-inputs.yml
+  caching-integ-tests:
+    needs: build-distribution
+    uses: ./.github/workflows/suite-integ-test-caching.yml
    with:
-      runner-os: '${{ needs.determine-suite.outputs.runner-os }}'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
+      skip-dist: false
+    secrets: inherit

-  build-scan-publish:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-build-scan-publish.yml
+  other-integ-tests:
+    needs: build-distribution
+    uses: ./.github/workflows/suite-integ-test-other.yml
    with:
-      runner-os: '${{ needs.determine-suite.outputs.runner-os }}'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  cache-cleanup:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-cache-cleanup.yml
-    with:
-      runner-os: '${{ needs.determine-suite.outputs.runner-os }}'
-      cache-key-prefix: '${{github.run_number}}-' # Requires a fresh cache entry each run
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  caching-config:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-caching-config.yml
-    with:
-      runner-os: '${{ needs.determine-suite.outputs.runner-os }}'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  dependency-graph:
-    if: ${{ ! github.event.pull_request.head.repo.fork }}
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-dependency-graph.yml
-    permissions:
-      contents: write
-    with:
-      runner-os: '${{ needs.determine-suite.outputs.runner-os }}'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  dependency-submission:
-    if: ${{ ! github.event.pull_request.head.repo.fork }}
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-dependency-submission.yml
-    permissions:
-      contents: write
-    with:
-      runner-os: '${{ needs.determine-suite.outputs.runner-os }}'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  dependency-submission-failures:
-    if: ${{ ! github.event.pull_request.head.repo.fork }}
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-dependency-submission-failures.yml
-    permissions:
-      contents: write
-    with:
-      runner-os: '${{ needs.determine-suite.outputs.runner-os }}'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  execution-with-caching:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-execution-with-caching.yml
-    with:
-      runner-os: '${{ needs.determine-suite.outputs.runner-os }}'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  execution:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-execution.yml
-    with:
-      runner-os: '${{ needs.determine-suite.outputs.runner-os }}'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  develocity-injection:
-    if: ${{ ! github.event.pull_request.head.repo.fork }}
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-inject-develocity.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-    secrets:
-      DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_SOLUTIONS_ACCESS_TOKEN }}
-
-  provision-gradle-versions:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-provision-gradle-versions.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  restore-configuration-cache:
-    if: ${{ ! github.event.pull_request.head.repo.fork }}
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-restore-configuration-cache.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-    secrets:
-      GRADLE_ENCRYPTION_KEY: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-
-  restore-containerized-gradle-home:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-restore-containerized-gradle-home.yml
-    with:
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  restore-custom-gradle-home:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-restore-custom-gradle-home.yml
-    with:
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  restore-gradle-home:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-restore-gradle-home.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  restore-java-toolchain:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-restore-java-toolchain.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  sample-kotlin-dsl:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-sample-kotlin-dsl.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  sample-gradle-plugin:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-sample-gradle-plugin.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  toolchain-detection:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-detect-java-toolchains.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      cache-key-prefix: '${{ needs.determine-suite.outputs.cache-key-prefix }}-'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
-
-  wrapper-validation:
-    needs: [determine-suite, build-distribution]
-    uses: ./.github/workflows/integ-test-wrapper-validation.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      skip-dist: ${{ needs.determine-suite.outputs.suite == 'full' }}
+      skip-dist: false
+    secrets: inherit
--- a/.github/workflows/demo-failure-cases.yml
+++ b/.github/workflows/demo-failure-cases.yml
@@ -1,62 +0,0 @@
-name: demo-failure-cases
-
-on:
-  workflow_dispatch:
-
-jobs:
-  build-distribution:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Build and upload distribution
-      uses: ./.github/actions/build-dist
-
-  failing-build:
-    needs: build-distribution
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Initialize integ-test
-      uses: ./.github/actions/init-integ-test
-
-    - name: Test build failure
-      uses: ./setup-gradle
-      continue-on-error: true
-      with:
-        build-root-directory: .github/workflow-samples/kotlin-dsl
-        arguments: not-a-valid-task
-
-  wrapper-missing:
-    needs: build-distribution
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Initialize integ-test
-      uses: ./.github/actions/init-integ-test
-
-    - name: Test wrapper missing
-      uses: ./setup-gradle
-      continue-on-error: true
-      with:
-        build-root-directory: .github/workflow-samples/no-wrapper
-        arguments: help
-
-  bad-configuration:
-    needs: build-distribution
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Initialize integ-test
-      uses: ./.github/actions/init-integ-test
-
-    - name: Test bad config value
-      uses: ./setup-gradle
-      continue-on-error: true
-      with:
-        build-root-directory: .github/workflow-samples/no-wrapper
-        arguments: help
-        cache-disabled: yes
--- a/.github/workflows/demo-job-summary.yml
+++ b/.github/workflows/demo-job-summary.yml
@@ -23,6 +23,9 @@ jobs:

    - name: Setup Gradle
      uses: ./setup-gradle
+      with:
+        cache-read-only: false
+        cache-cleanup: 'on-success'
    - name: Build kotlin-dsl project
      working-directory: .github/workflow-samples/kotlin-dsl
      run: ./gradlew assemble
@@ -91,3 +94,20 @@ jobs:
    - name: Run build
      working-directory: .github/workflow-samples/groovy-dsl
      run: ./gradlew assemble
+
+  cache-read-only:
+    needs: build-distribution
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Setup Gradle
+      uses: ./setup-gradle
+      with:
+        cache-read-only: true
+    - name: Build kotlin-dsl project
+      working-directory: .github/workflow-samples/kotlin-dsl
+      run: ./gradlew assemble
--- a/.github/workflows/integ-test-action-inputs.yml
+++ b/.github/workflows/integ-test-action-inputs.yml
@@ -1,42 +0,0 @@
-name: Test action inputs
-
-on:
-  workflow_call:
-    inputs:
-      cache-key-prefix:
-        type: string
-      runner-os:
-        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      skip-dist:
-        type: boolean
-        default: false
-
-env:
-  SKIP_DIST: ${{ inputs.skip-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: action-inputs-${{ inputs.cache-key-prefix }}
-
-jobs:
-  action-inputs:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Initialize integ-test
-      uses: ./.github/actions/init-integ-test
-
-    - name: Invoke with multi-line arguments
-      uses: ./setup-gradle
-      with:
-        build-root-directory: .github/workflow-samples/groovy-dsl
-        arguments: |
-            --configuration-cache
-            --build-cache
-            -DsystemProperty=FOO
-            -PgradleProperty=BAR
-            test
-            jar
--- a/.github/workflows/integ-test-build-scan-publish.yml
+++ b/.github/workflows/integ-test-build-scan-publish.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -34,7 +35,7 @@ jobs:
      uses: actions/setup-java@v4
      with:
        distribution: temurin
-        java-version: 8
+        java-version: 11
    - name: Setup Gradle
      id: setup-gradle
      uses: ./setup-gradle
--- a/.github/workflows/integ-test-cache-cleanup.yml
+++ b/.github/workflows/integ-test-cache-cleanup.yml
@@ -5,20 +5,23 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false

 env:
  SKIP_DIST: ${{ inputs.skip-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: cache-cleanup-${{ inputs.cache-key-prefix }}
+  # Requires a fresh cache entry each run
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: cache-cleanup-${{ inputs.cache-key-prefix }}-${{github.run_number}}

 jobs:
-  full-build:
+  cache-cleanup-full-build:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -35,12 +38,13 @@ jobs:
        cache-read-only: false # For testing, allow writing cache entries on non-default branches
    - name: Build with 3.1
      working-directory: sources/test/jest/resources/cache-cleanup
-      run: gradle --no-daemon --build-cache -Dcommons_math3_version="3.1" build
+      run: ./gradlew --no-daemon --build-cache -Dcommons_math3_version="3.1" build

  # Second build will use the cache from the first build, but cleanup should remove unused artifacts
-  assemble-build:
-    needs: full-build
+  cache-cleanup-assemble-build:
+    needs: cache-cleanup-full-build
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -55,14 +59,15 @@ jobs:
      uses: ./setup-gradle
      with:
        cache-read-only: false
-        gradle-home-cache-cleanup: true
+        cache-cleanup: 'on-success'
    - name: Build with 3.1.1
      working-directory: sources/test/jest/resources/cache-cleanup
-      run: gradle --no-daemon --build-cache -Dcommons_math3_version="3.1.1" build
+      run: ./gradlew --no-daemon --build-cache -Dcommons_math3_version="3.1.1" build

-  check-clean-cache:
-    needs: assemble-build
+  cache-cleanup-check-clean-cache:
+    needs: cache-cleanup-assemble-build
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -78,15 +83,22 @@ jobs:
      with:
        cache-read-only: true
    - name: Report Gradle User Home
-      run: du -hc ~/.gradle/caches/modules-2
+      shell: bash
+      run: |
+        du -hc $GRADLE_USER_HOME/caches/modules-2
+        du -hc $GRADLE_USER_HOME/wrapper/dists
    - name: Verify cleaned cache
      shell: bash
      run: |
-        if [ ! -e ~/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-math3/3.1.1 ]; then
+        if [ ! -e $GRADLE_USER_HOME/caches/modules-2/files-2.1/org.apache.commons/commons-math3/3.1.1 ]; then
          echo "::error ::Should find commons-math3 3.1.1 in cache"
          exit 1
        fi
-        if [ -e ~/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-math3/3.1 ]; then
+        if [ -e $GRADLE_USER_HOME/caches/modules-2/files-2.1/org.apache.commons/commons-math3/3.1 ]; then
          echo "::error ::Should NOT find commons-math3 3.1 in cache"
          exit 1
        fi
+        if [ ! -e $GRADLE_USER_HOME/wrapper/dists/gradle-8.0.2-bin ]; then
+          echo "::error ::Should find gradle-8.0.2 in wrapper/dists"
+          exit 1
+        fi
--- a/.github/workflows/integ-test-caching-config.yml
+++ b/.github/workflows/integ-test-caching-config.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -17,8 +18,9 @@ env:
  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: caching-config-${{ inputs.cache-key-prefix }}

 jobs:
-  seed-build:
+  caching-config-seed-build:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -46,9 +48,10 @@ jobs:
      run: ./gradlew test

  # Test that the gradle-user-home cache will cache dependencies, by running build with --offline
-  verify-build:
-    needs: seed-build
+  caching-config-verify-build:
+    needs: caching-config-seed-build
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -75,8 +78,9 @@ jobs:
      run: ./gradlew test --offline

  # Test that build scans are captured when caching is explicitly disabled
-  cache-disabled:
+  caching-config-cache-disabled:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -103,7 +107,7 @@ jobs:
          core.setFailed('No Build Scan detected')

  # Test that build scans are captured when caching is disabled because Gradle User Home already exists
-  cache-disabled-pre-existing-gradle-home:
+  caching-config-cache-disabled-pre-existing-gradle-home:
    runs-on: ubuntu-latest # This test only runs on Ubuntu
    steps:
    - name: Checkout sources
@@ -127,10 +131,11 @@ jobs:
          core.setFailed('No Build Scan detected')

  # Test seed the cache with cache-write-only and verify with cache-read-only
-  seed-build-write-only:
+  caching-config-seed-write-only:
    env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: ${{ inputs.cache-key-prefix }}-write-only-
+      GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: caching-config-write-only-${{ inputs.cache-key-prefix }}
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -149,11 +154,12 @@ jobs:
      working-directory: .github/workflow-samples/groovy-dsl
      run: ./gradlew test

-  verify-write-only-build:
+  caching-config-verify-write-only:
    env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: ${{ inputs.cache-key-prefix }}-write-only-
-    needs: seed-build-write-only
+      GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: caching-config-write-only-${{ inputs.cache-key-prefix }}
+    needs: caching-config-seed-write-only
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
--- a/.github/workflows/integ-test-dependency-graph.yml
+++ b/.github/workflows/integ-test-dependency-graph.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -18,14 +19,11 @@ permissions:
 env:
  SKIP_DIST: ${{ inputs.skip-dist }}
  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-graph-${{ inputs.cache-key-prefix }}
+  GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository

 jobs:
-  groovy-generate:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
+  dependency-graph-groovy-upload:
+    runs-on: "ubuntu-latest"
    steps:
    - name: Checkout sources
      uses: actions/checkout@v4
@@ -40,8 +38,8 @@ jobs:
      run: ./gradlew build
      working-directory: .github/workflow-samples/groovy-dsl

-  groovy-submit:
-    needs: [groovy-generate]
+  dependency-graph-groovy-submit:
+    needs: [dependency-graph-groovy-upload]
    runs-on: "ubuntu-latest"
    steps:
    - name: Checkout sources
@@ -53,13 +51,11 @@ jobs:
      uses: ./setup-gradle
      with:
        dependency-graph: download-and-submit
+      env:
+        DEPENDENCY_GRAPH_DOWNLOAD_ARTIFACT_NAME: groovy-upload

-  kotlin-generate-and-submit:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
+  dependency-graph-kotlin-generate-and-submit:
+    runs-on: "ubuntu-latest"
    steps:
    - name: Checkout sources
      uses: actions/checkout@v4
@@ -74,12 +70,8 @@ jobs:
      run: ./gradlew build
      working-directory: .github/workflow-samples/kotlin-dsl

-  multiple-builds:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
+  dependency-graph-multiple-builds:
+    runs-on: "ubuntu-latest"
    steps:
    - name: Checkout sources
      uses: actions/checkout@v4
@@ -119,7 +111,7 @@ jobs:
            exit 1
        fi
        
-  config-cache:
+  dependency-graph-config-cache:
    runs-on: ubuntu-latest # Test is not compatible with Windows
    steps:
    - name: Checkout sources
--- a/.github/workflows/integ-test-dependency-submission-failures.yml
+++ b/.github/workflows/integ-test-dependency-submission-failures.yml
@@ -1,10 +1,11 @@
-name: Test dependency graph
+name: Test dependency submission failures

 on:
  workflow_call:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
        default: '["ubuntu-latest"]'
@@ -15,9 +16,10 @@ on:
 env:
  SKIP_DIST: ${{ inputs.skip-dist }}
  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-submission-failures-${{ inputs.cache-key-prefix }}
+  GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository

 jobs:
-  failing-build:
+  dependency-submission-failures-failing-build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
@@ -46,7 +48,7 @@ jobs:
            exit 1
        fi

-  unsupported-gradle-version:
+  dependency-submission-failures-unsupported-gradle-version:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
@@ -75,7 +77,7 @@ jobs:
            exit 1
        fi

-  insufficient-permissions:
+  dependency-submission-failures-insufficient-permissions:
    runs-on: ubuntu-latest
    permissions:
      contents: read
--- a/.github/workflows/integ-test-dependency-submission.yml
+++ b/.github/workflows/integ-test-dependency-submission.yml
@@ -1,13 +1,14 @@
-name: Test dependency graph
+name: Test dependency submission

 on:
  workflow_call:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -18,10 +19,12 @@ permissions:
 env:
  SKIP_DIST: ${{ inputs.skip-dist }}
  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-submission-${{ inputs.cache-key-prefix }}
+  GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository

 jobs:
-  groovy-generate-and-upload:
+  dependency-submission-groovy-generate-and-upload:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -41,9 +44,10 @@ jobs:
      env: 
        GRADLE_BUILD_ACTION_CACHE_KEY_JOB: groovy-dependency-submission

-  groovy-restore-cache:
-    needs: [groovy-generate-and-upload]
+  dependency-submission-groovy-restore-cache:
+    needs: [dependency-submission-groovy-generate-and-upload]
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -62,9 +66,10 @@ jobs:
      env: 
        GRADLE_BUILD_ACTION_CACHE_KEY_JOB: groovy-dependency-submission

-  groovy-download-and-submit:
-    needs: [groovy-generate-and-upload]
+  dependency-submission-groovy-download-and-submit:
+    needs: [dependency-submission-groovy-generate-and-upload]
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -79,9 +84,12 @@ jobs:
      uses: ./dependency-submission
      with:
        dependency-graph: download-and-submit
+      env:
+        DEPENDENCY_GRAPH_DOWNLOAD_ARTIFACT_NAME: groovy-generate-and-upload-${{ matrix.os }}

-  kotlin-generate-and-submit:
+  dependency-submission-kotlin-generate-and-submit:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -97,8 +105,9 @@ jobs:
      with:
        build-root-directory: .github/workflow-samples/kotlin-dsl

-  multiple-builds:
+  dependency-submission-multiple-builds:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -142,8 +151,9 @@ jobs:
            exit 1
        fi

-  multiple-builds-upload:
+  dependency-submission-multiple-builds-upload:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -165,7 +175,7 @@ jobs:
        dependency-graph: generate-and-upload
        build-root-directory: .github/workflow-samples/groovy-dsl

-  config-cache:
+  dependency-submission-config-cache:
    runs-on: ubuntu-latest # Test is not compatible with Windows
    steps:
    - name: Checkout sources
@@ -200,7 +210,7 @@ jobs:
            exit 1
        fi

-  gradle-versions:
+  dependency-submission-gradle-versions:
    strategy:
      fail-fast: false
      matrix:
@@ -223,15 +233,9 @@ jobs:
      with:
        gradle-version: ${{ matrix.gradle }}
        build-root-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
-      env:
-        GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository

-  after-setup-gradle:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
+  dependency-submission-with-setup-gradle:
+    runs-on: ubuntu-latest # Test is not compatible with Windows
    steps:
    - name: Checkout sources
      uses: actions/checkout@v4
@@ -245,3 +249,133 @@ jobs:
      uses: ./dependency-submission
      with:
        build-root-directory: .github/workflow-samples/groovy-dsl
+    - name: Check and delete generated dependency graph
+      shell: bash
+      run: |
+        if [ ! -e "${{ steps.dependency-submission.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find generated dependency graph files"
+            exit 1
+        fi
+        rm ${{ steps.dependency-submission.outputs.dependency-graph-file }}*
+    - name: Run Gradle build
+      run: ./gradlew build
+      working-directory: .github/workflow-samples/groovy-dsl
+    - name: Check no dependency graph is generated
+      shell: bash
+      run: |
+        if [ ! -z "$(ls -A dependency-graph-reports)" ]; then
+            echo "Expected no dependency graph files to be generated"
+            ls -l dependency-graph-reports
+            exit 1
+        fi
+
+  dependency-submission-with-includes-and-excludes:
+    runs-on: ubuntu-latest # Test is not compatible with Windows
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Generate and submit dependencies
+      id: dependency-submission
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+        dependency-graph-exclude-projects: excluded-project
+        dependency-graph-include-projects: included-project
+        dependency-graph-exclude-configurations: excluded-configuration
+        dependency-graph-include-configurations: included-configuration
+    - name: Check generated dependency graph and env vars
+      shell: bash
+      run: |
+        if [ ! -e "${{ steps.dependency-submission.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find generated dependency graph file"
+            exit 1
+        fi
+
+        if [ "$DEPENDENCY_GRAPH_EXCLUDE_PROJECTS" != "excluded-project" ] || 
+           [ "$DEPENDENCY_GRAPH_INCLUDE_PROJECTS" != "included-project" ] || 
+           [ "$DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS" != "excluded-configuration" ] || 
+           [ "$DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS" != "included-configuration" ]; then
+            echo "Did not set expected environment variables"
+            exit 1
+        fi
+
+
+  dependency-submission-custom-report-dir-submit:
+    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Generate dependency graph
+      id: dependency-graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: generate-and-submit
+        dependency-graph-report-dir: '${{ github.workspace }}/custom/report-dir'
+        build-root-directory: .github/workflow-samples/groovy-dsl
+    - name: Check generated dependency graphs
+      shell: bash
+      run: |
+        echo "report file: ${{ steps.dependency-graph.outputs.dependency-graph-file }}"
+        
+        if [ ! -e "${{ steps.dependency-graph.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find dependency graph file"
+            exit 1
+        fi
+
+        if [ -z "$(ls -A "${{ github.workspace }}/custom/report-dir")" ]; then
+          echo "No dependency graph files found in custom directory"
+          exit 1
+        fi
+
+  dependency-submission-custom-report-dir-upload:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Generate and upload dependency graph
+      id: dependency-graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: generate-and-upload
+        dependency-graph-report-dir: '${{ github.workspace }}/custom/report-dir'
+        build-root-directory: .github/workflow-samples/groovy-dsl
+
+  custom-report-dir-download-and-submit:
+    needs: [dependency-submission-custom-report-dir-upload]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Download and submit dependency graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: download-and-submit
+        dependency-graph-report-dir: '${{ github.workspace }}/custom/report-dir'
+        build-root-directory: .github/workflow-samples/groovy-dsl
+      env: 
+        DEPENDENCY_GRAPH_DOWNLOAD_ARTIFACT_NAME: custom-report-dir-upload # For testing, to avoid downloading artifacts from other worklfows
+
+    - name: Check downloaded dependency graph
+      shell: bash
+      run: |
+        if [ -z "$(ls -A "${{ github.workspace }}/custom/report-dir")" ]; then
+          echo "No dependency graph files found in custom directory"
+          exit 1
+        fi
--- a/.github/workflows/integ-test-detect-java-toolchains.yml
+++ b/.github/workflows/integ-test-detect-java-toolchains.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -18,7 +19,7 @@ env:

 jobs:
  # Test that pre-installed runner JDKs are detected
-  pre-installed-toolchains:
+  detect-toolchains-pre-installed-jdks:
    strategy:
      fail-fast: false
      matrix:
@@ -48,7 +49,7 @@ jobs:
        grep -q 'Eclipse Temurin JDK 21' output.txt || (echo "::error::Did not detect preinstalled JDK 21" && exit 1)

  # Test that JDKs provisioned by setup-java are detected
-  setup-java-installed-toolchain:
+  detect-toolchains-setup-java-jdks:
    strategy:
      fail-fast: false
      matrix:
--- a/.github/workflows/integ-test-execution-with-caching.yml
+++ b/.github/workflows/integ-test-execution-with-caching.yml
@@ -1,60 +0,0 @@
-name: Test execution with caching
-
-on:
-  workflow_call:
-    inputs:
-      cache-key-prefix:
-        type: string
-      runner-os:
-        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      skip-dist:
-        type: boolean
-        default: false
-
-env:
-  SKIP_DIST: ${{ inputs.skip-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: execution-with-caching-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
-
-jobs:
-  seed-build:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Initialize integ-test
-      uses: ./.github/actions/init-integ-test
-
-    - name: Execute Gradle build
-      uses: ./setup-gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        build-root-directory: .github/workflow-samples/groovy-dsl
-        arguments: test
-
-  # Test that the gradle-user-home is restored
-  verify-build:
-    needs: seed-build
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Initialize integ-test
-      uses: ./.github/actions/init-integ-test
-
-    - name: Execute Gradle build
-      uses: ./setup-gradle
-      with:
-        cache-read-only: true
-        build-root-directory: .github/workflow-samples/groovy-dsl
-        arguments: test --offline -DverifyCachedBuild=true
-
--- a/.github/workflows/integ-test-execution.yml
+++ b/.github/workflows/integ-test-execution.yml
@@ -1,97 +0,0 @@
-name: Test execution
-
-on:
-  workflow_call:
-    inputs:
-      cache-key-prefix:
-        type: string
-      runner-os:
-        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      skip-dist:
-        type: boolean
-        default: false
-
-env:
-  SKIP_DIST: ${{ inputs.skip-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: execution-${{ inputs.cache-key-prefix }}
-
-jobs:   
-  # Tests for executing with different Gradle versions. 
-  # Each build verifies that it is executed with the expected Gradle version.
-  gradle-execution:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-        include:
-          - os: windows-latest
-            script-suffix: '.bat'
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Initialize integ-test
-      uses: ./.github/actions/init-integ-test
-
-    - name: Test use defined Gradle version
-      uses: ./setup-gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        gradle-version: 6.9
-        build-root-directory: .github/workflow-samples/no-wrapper
-        arguments: help -DgradleVersionCheck=6.9
-    - name: Test use Gradle version alias
-      uses: ./setup-gradle
-      with:
-        gradle-version: release-candidate
-        build-root-directory: .github/workflow-samples/no-wrapper
-        arguments: help
-    - name: Test with non-executable wrapper
-      uses: ./setup-gradle
-      with:
-        gradle-version: wrapper
-        build-root-directory: .github/workflow-samples/non-executable-wrapper
-        arguments: help
-
-  gradle-versions:
-    strategy:
-      fail-fast: false
-      matrix:
-        gradle: [7.5.1, 6.9.2, 5.6.4, 4.10.3, 3.5.1]
-        os: ${{fromJSON(inputs.runner-os)}}
-        include:
-          - gradle: 5.6.4
-            build-root-suffix: -gradle-5
-          - gradle: 4.10.3
-            build-root-suffix: -gradle-4
-          - gradle: 3.5.1
-            build-root-suffix: -gradle-4
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Initialize integ-test
-      uses: ./.github/actions/init-integ-test
-
-    - name: Setup Java
-      uses: actions/setup-java@v4
-      with:
-        distribution: temurin
-        java-version: 8
-    - name: Run Gradle build
-      uses: ./setup-gradle
-      id: gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        gradle-version: ${{matrix.gradle}}
-        build-root-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
-        arguments: help -DgradleVersionCheck=${{matrix.gradle}}
-    - name: Check Build Scan url
-      if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v7
-      with:
-        script: |
-          core.setFailed('No Build Scan detected')    
-  
-   
--- a/.github/workflows/integ-test-inject-develocity.yml
+++ b/.github/workflows/integ-test-inject-develocity.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -26,14 +27,19 @@ jobs:
      DEVELOCITY_URL: https://ge.solutions-team.gradle.com
      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0'
-      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} # required to test against GE plugin 3.16.2
-      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      ${{matrix.accessKeyEnv}}: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
    strategy:
      fail-fast: false
      matrix:
        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.17]
+        plugin-version: [3.16.2, 3.18.1]
+        include:
+        - plugin-version: 3.16.2
+          accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
+        - plugin-version: 3.18.1
+          accessKeyEnv: DEVELOCITY_ACCESS_KEY
+
    runs-on: ${{ matrix.os }}
    steps:
    - name: Checkout sources
@@ -45,7 +51,7 @@ jobs:
      uses: actions/setup-java@v4
      with:
        distribution: temurin
-        java-version: 8
+        java-version: 11
    - name: Setup Gradle
      id: setup-gradle
      uses: ./setup-gradle
@@ -62,3 +68,135 @@ jobs:
      with:
        script: |
          core.setFailed('No Build Scan detected')
+    - name: Check short lived token (DEVELOCITY_ACCESS_KEY)
+      run: "[ ${#DEVELOCITY_ACCESS_KEY} -gt 500 ] || (echo 'DEVELOCITY_ACCESS_KEY does not look like a short lived token'; exit 1)"
+    - name: Check short lived token (GRADLE_ENTERPRISE_ACCESS_KEY)
+      run: "[ ${#GRADLE_ENTERPRISE_ACCESS_KEY} -gt 500 ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY does not look like a short lived token'; exit 1)"
+
+  inject-develocity-with-access-key:
+    env:
+      DEVELOCITY_INJECTION_ENABLED: true
+      DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
+      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0'
+    strategy:
+      fail-fast: false
+      matrix:
+        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+        os: ${{fromJSON(inputs.runner-os)}}
+        plugin-version: [3.16.2, 3.18.1]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+      - name: Initialize integ-test
+        uses: ./.github/actions/init-integ-test
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 8
+      - name: Setup Gradle
+        id: setup-gradle
+        uses: ./setup-gradle
+        with:
+          cache-read-only: false # For testing, allow writing cache entries on non-default branches
+          gradle-version: ${{ matrix.gradle }}
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+          develocity-token-expiry: 1
+      - name: Run Gradle build
+        id: gradle
+        working-directory: .github/workflow-samples/no-ge
+        run: gradle help
+      - name: Check short lived token (DEVELOCITY_ACCESS_KEY)
+        run: "[ ${#DEVELOCITY_ACCESS_KEY} -gt 500 ] || (echo 'DEVELOCITY_ACCESS_KEY does not look like a short lived token'; exit 1)"
+      - name: Check short lived token (GRADLE_ENTERPRISE_ACCESS_KEY)
+        run: "[ ${#GRADLE_ENTERPRISE_ACCESS_KEY} -gt 500 ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY does not look like a short lived token'; exit 1)"
+      - name: Check Build Scan url
+        if: ${{ !steps.gradle.outputs.build-scan-url }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            core.setFailed('No Build Scan detected')
+
+  inject-develocity-short-lived-token-failed:
+    env:
+      DEVELOCITY_INJECTION_ENABLED: true
+      DEVELOCITY_URL: 'https://localhost:3333/'
+      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0'
+      # Access key also set as an env var, we want to check it does not leak
+      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+    strategy:
+      fail-fast: false
+      matrix:
+        gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
+        os: ${{fromJSON(inputs.runner-os)}}
+        plugin-version: [ 3.16.2, 3.18.1 ]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+      - name: Initialize integ-test
+        uses: ./.github/actions/init-integ-test
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 8
+      - name: Setup Gradle
+        id: setup-gradle
+        uses: ./setup-gradle
+        with:
+          cache-read-only: false # For testing, allow writing cache entries on non-default branches
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      - name: Run Gradle build
+        id: gradle
+        working-directory: .github/workflow-samples/no-ge
+        run: gradle help
+      - name: Check access key is not blank (DEVELOCITY_ACCESS_KEY)
+        run: "[ \"${DEVELOCITY_ACCESS_KEY}\" != \"\" ] || (echo 'using DEVELOCITY_ACCESS_KEY!'; exit 1)"
+      - name: Check access key is not blank (GRADLE_ENTERPRISE_ACCESS_KEY)
+        run: "[ \"${GRADLE_ENTERPRISE_ACCESS_KEY}\" != \"\" ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY is still supported in v3!'; exit 1)"
+
+  inject-develocity-with-access-key-from-input-actions:
+    env:
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+    strategy:
+      fail-fast: false
+      matrix:
+        gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
+        os: ${{fromJSON(inputs.runner-os)}}
+        plugin-version: [ 3.16.2, 3.18.1 ]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+      - name: Initialize integ-test
+        uses: ./.github/actions/init-integ-test
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 8
+      - name: Setup Gradle
+        id: setup-gradle
+        uses: ./setup-gradle
+        with:
+          cache-read-only: false # For testing, allow writing cache entries on non-default branches
+          gradle-version: ${{ matrix.gradle }}
+          develocity-injection-enabled: true
+          develocity-url: 'https://ge.solutions-team.gradle.com'
+          develocity-plugin-version: ${{ matrix.plugin-version }}
+      - name: Run Gradle build
+        id: gradle
+        working-directory: .github/workflow-samples/no-ge
+        run: gradle help
+      - name: Check Build Scan url
+        if: ${{ !steps.gradle.outputs.build-scan-url }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            core.setFailed('No Build Scan detected')
--- a/.github/workflows/integ-test-provision-gradle-versions.yml
+++ b/.github/workflows/integ-test-provision-gradle-versions.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -22,12 +23,10 @@ jobs:
  # Each build verifies that it is executed with the expected Gradle version.
  provision-gradle:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
-        include:
-          - os: windows-latest
-            script-suffix: '.bat'
    runs-on: ${{ matrix.os }}
    steps:
    - name: Checkout sources
@@ -62,6 +61,9 @@ jobs:
      uses: ./setup-gradle
      with:
        gradle-version: current
+    - name: Test use current
+      working-directory: .github/workflow-samples/no-wrapper
+      run: gradle help
    - name: Check current version output parameter
      if: ${{ !startsWith(steps.gradle-current.outputs.gradle-version , '8.') }}
      uses: actions/github-script@v7
@@ -69,19 +71,24 @@ jobs:
        script: |
          core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.gradle-current.outputs.gradle-version }}"')    
  
-  gradle-versions:
+  provision-gradle-version:
    strategy:
      fail-fast: false
      matrix:
-        gradle: [7.3, 6.9, 5.6.4, 4.10.3, 3.5.1]
+        gradle: ["8.10", 8.9, 8.1, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1]
        os: ${{fromJSON(inputs.runner-os)}}
        include:
+          - java-version: 11
          - gradle: 5.6.4
            build-root-suffix: -gradle-5
          - gradle: 4.10.3
            build-root-suffix: -gradle-4
          - gradle: 3.5.1
            build-root-suffix: -gradle-4
+            java-version: 8
+        exclude:
+          - os: macos-latest # Java 8 is not supported on macos-latest, so we cannot test Gradle 3.5.1
+            gradle: 3.5.1
    runs-on: ${{ matrix.os }}
    steps:
    - name: Checkout sources
@@ -93,7 +100,7 @@ jobs:
      uses: actions/setup-java@v4
      with:
        distribution: temurin
-        java-version: 8
+        java-version: ${{ matrix.java-version }}
    - name: Setup Gradle
      id: setup-gradle
      uses: ./setup-gradle
--- a/.github/workflows/integ-test-restore-configuration-cache.yml
+++ b/.github/workflows/integ-test-restore-configuration-cache.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -20,10 +21,11 @@ env:
  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-configuration-cache-${{ inputs.cache-key-prefix }}

 jobs:
-  seed-build-groovy:
+  restore-cc-seed-build-groovy:
    env:
      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-groovy
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -43,17 +45,62 @@ jobs:
      uses: ./setup-gradle
      with:
        cache-read-only: false # For testing, allow writing cache entries on non-default branches
+        cache-write-only: true # Ensure we start with a clean cache entry
        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
        gradle-version: 8.6
    - name: Groovy build with configuration-cache enabled
      working-directory: .github/workflow-samples/groovy-dsl
      run: gradle test --configuration-cache

-  verify-build-groovy:
+  restore-cc-verify-build-groovy:
    env:
      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-groovy
-    needs: seed-build-groovy
+      GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_1
+    needs: restore-cc-seed-build-groovy
    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Setup Java to ensure consistency
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'liberica'
+        java-version: 17
+    - name: Setup Gradle
+      uses: ./setup-gradle
+      with:
+        cache-read-only: false
+        cache-cleanup: on-success
+        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+        gradle-version: 8.6
+    - name: Groovy build with configuration-cache enabled
+      id: execute
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: gradle test --configuration-cache
+    - name: Verify configuration-cache hit
+      shell: bash
+      run: |
+        if [ -e ".github/workflow-samples/groovy-dsl/task-configured.txt" ]; then
+            echo "Configuration cache was not used - task was configured unexpectedly"
+            exit 1
+        fi
+
+  # Ensure that cache-cleanup doesn't remove all necessary files
+  restore-cc-verify-no-cache-cleanup-groovy:
+    env:
+      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-groovy
+      GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_2
+    needs: restore-cc-verify-build-groovy
+    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -79,21 +126,22 @@ jobs:
      id: execute
      working-directory: .github/workflow-samples/groovy-dsl
      run: gradle test --configuration-cache
-    - name: Check that configuration-cache was used
-      uses: actions/github-script@v7
-      with:
-        script: |
-          const fs = require('fs')
-          if (fs.existsSync('.github/workflow-samples/groovy-dsl/task-configured.txt')) {
-            core.setFailed('Configuration cache was not used - task was configured unexpectedly')
-          }
+    - name: Verify configuration-cache hit
+      shell: bash
+      run: |
+        if [ -e ".github/workflow-samples/groovy-dsl/task-configured.txt" ]; then
+            echo "Configuration cache was not used - task was configured unexpectedly"
+            exit 1
+        fi

  # Check that the build can run when no extracted cache entries are restored
-  gradle-user-home-not-fully-restored:
+  restore-cc-gradle-user-home-not-fully-restored:
    env:
      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-groovy
-    needs: seed-build-groovy
+      GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_x
+    needs: restore-cc-seed-build-groovy
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -121,10 +169,11 @@ jobs:
      working-directory: .github/workflow-samples/groovy-dsl
      run: gradle test --configuration-cache

-  seed-build-kotlin:
+  restore-cc-seed-build-kotlin:
    env:
      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-kotlin
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -144,17 +193,20 @@ jobs:
      uses: ./setup-gradle
      with:
        cache-read-only: false # For testing, allow writing cache entries on non-default branches
+        cache-write-only: true # Ensure we start with a clean cache entry
        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
        gradle-version: 8.6
    - name: Execute 'help' with configuration-cache enabled
      working-directory: .github/workflow-samples/kotlin-dsl
      run: gradle help --configuration-cache

-  modify-build-kotlin:
+  restore-cc-modify-build-kotlin:
    env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-kotlin-modified
-    needs: seed-build-kotlin
+      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-kotlin
+      GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_1
+    needs: restore-cc-seed-build-kotlin
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -181,11 +233,13 @@ jobs:
      run: gradle test --configuration-cache

  # Test restore configuration-cache from the third build invocation
-  verify-build-kotlin:
+  restore-cc-verify-build-kotlin:
    env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-kotlin-modified
-    needs: modify-build-kotlin
+      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-kotlin
+      GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_2
+    needs: restore-cc-modify-build-kotlin
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -211,12 +265,10 @@ jobs:
      id: execute
      working-directory: .github/workflow-samples/kotlin-dsl
      run: gradle test --configuration-cache
-    - name: Check that configuration-cache was used
-      uses: actions/github-script@v7
-      with:
-        script: |
-          const fs = require('fs')
-          if (fs.existsSync('.github/workflow-samples/kotlin-dsl/task-configured.txt')) {
-            core.setFailed('Configuration cache was not used - task was configured unexpectedly')
-          }
-
+    - name: Verify configuration-cache hit
+      shell: bash
+      run: |
+        if [ -e ".github/workflow-samples/kotlin-dsl/task-configured.txt" ]; then
+            echo "Configuration cache was not used - task was configured unexpectedly"
+            exit 1
+        fi
--- a/.github/workflows/integ-test-restore-containerized-gradle-home.yml
+++ b/.github/workflows/integ-test-restore-containerized-gradle-home.yml
@@ -5,6 +5,7 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      skip-dist:
        type: boolean
        default: false
@@ -14,7 +15,7 @@ env:
  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-containerized-gradle-home-${{ inputs.cache-key-prefix }}

 jobs:
-  seed-build:
+  restore-containerized-seed-build:
    runs-on: ubuntu-latest
    container: fedora:latest
    steps:
@@ -32,8 +33,8 @@ jobs:
      run: ./gradlew test

  # Test that the gradle-user-home cache will cache dependencies, by running build with --offline
-  dependencies-cache:
-    needs: seed-build
+  restore-containerized-dependencies-cache:
+    needs: restore-containerized-seed-build
    runs-on: ubuntu-latest
    container: fedora:latest
    steps:
--- a/.github/workflows/integ-test-restore-custom-gradle-home.yml
+++ b/.github/workflows/integ-test-restore-custom-gradle-home.yml
@@ -5,6 +5,7 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      skip-dist:
        type: boolean
        default: false
@@ -14,7 +15,7 @@ env:
  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-custom-gradle-home-${{ inputs.cache-key-prefix }}

 jobs:
-  seed-build:
+  restore-custom-gradle-home-seed-build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
@@ -35,8 +36,8 @@ jobs:
      run: ./gradlew test --info

  # Test that the gradle-user-home cache will cache dependencies, by running build with --offline
-  dependencies-cache:
-    needs: seed-build
+  restore-custom-gradle-home-dependencies-cache:
+    needs: restore-custom-gradle-home-seed-build
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
@@ -57,8 +58,8 @@ jobs:
      run: ./gradlew test --offline --info

  # Test that the gradle-user-home cache will cache and restore local build-cache
-  build-cache:
-    needs: seed-build
+  restore-custom-gradle-home-build-cache:
+    needs: restore-custom-gradle-home-seed-build
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
--- a/.github/workflows/integ-test-restore-gradle-home.yml
+++ b/.github/workflows/integ-test-restore-gradle-home.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -18,8 +19,9 @@ env:
  GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-gradle-home

 jobs:
-  seed-build:
+  restore-gradle-home-seed-build:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -39,9 +41,10 @@ jobs:
      run: ./gradlew test

  # Test that the gradle-user-home cache will cache dependencies, by running build with --offline
-  dependencies-cache:
-    needs: seed-build
+  restore-gradle-home-dependencies-cache:
+    needs: restore-gradle-home-seed-build
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -61,9 +64,10 @@ jobs:
      run: ./gradlew test --offline

  # Test that the gradle-user-home cache will cache and restore local build-cache
-  build-cache:
-    needs: seed-build
+  restore-gradle-home-build-cache:
+    needs: restore-gradle-home-seed-build
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -83,9 +87,10 @@ jobs:
      run: ./gradlew test -DverifyCachedBuild=true

  # Check that the build can run when Gradle User Home is not fully restored
-  no-extracted-cache-entries-restored:
-    needs: seed-build
+  restore-gradle-home-no-extracted-cache-entries-restored:
+    needs: restore-gradle-home-seed-build
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -107,9 +112,10 @@ jobs:
      run: ./gradlew test

  # Test that a pre-existing gradle-user-home can be overwritten by the restored cache
-  pre-existing-gradle-home:
-    needs: seed-build
+  restore-gradle-home-pre-existing-gradle-home:
+    needs: restore-gradle-home-seed-build
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
--- a/.github/workflows/integ-test-restore-java-toolchain.yml
+++ b/.github/workflows/integ-test-restore-java-toolchain.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -17,8 +18,9 @@ env:
  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-java-toolchain-${{ inputs.cache-key-prefix }}

 jobs:
-  seed-build:
+  restore-java-toolchain-seed-build:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -38,9 +40,10 @@ jobs:
      run: ./gradlew test --info

  # Test that the gradle-user-home cache will cache the toolchain, by running build with --offline
-  toolchain-cache:
-    needs: seed-build
+  restore-java-toolchain-verify-build:
+    needs: restore-java-toolchain-seed-build
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
--- a/.github/workflows/integ-test-sample-gradle-plugin.yml
+++ b/.github/workflows/integ-test-sample-gradle-plugin.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -17,8 +18,9 @@ env:
  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: sample-gradle-plugin-${{ inputs.cache-key-prefix }}

 jobs:
-  seed-build:
+  sample-gradle-plugin-seed-build:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -37,9 +39,10 @@ jobs:
      working-directory: .github/workflow-samples/gradle-plugin
      run: ./gradlew build

-  verify-build:
-    needs: seed-build
+  sample-gradle-plugin-verify-build:
+    needs: sample-gradle-plugin-seed-build
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
--- a/.github/workflows/integ-test-sample-kotlin-dsl.yml
+++ b/.github/workflows/integ-test-sample-kotlin-dsl.yml
@@ -5,9 +5,10 @@ on:
    inputs:
      cache-key-prefix:
        type: string
+        default: '0'
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -17,8 +18,9 @@ env:
  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: sample-kotlin-dsl-${{ inputs.cache-key-prefix }}

 jobs:
-  seed-build:
+  sample-kotlin-dsl-seed-build:
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
@@ -37,9 +39,10 @@ jobs:
      working-directory: .github/workflow-samples/kotlin-dsl
      run: ./gradlew build

-  verify-build:
-    needs: seed-build
+  sample-kotlin-dsl-verify-build:
+    needs: sample-kotlin-dsl-seed-build
    strategy:
+      max-parallel: 1
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
--- a/.github/workflows/integ-test-wrapper-validation.yml
+++ b/.github/workflows/integ-test-wrapper-validation.yml
@@ -5,7 +5,7 @@ on:
    inputs:
      runner-os:
        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+        default: '["ubuntu-latest"]'
      skip-dist:
        type: boolean
        default: false
@@ -14,7 +14,7 @@ env:
  SKIP_DIST: ${{ inputs.skip-dist }}

 jobs:
-  test-setup-gradle-validation:
+  wrapper-validation-setup-gradle:
    strategy:
      fail-fast: false
      matrix:
@@ -29,18 +29,19 @@ jobs:
    - name: Run wrapper-validation-action
      id: setup-gradle
      uses: ./setup-gradle
-      with:
-        validate-wrappers: true
+      env:
+        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: ''
      continue-on-error: true

    - name: Check failure
+      shell: bash
      run: |
        if [ "${{ steps.setup-gradle.outcome}}" != "failure" ] ; then
          echo "Expected validation to fail, but it didn't"
          exit 1
        fi

-  test-validation-success:
+  wrapper-validation-success:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
@@ -54,6 +55,7 @@ jobs:
      with:
        # to allow the invalid wrapper jar present in test data
        allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+        min-wrapper-count: 10

    - name: Check outcome
      env:
@@ -61,13 +63,14 @@ jobs:
        # below to not accidentally inject code into shell script or break its syntax
        FAILED_WRAPPERS: ${{ steps.action-test.outputs.failed-wrapper }}
        FAILED_WRAPPERS_MATCHES: ${{ steps.action-test.outputs.failed-wrapper == '' }}
+      shell: bash
      run: |
        if [ "$FAILED_WRAPPERS_MATCHES" != "true" ] ; then
          echo "'outputs.failed-wrapper' has unexpected content: $FAILED_WRAPPERS"
          exit 1
        fi

-  test-validation-error:
+  wrapper-validation-error:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
@@ -88,6 +91,7 @@ jobs:
        VALIDATION_FAILED: ${{ steps.action-test.outcome == 'failure' }}
        FAILED_WRAPPERS: ${{ steps.action-test.outputs.failed-wrapper }}
        FAILED_WRAPPERS_MATCHES: ${{ steps.action-test.outputs.failed-wrapper == 'sources/test/jest/wrapper-validation/data/invalid/gradle-wrapper.jar|sources/test/jest/wrapper-validation/data/invalid/gradlе-wrapper.jar' }}
+      shell: bash
      run: |
        if [ "$VALIDATION_FAILED" != "true" ] ; then
          echo "Expected validation to fail, but it didn't"
@@ -98,3 +102,64 @@ jobs:
          echo "'outputs.failed-wrapper' has unexpected content: $FAILED_WRAPPERS"
          exit 1
        fi
+
+  wrapper-validation-minimum-wrapper-count:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Run wrapper-validation-action
+      id: action-test
+      uses: ./wrapper-validation
+      with:
+        # to allow the invalid wrapper jar present in test data
+        allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+        min-wrapper-count: 11
+      # Expected to fail; validated below
+      continue-on-error: true
+
+    - name: Check outcome
+      env:
+        # Evaluate workflow expressions here as env variable values instead of inside shell script
+        # below to not accidentally inject code into shell script or break its syntax
+        VALIDATION_FAILED: ${{ steps.action-test.outcome == 'failure' }}
+      shell: bash
+      run: |
+        if [ "$VALIDATION_FAILED" != "true" ] ; then
+          echo "Expected validation to fail, but it didn't"
+          exit 1
+        fi
+
+  wrapper-validation-zero-wrappers:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4 # Checkout the repository with no wrappers
+      with:
+        sparse-checkout: |
+          .github/actions
+          dist
+          wrapper-validation
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Run wrapper-validation-action
+      id: action-test
+      uses: ./wrapper-validation
+      # Expected to fail; validated below
+      continue-on-error: true
+
+    - name: Check outcome
+      env:
+        # Evaluate workflow expressions here as env variable values instead of inside shell script
+        # below to not accidentally inject code into shell script or break its syntax
+        VALIDATION_FAILED: ${{ steps.action-test.outcome == 'failure' }}
+      shell: bash
+      run: |
+        if [ "$VALIDATION_FAILED" != "true" ] ; then
+          echo "Expected validation to fail, but it didn't"
+          exit 1
+        fi
--- a/.github/workflows/suite-integ-test-caching.yml
+++ b/.github/workflows/suite-integ-test-caching.yml
@@ -0,0 +1,52 @@
+name: suite-integ-test-caching
+
+on:
+  workflow_call:
+    inputs:
+      runner-os:
+        type: string
+        default: '["ubuntu-latest"]'
+      skip-dist:
+        type: boolean
+        default: false
+
+jobs:
+  cache-cleanup:
+    uses: ./.github/workflows/integ-test-cache-cleanup.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  caching-config:
+    uses: ./.github/workflows/integ-test-caching-config.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  restore-configuration-cache:
+    if: ${{ ! github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/integ-test-restore-configuration-cache.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+    secrets:
+      GRADLE_ENCRYPTION_KEY: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+
+  restore-containerized-gradle-home:
+    uses: ./.github/workflows/integ-test-restore-containerized-gradle-home.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+
+  restore-custom-gradle-home:
+    uses: ./.github/workflows/integ-test-restore-custom-gradle-home.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+
+  restore-gradle-home:
+    uses: ./.github/workflows/integ-test-restore-gradle-home.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+
+  restore-java-toolchain:
+    uses: ./.github/workflows/integ-test-restore-java-toolchain.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
--- a/.github/workflows/suite-integ-test-other.yml
+++ b/.github/workflows/suite-integ-test-other.yml
@@ -0,0 +1,82 @@
+name: suite-integ-test-other
+
+on:
+  workflow_call:
+    inputs:
+      runner-os:
+        type: string
+        default: '["ubuntu-latest"]'
+      skip-dist:
+        type: boolean
+        default: false
+
+jobs:
+  build-scan-publish:
+    uses: ./.github/workflows/integ-test-build-scan-publish.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  dependency-graph:
+    if: ${{ ! github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/integ-test-dependency-graph.yml
+    permissions:
+      contents: write
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  dependency-submission:
+    if: ${{ ! github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/integ-test-dependency-submission.yml
+    permissions:
+      contents: write
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  dependency-submission-failures:
+    if: ${{ ! github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/integ-test-dependency-submission-failures.yml
+    permissions:
+      contents: write
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  develocity-injection:
+    if: ${{ ! github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/integ-test-inject-develocity.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+    secrets:
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}
+
+  provision-gradle-versions:
+    uses: ./.github/workflows/integ-test-provision-gradle-versions.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  sample-kotlin-dsl:
+    uses: ./.github/workflows/integ-test-sample-kotlin-dsl.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  sample-gradle-plugin:
+    uses: ./.github/workflows/integ-test-sample-gradle-plugin.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  toolchain-detection:
+    uses: ./.github/workflows/integ-test-detect-toolchains.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+
+  wrapper-validation:
+    uses: ./.github/workflows/integ-test-wrapper-validation.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
--- a/.github/workflows/update-checksums-file.yml
+++ b/.github/workflows/update-checksums-file.yml
@@ -37,7 +37,7 @@ jobs:

      # If there are no changes, this action will not create a pull request
      - name: Create or update pull request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v7
        with:
          branch: bot/wrapper-checksums-update
          commit-message: Update known wrapper checksums
@@ -48,7 +48,7 @@ jobs:
          body: |
            Automatically generated pull request to update the known wrapper checksums.

-            In case of conflicts, manually run the workflow from the [Actions tab](https://github.com/gradle/wrapper-validation-action/actions/workflows/update-checksums-file.yml), the changes will then be force-pushed onto this pull request branch.
+            In case of conflicts, manually run the workflow from the [Actions tab](https://github.com/gradle/actions/actions/workflows/update-checksums-file.yml), the changes will then be force-pushed onto this pull request branch.
            Do not manually update the pull request branch; those changes might get overwritten.

            > [!IMPORTANT]  
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,2 @@
 .git
 .vscode
-actions.code-workspace
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,21 +6,6 @@ The `build` script in the project root provides a convenient way to perform many
 3. `./build init-scripts` will run the init-script integration tests
 4. `./build act <act-commands>` will run `act` after building local changes (see below)

-## How to merge a Dependabot PR
-
-The "distribution" for a GitHub Action is checked into the repository itself. 
-In the case of these actions, the transpiled sources are committed to the `dist` directory. 
-Any production dependencies are inlined into the distribution. 
-So if a Dependabot PR updates a production dependency (or a dev dependency that changes the distribution, like the Typescript compiler), 
-then a manual step is required to rebuild the dist and commit.
-
-The simplest process to follow is:
-1. Checkout the dependabot branch locally eg: `git checkout dependabot/npm_and_yarn/actions/github-5.1.0`
-2. In the `sources` directory, run `npm install` to download NPM dependencies
-3. In the `sources` directory, run `npm run build` to regenerate the distribution
-4. Push the changes to the dependabot branch
-5. If/when the checks pass, you can merge the dependabot PR
-
 ## Using `act` to run integ-test workflows locally

 It's possible to run GitHub Actions workflows locally with https://nektosact.com/.
@@ -36,7 +21,6 @@ Example running a single job:
 `./build act -W .github/workflows/integ-test-caching-config.yml -j cache-disabled-pre-existing-gradle-home`

 Known issues:
- `integ-test-cache-cleanup.yml` fails because `gradle` is not installed on the runner. Should be fixed by #33.
 - `integ-test-detect-java-toolchains.yml` fails when running on a `linux/amd64` container, since the expected pre-installed JDKs are not present. Should be fixed by #89.
 - `act` is not yet compatible with `actions/upload-artifact@v4` (or related toolkit functions)
    - See https://github.com/nektos/act/pull/2224
--- a/README.md
+++ b/README.md
@@ -15,7 +15,8 @@ The recommended way to execute any Gradle build is with the help of the [Gradle
 ```yaml
 name: Build

-on: [ push ]
+on:
+  push:

 jobs:
  build:
@@ -29,7 +30,7 @@ jobs:
        distribution: 'temurin'
        java-version: 17
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
    - name: Build with Gradle
      run: ./gradlew build
 ```
@@ -48,7 +49,9 @@ Simply add this as a new workflow file to your repository (eg `.github/workflows
 ```yaml
 name: Dependency Submission

-on: [ push ]
+on:
+  push:
+    branches: [ 'main' ]

 permissions:
  contents: write
@@ -65,7 +68,7 @@ jobs:
        distribution: 'temurin'
        java-version: 17
    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 ```

 See the [full action documentation](docs/dependency-submission.md) for more advanced usage scenarios.
@@ -76,11 +79,17 @@ The `wrapper-validation` action validates the checksums of _all_ [Gradle Wrapper

 The action should be run in the root of the repository, as it will recursively search for any files named `gradle-wrapper.jar`.

+Starting with v4 the `setup-gradle` action will [perform wrapper validation](docs/setup-gradle.md#gradle-wrapper-validation) on each execution.
+If you are using `setup-gradle` in your workflows, it is unlikely that you will need to use the `wrapper-validation` action.
+
 ### Example workflow

 ```yaml
 name: "Validate Gradle Wrapper"
-on: [push, pull_request]
+
+on:
+  push:
+  pull_request:

 jobs:
  validation:
@@ -88,7 +97,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v3
+      - uses: gradle/actions/wrapper-validation@v4
 ```

 See the [full action documentation](docs/wrapper-validation.md) for more advanced usage scenarios.
--- a/RELEASING.md
+++ b/RELEASING.md
@@ -1,48 +1,31 @@
 # Gradle GitHub Actions release process

 ## Preparation
- Push any outstanding changes to branch main. For any change that impacts the released action, you must run npm via `./build all` and commit the various files generated into the dist directory.
+- Push any outstanding changes to branch main.
 - Check that https://github.com/gradle/actions/actions is green for all workflows for the main branch.
+  - This should include any workflows triggered by `[bot] Update dist directory`
 - Decide on the version number to use for the release. The action releases should follow semantic versioning.
-  - By default, a patch release is assumed (eg. `3.0.0` → `3.0.1`)
-  - If new features have been added, bump the minor version (eg `3.1.1` → `3.2.0`)
-  - If a new major release is required, bump the major version (eg `3.1.1` → `4.0.0`)
+  - By default, a patch release is assumed (eg. `4.0.0` → `4.0.1`)
+  - If new features have been added, bump the minor version (eg `4.1.1` → `4.2.0`)
+  - If a new major release is required, bump the major version (eg `4.1.1` → `5.0.0`)
  - Note: The gradle actions follow the GitHub Actions convention of including a .0 patch number for the first release of a minor version, unlike the Gradle convention which omits the trailing .0.

 ## Release gradle/actions
- Create a tag for the release. The tag should have the format `v3.1.0`
-  - From CLI: `git tag v3.1.0`
- Push the commit and tag
-  - From CLI: `git push --tags`
+- Create a tag for the release. The tag should have the format `v4.1.0`
+  - From CLI: `git tag v4.1.0 && git push --tags`
 - Go to https://github.com/gradle/actions/releases and "Draft new release"
  - Use the newly created tag and copy the tag name exactly as the release title.
  - Craft release notes content based on issues closed, PRs merged and commits
  - Include a Full changelog link in the format https://github.com/gradle/actions/compare/v2.12.0...v3.0.0
- Publish the release. Before using "Publish release", check that [action workflows](https://github.com/gradle/actions/actions) are green for the version tag. eg https://github.com/gradle/actions/actions?query=branch%3Av3.0.0
- Force push the `v3` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
-  - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
-  - Note that we set the commit message for the tag to the newly released version.
-
-## Release gradle/gradle-build-action
-
-During the 3.x release series, we will continue to publish parallel releases of `gradle/gradle-build-action`. These releases will simply delegate to `gradle/actions/setup-gradle` with the same version.
-
- Update the [gradle-build-action action.yml](https://github.com/gradle/gradle-build-action/blob/main/action.yml#L162) file to point to the newly released version of `gradle/actions/setup-gradle`.
- Ensure that any parameters that have been added to the setup-gradle action are added to the gradle-build-action definition, and that these are passed on to setup-gradle.
- Create and push a tag for the release.
-  - From CLI: `git tag v3.1.0 && git push --tags`
- Go to https://github.com/gradle/gradle-build-action/releases and "Draft new release"
-  - Use the newly created tag and copy the tag name exactly as the release title.
-  - In the release notes, point users to the gradle/actions release. Include a header informing users to switch to `gradle/actions/setup-gradle`.
 - Publish the release.
- Force push the `v3` tag (or current major version) to point to the new release.
-  - From CLI: `git tag -f -a -m "v3.0.0" v3 v3.0.0 && git push -f --tags`
+- Force push the `v4` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
+  - From CLI: `git tag -f -a -m "v4.0.0" v4 v4.0.0 && git push -f --tags`
+  - Note that we set the commit message for the tag to the newly released version.

 ## Post release steps

 Submit PRs to update the GitHub starter workflow. Starter workflows contain content that should reference the Git hash of the current gradle/actions release:
-https://github.com/actions/starter-workflows has [gradle](https://github.com/actions/starter-workflows/blob/main/ci/gradle.yml) and [gradle-publish](https://github.com/actions/starter-workflows/blob/main/ci/gradle-publish.yml): see [the v2.1.4 update PR](https://github.com/actions/starter-workflows/pull/1489) for an example.
+https://github.com/actions/starter-workflows has [gradle](https://github.com/actions/starter-workflows/blob/main/ci/gradle.yml) and [gradle-publish](https://github.com/actions/starter-workflows/blob/main/ci/gradle-publish.yml): see [the v4.0.0 update PR](https://github.com/actions/starter-workflows/pull/2468) for an example.

 Submit PRs to update the GitHub documentation. The documentation contains content that should reference the Git hash of the current gradle/actions release:
-https://github.com/github/docs has [building-and-testing-java-with-gradle](https://github.com/github/docs/blob/main/content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md) and [publishing-java-packages-with-gradle](https://github.com/github/docs/blob/main/content/actions/publishing-packages/publishing-java-packages-with-gradle.md) : see [the v2.1.4 update PR](https://github.com/github/docs/pull/16392) for an example.
-
+https://github.com/github/docs has [building-and-testing-java-with-gradle](https://github.com/github/docs/blob/main/content/actions/automating-builds-and-tests/building-and-testing-java-with-gradle.md) and [publishing-java-packages-with-gradle](https://github.com/github/docs/blob/main/content/actions/publishing-packages/publishing-java-packages-with-gradle.md) : see [the v4.0.0 update PR](https://github.com/github/docs/pull/34239) for an example.
--- a/actions.code-workspace
+++ b/actions.code-workspace
@@ -0,0 +1,11 @@
+{
+	"folders": [
+		{
+			"path": "."
+		},
+		{
+			"path": "sources"
+		}
+	],
+	"settings": {}
+}
--- a/10
+++ b/10
@@ -5,7 +5,7 @@ cd sources
 case "$1" in
    all)
        npm clean-install
-        nprm run all
+        npm run all
        ;;
    act)
        # Build and copy outputs to the dist directory
@@ -16,12 +16,18 @@ case "$1" in
        # Run act
        $@
        # Revert the changes to the dist directory
-        git co -- dist
+        git checkout -- dist
        ;;
    init-scripts)
        cd test/init-scripts
        ./gradlew check
        ;;
+    dist)
+        npm install
+        npm run build
+        cd ..
+        cp -r sources/dist .
+        ;;
    *)
        npm install
        npm run build
--- a/dependency-submission/README.md
+++ b/dependency-submission/README.md
@@ -10,7 +10,9 @@ Simply add this as a new workflow file to your repository (eg `.github/workflows
 ```yaml
 name: Dependency Submission

-on: [ push ]
+on:
+  push:
+    branches: ['main']

 permissions:
  contents: write
@@ -27,7 +29,7 @@ jobs:
        distribution: 'temurin'
        java-version: 17
    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 ```

 See the [full action documentation](../docs/dependency-submission.md) for more advanced usage scenarios.
--- a/dependency-submission/action.yml
+++ b/dependency-submission/action.yml
@@ -57,6 +57,20 @@ inputs:
      Configuration-cache data will not be saved/restored without an encryption key being provided.
    required: false

+  cache-cleanup:
+    description: |
+      Specifies if the action should attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
+      By default ('on-success'), cleanup is performed when all Gradle builds succeed for the Job. 
+      This behaviour can be disabled ('never'), or configured to always run irrespective of the build outcome ('always').
+      Valid values are 'never', 'on-success' and 'always'.
+    required: false
+    default: 'on-success'
+
+  gradle-home-cache-cleanup:
+    description: When 'true', the action will attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
+    required: false
+    deprecation-message: This input has been superceded by the 'cache-cleanup' input parameter.
+
  gradle-home-cache-includes:
    description: Paths within Gradle User Home to cache.
    required: false
@@ -68,11 +82,6 @@ inputs:
    description: Paths within Gradle User Home to exclude from cache.
    required: false

-  gradle-home-cache-cleanup:
-    description: When 'true', the action will attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
-    required: false
-    default: false
-
  # Job summary configuration
  add-job-summary:
    description: Specifies when a Job Summary should be inluded in the action results. Valid values are 'never', 'always' (default), and 'on-failure'.
@@ -99,11 +108,42 @@ inputs:
    required: false
    default: 'generate-and-submit'

+  dependency-graph-report-dir:
+    description: |
+      Specifies where the dependency graph report will be generated. 
+      Paths can relative or absolute. Relative paths are resolved relative to the workspace directory.
+    required: false
+    default: 'dependency-graph-reports'
+
  dependency-graph-continue-on-failure:
    description: When 'false' a failure to generate or submit a dependency graph will fail the Step or Job. When 'true' a warning will be emitted but no failure will result.
    required: false
    default: false

+  dependency-graph-exclude-projects:
+    description: |
+      Gradle projects that should be excluded from dependency graph (regular expression).
+      When set, any matching project will be excluded.
+    required: false
+
+  dependency-graph-include-projects:
+    description: |
+      Gradle projects that should be included in dependency graph (regular expression). 
+      When set, only matching projects will be included.
+    required: false
+
+  dependency-graph-exclude-configurations:
+    description: |
+      Gradle configurations that should be included in dependency graph (regular expression). 
+      When set, anymatching configurations will be excluded.
+    required: false
+
+  dependency-graph-include-configurations:
+    description: |
+      Gradle configurations that should be included in dependency graph (regular expression). 
+      When set, only matching configurations will be included.
+    required: false
+
  artifact-retention-days:
    description: Specifies the number of days to retain any artifacts generated by the action. If not set, the default retention settings for the repository will apply.
    required: false
@@ -125,22 +165,30 @@ inputs:
    description: Indicate that you agree to the Build Scan® terms of use. This input value must be "yes".
    required: false

+  develocity-access-key:
+    description: Develocity access key. Should be set to a secret containing the Develocity Access key.
+    required: false
+
+  develocity-token-expiry:
+    description: The Develocity short-lived access tokens expiry in hours. Default is 2 hours.
+    required: false
+
+  # Wrapper validation configuration
+  validate-wrappers:
+    description: |
+      When 'true' the action will automatically validate all wrapper jars found in the repository.
+      If the wrapper checksums are not valid, the action will fail.
+    required: false
+    default: false
+
+  allow-snapshot-wrappers:
+    description: |
+      When 'true', wrapper validation will include the checksums of snapshot wrapper jars. 
+      Use this if you are running with nightly or snapshot versions of the Gradle wrapper.
+    required: false
+    default: false
+
  # DEPRECATED ACTION INPUTS
-  build-scan-terms-of-service-url:
-    description: The URL to the Build Scan® terms of use. This input must be set to 'https://gradle.com/terms-of-service'.
-    required: false
-    deprecation-message: The input has been renamed to align with the Develocity API. Use 'build-scan-terms-of-use-url' instead.
-
-  build-scan-terms-of-service-agree:
-    description: Indicate that you agree to the Build Scan® terms of use. This input value must be "yes".
-    required: false
-    deprecation-message: The input has been renamed to align with the Develocity API. Use 'build-scan-terms-of-use-agree' instead.
-
-  generate-job-summary:
-    description: When 'false', no Job Summary will be generated for the Job.
-    required: false
-    default: true
-    deprecation-message: Superceded by the new 'add-job-summary' and 'add-job-summary-as-pr-comment' parameters.

  # EXPERIMENTAL ACTION INPUTS
  # The following action properties allow fine-grained tweaking of the action caching behaviour.
--- a/dist/dependency-submission/main/index.js
+++ b/dist/dependency-submission/main/index.js
--- a/dist/dependency-submission/main/index.js.map
+++ b/dist/dependency-submission/main/index.js.map
--- a/dist/dependency-submission/post/index.js
+++ b/dist/dependency-submission/post/index.js
--- a/dist/dependency-submission/post/index.js.map
+++ b/dist/dependency-submission/post/index.js.map
--- a/dist/setup-gradle/main/index.js
+++ b/dist/setup-gradle/main/index.js
--- a/dist/setup-gradle/main/index.js.map
+++ b/dist/setup-gradle/main/index.js.map
--- a/dist/setup-gradle/post/index.js
+++ b/dist/setup-gradle/post/index.js
--- a/dist/setup-gradle/post/index.js.map
+++ b/dist/setup-gradle/post/index.js.map
--- a/dist/wrapper-validation/main/index.js
+++ b/dist/wrapper-validation/main/index.js
--- a/dist/wrapper-validation/main/index.js.map
+++ b/dist/wrapper-validation/main/index.js.map
--- a/docs/dependency-submission.md
+++ b/docs/dependency-submission.md
@@ -13,7 +13,7 @@ The generated dependency graph includes all of the dependencies in your build, a
 for vulnerable dependencies, as well as to populate the 
 [Dependency Graph insights view](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#viewing-the-dependency-graph).

-If your confused by the behaviour you're seeing or have specific questions, please check out [the FAQ](dependency-submission-faq.md) before raising an issue.
+If you're confused by the behaviour you're seeing or have specific questions, please check out [the FAQ](dependency-submission-faq.md) before raising an issue.

 ## General usage

@@ -25,7 +25,9 @@ Simply add this as a new workflow file to your repository (eg `.github/workflows
 ```yaml
 name: Dependency Submission

-on: [ push ]
+on:
+  push:
+    branches: [ 'main' ]

 permissions:
  contents: write
@@ -41,7 +43,7 @@ jobs:
        java-version: 17

    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
 ```

 ### Gradle execution
@@ -66,7 +68,7 @@ Three input parameters are required, one to enable publishing and two more to ac

 ```yaml
    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
      with:
        build-scan-publish: true
        build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
@@ -81,7 +83,7 @@ In some cases, the default action configuration will not be sufficient, and addi

 ```yaml
    - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
      with:
        # Use a particular Gradle version instead of the configured wrapper.
        gradle-version: 8.6
@@ -93,17 +95,29 @@ In some cases, the default action configuration will not be sufficient, and addi
        dependency-resolution-task: myDependencyResolutionTask

        # Additional arguments that should be passed to execute Gradle
-        additonal-arguments: --no-configuration-cache
+        additional-arguments: --no-configuration-cache

        # Enable configuration-cache reuse for this build.
        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}

        # Do not attempt to submit the dependency-graph. Save it as a workflow artifact.
        dependency-graph: generate-and-upload
+
+        # Specify the location where dependency graph files will be generated.
+        dependency-graph-report-dir: custom-report-dir
+
+        # By default, failure to generate a dependency graph will cause the workflow to fail
+        dependency-graph-continue-on-failure: true
+
 ```

 See the [Action Metadata file](../dependency-submission/action.yml) for a more detailed description of each input parameter.

+The `GitHub Dependency Graph Gradle Plugin` can be further 
+[configured via a number of environment variables](https://github.com/gradle/github-dependency-graph-gradle-plugin?#required-environment-variables). 
+These will be automatically set by the `dependency-submission` action, but you may override these values 
+by setting them explicitly in your workflow file.
+
 # Resolving a dependency vulnerability

 ## Finding the source of a dependency vulnerability
@@ -228,26 +242,26 @@ contribute to the dependency graph.
 > These dependencies would be assigned to different scopes (eg development, runtime, testing) and the GitHub UI would make it easy to opt-in to security alerts for different dependency scopes.
 > However, this functionality does not yet exist.

-### Excluding certain Gradle projects from the dependency graph
+### Selecting Gradle projects that will contribute to the dependency graph

 If you do not want the dependency graph to include dependencies from every project in your build, 
-you can easily exclude certain projects from the dependency extraction process.
+you can easily exclude or include certain projects from the dependency extraction process.

-To restrict which Gradle subprojects contribute to the report, specify which projects to exclude via a regular expression.
-You can provide this value via the `DEPENDENCY_GRAPH_EXCLUDE_PROJECTS` environment variable or system property.
+To restrict which Gradle subprojects contribute to the report, specify which projects to exclude or include via a regular expression.
+You can use the `dependency-graph-exclude-projects` and `dependency-graph-include-projects` input parameters for this purpose.

 Note that excluding a project in this way only removes dependencies that are _resolved_ as part of that project, and may
 not necessarily remove all dependencies _declared_ in that project. If another project depends on the excluded project
 then it may transitively resolve dependencies declared in the excluded project: these dependencies will still be included
 in the generated dependency graph.

-### Excluding certain Gradle configurations from the dependency graph
+### Selecting Gradle configurations that will contribute to the dependency graph

-Similarly to Gradle projects, it is possible to exclude a set of configuration instances from dependency graph generation,
-so that dependencies resolved by those configurations are not included.
+Similarly to Gradle projects, it is possible to exclude or include a set of dependency configurations from dependency graph generation,
+so that only dependencies resolved by the included configurations are reported.

-To restrict which Gradle configurations contribute to the report, specify which configurations to exclude via a regular expression.
-You can provide this value via the `DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS` environment variable or system property.
+To restrict which Gradle configurations contribute to the report, specify which configurations to exclude or include via a regular expression.
+You can use the `dependency-graph-exclude-configurations` and `dependency-graph-include-configurations` input parameters for this purpose.

 Note that configuration exclusion applies to the configuration in which the dependency is _resolved_ which is not necessarily
 the configuration where the dependency is _declared_. For example if you decare a dependency as `implementation` in
@@ -255,24 +269,18 @@ a Java project, that dependency will be resolved in `compileClasspath`, `runtime

 ### Example of project and configuration filtering

-For example, if you want to exclude dependencies in the `buildSrc` project, and exclude dependencies from the `testCompileClasspath` and `testRuntimeClasspath` configurations, you would use the following configuration:
+For example, if you want to exclude dependencies resolved by the `buildSrc` project, and exclude dependencies from the `testCompileClasspath` and `testRuntimeClasspath` configurations, you would use the following configuration:

 ```yaml
    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
-      env:
+      uses: gradle/actions/dependency-submission@v4
+      with:
        # Exclude all dependencies that originate solely in the 'buildSrc' project
-        DEPENDENCY_GRAPH_EXCLUDE_PROJECTS: ':buildSrc'
+        dependency-graph-exclude-projets: ':buildSrc'
        # Exclude dependencies that are only resolved in test classpaths
-        DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS: '.*[Tt]est(Compile|Runtime)Classpath'
+        dependency-graph-exclude-configurations: '.*[Tt]est(Compile|Runtime)Classpath'
 ```

-### Other filtering options
-
-The [GitHub Dependency Graph Gradle Plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin)
-has other filtering options that may be useful.
- See [the docs](https://github.com/gradle/github-dependency-graph-gradle-plugin?tab=readme-ov-file#filtering-which-gradle-configurations-contribute-to-the-dependency-graph) for details.
-
 # Advance usage scenarios

 ## Using a custom plugin repository
@@ -292,7 +300,8 @@ Example of a pull request workflow that executes a build for a pull request and
 ```yaml
 name: Dependency review for pull requests

-on: [ pull_request ]
+on:
+  pull_request:

 permissions:
  contents: write
@@ -308,10 +317,10 @@ jobs:
        java-version: 17

    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4

    - name: Perform dependency review
-      uses: actions/dependency-review-action@v3
+      uses: actions/dependency-review-action@v4
 ```

 ## Usage with pull requests from public forked repositories
@@ -327,7 +336,8 @@ Because of this restriction, we require 2 separate workflows in order to generat
 ```yaml
 name: Generate and save dependency graph

-on: [ pull_request ]
+on:
+  pull_request:

 permissions:
  contents: read # 'write' permission is not available
@@ -343,7 +353,7 @@ jobs:
        java-version: 17

    - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
      with:
        dependency-graph: generate-and-upload
 ```
@@ -358,6 +368,7 @@ on:
    types: [completed]

 permissions:
+  actions: read
  contents: write

 jobs:
@@ -365,7 +376,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Download and submit dependency graph
-      uses: gradle/actions/dependency-submission@v3
+      uses: gradle/actions/dependency-submission@v4
      with:
        dependency-graph: download-and-submit # Download saved dependency-graph and submit
 ```
@@ -381,7 +392,8 @@ Here's an example of a separate "Dependency Review" workflow that will wait for
 ```yaml
 name: dependency-review

-on: [ pull_request ]
+on:
+  pull_request:

 permissions:
  contents: read
@@ -391,7 +403,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: 'Dependency Review'
-      uses: actions/dependency-review-action@v3
+      uses: actions/dependency-review-action@v4
      with:
        retry-on-snapshot-warnings: true
        retry-on-snapshot-warnings-timeout: 600
@@ -407,3 +419,10 @@ Gradle versions `5.2.1`, `5.6.4`, `6.0.1`, `6.9.4`, `7.1.1` and `7.6.3`, as well
 A known exception to this is that Gradle `7.0`, `7.0.1` and `7.0.2` are not supported.

 See [here](https://github.com/gradle/github-dependency-graph-gradle-plugin?tab=readme-ov-file#gradle-compatibility) for complete compatibility information.
+
+# Additional references
+
+- Dependency Submission Demo repository: https://github.com/gradle/github-dependency-submission-demo
+- GitHub Dependency Graph Gradle Plugin: https://github.com/gradle/github-dependency-graph-gradle-plugin
+- Webinar - Gradle at Scale with GitHub and GitHub Actions at Allegro: https://www.youtube.com/watch?v=gV94I28FPos
+
--- a/docs/deprecation-upgrade-guide.md
+++ b/docs/deprecation-upgrade-guide.md
@@ -20,7 +20,7 @@ To convert your workflows, simply replace:
 ```
 with
 ```
-    uses: gradle/actions/setup-gradle@v3
+    uses: gradle/actions/setup-gradle@v4
 ```

 ## The action `gradle/wrapper-validation-action` has been replaced by `gradle/actions/wrapper-validation`
@@ -40,7 +40,7 @@ To convert your workflows, simply replace:
 ```
 with
 ```
-    uses: gradle/actions/wrapper-validation@v3
+    uses: gradle/actions/wrapper-validation@v4
 ```

 ## Using the action to execute Gradle via the `arguments` parameter is deprecated
@@ -82,7 +82,7 @@ The exact syntax depends on whether or not your project is configured with the [

 ```
 - name: Setup Gradle
-  uses: gradle/actions/setup-gradle@v3
+  uses: gradle/actions/setup-gradle@v4

 - name: Assemble the project
  run: ./gradlew assemble
@@ -99,9 +99,9 @@ The exact syntax depends on whether or not your project is configured with the [

 ```
 - name: Setup Gradle for a non-wrapper project
-  uses: gradle/actions/setup-gradle@v3
+  uses: gradle/actions/setup-gradle@v4
  with:
-    gradle-version: 8.7
+    gradle-version: "8.10"

 - name: Assemble the project
  run: gradle assemble
@@ -143,3 +143,20 @@ to this:
    build-scan-terms-of-use-agree: "yes"
 ```
 These deprecated build-scan parameters are scheduled to be removed in `setup-gradle@v4` and `dependency-submission@v4`.
+
+## The GRADLE_ENTERPRISE_ACCESS_KEY env var is deprecated
+Gradle Enterprise has been renamed to Develocity starting from Gradle plugin 3.17 and Develocity server 2024.1.
+In v4 release of the action, it will require setting the access key with the `develocity-access-key` input and Develocity 2024.1 at least to generate short-lived tokens.
+If those requirements are not met, the `GRADLE_ENTERPRISE_ACCESS_KEY` env var will be cleared out and build scan publication or other authenticated Develocity operations won't be possible.
+
+## The `gradle-home-cache-cleanup` input parameter has been replaced by `cache-cleanup`
+
+In versions of the action prior to `v4`, the boolean `gradle-home-cache-cleanup` parameter allows users to opt-in 
+to cache cleanup, removing unused files in Gradle User Home prior to saving to the cache.
+
+With `v4`, cache-cleanup is enabled by default, and controlled by the `cache-cleanup` input parameter.
+
+To remove this deprecation:
+- If you are using `gradle-home-cache-cleanup: true` in your workflow, you can remove this option as this is now enabled by default.
+- If you want cache-cleanup to run even when a Gradle build fails, then add the `cache-cleanup: always` input.
+- If cache-cleanup is causing problems with your workflow, you can disable it with `cache-cleanup: never`.
--- a/docs/setup-gradle.md
+++ b/docs/setup-gradle.md
@@ -28,7 +28,8 @@ The recommended way to execute any Gradle build is with the help of the [Gradle
 ```yaml
 name: Run Gradle on every push

-on: push
+on:
+  push:

 jobs:
  gradle:
@@ -44,7 +45,7 @@ jobs:
        java-version: 17

    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4

    - name: Execute Gradle build
      run: ./gradlew build
@@ -56,11 +57,11 @@ The `setup-gradle` action can download and install a specified Gradle version, a
 Downloaded Gradle versions are stored in the GitHub Actions cache, to avoid having to download them again later.

 ```yaml
- - name: Setup Gradle 8.5
-   uses: gradle/actions/setup-gradle@v3
+ - name: Setup Gradle 8.10
+   uses: gradle/actions/setup-gradle@v4
   with:
-     gradle-version: 8.5
-  - name: Build with Gradle 8.5
+     gradle-version: "8.10" # Quotes required to prevent YAML converting to number
+  - name: Build with Gradle 8.10
    run: gradle build
 ```

@@ -95,7 +96,7 @@ jobs:
        distribution: temurin
        java-version: 17

-    - uses: gradle/actions/setup-gradle@v3
+    - uses: gradle/actions/setup-gradle@v4
      id: setup-gradle
      with:
        gradle-version: release-candidate
@@ -152,9 +153,32 @@ In certain circumstances it may be desirable to start with a clean Gradle User H
 cache-write-only: true
 ```

+### Configuring cache cleanup
+
+The Gradle User Home directory tends to grow over time. When you switch to a new Gradle wrapper version 
+or upgrade a dependency version the old files are not automatically and immediately removed. 
+While this can make sense in a local environment, in a GitHub Actions environment
+it can lead to ever-larger Gradle User Home cache entries being saved and restored.
+
+To avoid this situation, the `setup-gradle` and `dependency-submission` actions will perform "cache-cleanup", 
+purging any unused files from the Gradle User Home before saving it to the GitHub Actions cache. 
+Cache cleanup will attempt to remove any files that are initially restored to the Gradle User Home directory 
+but that are not used used by Gradle during the GitHub Actions Workflow.
+
+If a Gradle build fails when running the Job, then it is possible that some required files and dependencies 
+will not be touched during the Job. To prevent these files from being purged, the default behavior is for 
+cache cleanup to run only when all Gradle builds in the Job are successful.
+
+Gradle Home cache cleanup is enabled by default, and can be controlled by the `cache-cleanup` parameter as follows:
+- `cache-cleanup: always`: Always run cache cleanup, even when a Gradle build fails in the Job.
+- `cache-cleanup: on-success` (default): Run cache cleanup when the Job contains no failing Gradle builds.
+- `cache-cleanup: never`: Disable cache cleanup for the Job.
+
+Cache cleanup will never run when the cache is configured as read-only or disabled.
+
 ### Overwriting an existing Gradle User Home

-When the action detects that the Gradle User Home caches directory already exists (`~/.gradle/caches`), then by default it will not overwrite the existing content of this directory.
+When the action detects that the Gradle User Home caches directory already exists (`$GRADLE_USER_HOME/caches`), then by default it will not overwrite the existing content of this directory.
 This can occur when a prior action initializes this directory, or when using a self-hosted runner that retains this directory between uses.

 In this case, the Job Summary will display a message like:
@@ -189,7 +213,7 @@ jobs:
        distribution: temurin
        java-version: 17

-    - uses: gradle/actions/setup-gradle@v3
+    - uses: gradle/actions/setup-gradle@v4
      with:
        gradle-version: 8.6
        cache-encryption-key: ${{ secrets.GradleEncryptionKey }}
@@ -197,7 +221,7 @@ jobs:
 ```

 > [!IMPORTANT]
-> The configuration cache cannot be saved or restored in workflows triggered by a pull requests from a repsitory fork.
+> The configuration cache cannot be saved or restored in workflows triggered by a pull requests from a repository fork.
 > This is because [GitHub secrets are not passed to workflows triggered by PRs from forks](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow).
 > This prevents a malicious PR from reading the configuration-cache data, which may encode secrets read by Gradle.

@@ -217,7 +241,7 @@ Using either of these mechanisms may interfere with the caching provided by this

 The GitHub Actions cache has some properties that present problems for efficient caching of the Gradle User Home.
 - Immutable entries: once a cache entry is written for a key, it cannot be overwritten or changed.
- Branch scope: cache entries written for a Git branch are not visible from actions running against different branches. Entries written for the default branch are visible to all. https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache
+- Branch scope: cache entries written for a Git branch are not visible from actions running against different branches or tags. Entries written for the default branch are visible to all. https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache
 - Restore keys: if no exact match is found, a set of partial keys can be provided that will match by cache key prefix. https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#matching-a-cache-key

 Each of these properties has influenced the design and implementation of the caching in `setup-gradle`, as described below.
@@ -315,8 +339,8 @@ Some techniques can be used to avoid/mitigate this issue:

 ### Select which branches should write to the cache

-GitHub cache entries are not shared between builds on different branches. 
-Workflow runs can restore caches created in either the current branch or the default branch (usually main).
+GitHub cache entries are not shared between builds on different branches or tags.
+Workflow runs can _only_ restore caches created in either the same branch or the default branch (usually `main`).
 This means that each branch will have its own Gradle User Home cache scope, and will not benefit from cache entries written for other (non-default) branches.

 By default, The `setup-gradle` action will only _write_ to the cache for builds run on the default (`master`/`main`) branch.
@@ -355,20 +379,6 @@ gradle-home-cache-excludes: |
 You can specify any number of fixed paths or patterns to include or exclude.
 File pattern support is documented at https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#patterns-to-match-file-paths.

-### Remove unused files from Gradle User Home before saving to the cache
-
-The Gradle User Home directory tends to grow over time. When you switch to a new Gradle wrapper version or upgrade a dependency version
-the old files are not automatically and immediately removed. While this can make sense in a local environment, in a GitHub Actions environment
-it can lead to ever-larger Gradle User Home cache entries being saved and restored.
-
-To avoid this situation, The `setup-gradle` action supports the `gradle-home-cache-cleanup` parameter. 
-When enabled, this feature will attempt to delete any files in the Gradle User Home that were not used by Gradle during the GitHub Actions Workflow, before saving the Gradle User Home to the GitHub Actions cache.
-
-Gradle Home cache cleanup is considered experimental and is disabled by default.  You can enable this feature for the action as follows:
-```yaml
-gradle-home-cache-cleanup: true
-```
-
 ### Disable local build-cache when remote build-cache is available

 If you have a remote build-cache available for your build, then it is recommended to do the following:
@@ -445,7 +455,7 @@ jobs:
        java-version: 17

    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
      with:
        add-job-summary-as-pr-comment: on-failure # Valid values are 'never' (default), 'always', and 'on-failure'

@@ -482,13 +492,13 @@ jobs:
        java-version: 17

    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4

    - name: Run build with Gradle wrapper
      run: ./gradlew build --scan

    - name: Upload build reports
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
      if: always()
      with:
        name: build-reports
@@ -505,14 +515,30 @@ Since Gradle applies init scripts in alphabetical order, one way to ensure this

 ## Gradle Wrapper validation

-Instead of using the [wrapper-validation action](./wrapper-validation.md) separately, you can enable 
-wrapper validation directly in your Setup Gradle step.
+By default, this action will perform the same wrapper validation as is performed by the dedicated 
+[wrapper-validation action](./wrapper-validation.md). 
+This means that invalid wrapper jars will be automatically detected when using `setup-gradle`. 
+
+If you do not want wrapper-validation to occur automatically, you can disable it:

 ```yaml
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        validate-wrappers: false
+```
+
+If your repository uses snapshot versions of the Gradle wrapper, such as nightly builds, then you'll need to 
+explicitly allow snapshot wrappers in wrapper validation.
+These are not allowed by default.
+
+
+```yaml
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4
      with:
        validate-wrappers: true
+        allow-snapshot-wrappers: true
 ```

 If you need more advanced configuration, then you're advised to continue using a separate workflow step
@@ -574,7 +600,7 @@ jobs:
        java-version: 17

    - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
      with:
        dependency-graph: generate-and-submit
    - name: Run the usual CI build (dependency-graph will be generated and submitted post-job)
@@ -601,7 +627,7 @@ graph cannot be generated or submitted. You can enable this behavior with the `d

 ```yaml
 # Ensure that the workflow Job will fail if the dependency graph cannot be submitted
- uses: gradle/actions/setup-gradle@v3
+- uses: gradle/actions/setup-gradle@v4
  with:
    dependency-graph: generate-and-submit
    dependency-graph-continue-on-failure: false
@@ -626,7 +652,7 @@ jobs:
        java-version: 17

    - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
      with:
        dependency-graph: generate-and-submit
    - name: Run a build, resolving the 'dependency-graph' plugin from the plugin portal proxy
@@ -656,7 +682,7 @@ jobs:
        java-version: 17

    - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
      with:
        dependency-graph: generate-and-submit
    - name: Build the app, generating a graph of dependencies required
@@ -692,28 +718,139 @@ To reduce storage costs for these artifacts, you can set the `artifact-retention

 ```yaml
    - name: Generate dependency graph, but only retain artifact for one day
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
      with:
        dependency-graph: generate
        artifact-retention-days: 1
 ```

-# Develocity plugin injection
+# Develocity Build Scan® integration

-The `setup-gradle` action provides support for injecting and configuring the Develocity Gradle plugin into any Gradle build, without any modification to the project sources.
-This is achieved via an init-script installed into Gradle User Home, which is enabled and parameterized via environment variables.
+Publishing a Develocity Build Scan can be very helpful for Gradle builds run on GitHub Actions. Each Build Scan provides a
+detailed report of the execution of the build, including which tasks were executed and the results of any test execution.
+
+The `setup-gradle` plugin provides a number of features to enable and enhance publishing Build Scans® to a Develocity instance.
+
+## Publishing to scans.gradle.com
+
+If you don't have a a private Develocity instance, you can easily publish Build Scans to the 
+free, public Develocity instance (https://scans.gradle.com).
+
+To publish to https://scans.gradle.com, you must specify in your workflow that you accept the [Gradle Terms of Use](https://gradle.com/help/legal-terms-of-use).
+
+```yaml
+    - name: Setup Gradle to publish build scans
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        build-scan-publish: true
+        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
+        build-scan-terms-of-use-agree: "yes"
+
+    - name: Run a Gradle build - a build scan will be published automatically
+      run: ./gradlew build
+```
+
+## Managing Develocity access keys
+
+Develocity access keys are long-lived, creating risks if they are leaked. To mitigate this risk this, 
+the `setup-gradle` action can automatically attempt to obtain a [short-lived access token](https://docs.gradle.com/develocity/gradle-plugin/current/#short_lived_access_tokens)
+to use when authenticating with Develocity. 
+The short-lived access token will then be used wherever a Develocity access key is required.
+
+```yaml
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }} # Long-lived access key, visiblility is restricted to this step.
+
+    # Subsequent steps will automatically use a short-lived access token to authenticate with Develocity
+    - name: Run a Gradle build that is configured to publish to Develocity.
+      run: ./gradlew build
+```
+
+### Increasing the expiry time for Develocity access tokens
+
+By default, a short-lived Develocity access token will be valid for 2 hours from the time it is generated. If your workflows take longer than
+2 hours to complete, you may see failure to publish Build Scans due to access token expiry.
+
+To avoid this, use the `develocity-token-expiry` parameter to specify a different token expiry in hours.
+
+```yaml
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
+        develocity-token-expiry: 8 # The number of hours that the access token should remain valid (max 24).
+```
+
+### Develocity access key supplied as environment variable
+
+The preferred mechanism is to supply the long-lived Develocity access key directly to `setup-gradle` via 
+the `develocity-access-key` input variable. However, the action will also detect an access key configured as an environment variable,
+such as `DEVELOCITY_ACCESS_KEY` or `GRADLE_ENTERPRISE_ACCESS_KEY`. In this case, the environment variable value will be replaced by 
+a short-lived access token, thus hiding the long-lived access key from subsequent steps.
+
+```yaml
+env:
+  DEVELOCITY_ACCESS_KEY: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
+
+jobs:
+  build-with-gradle:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4
+
+    # The build will automatically use a short-lived access token to authenticate with Develocity
+    - name: Run a Gradle build that is configured to publish to Develocity.
+      run: ./gradlew build
+```
+
+### Failure to obtain a short-lived access token
+
+If a short-lived token cannot be retrieved (for example, if the Develocity server version is lower than `2024.1`):
+ - If the access key is provided via `develocity-access-key`, then no access token is set and authentication with Develocity will not succeed.
+ - If the access key is provided via an environment variable, a warning will be logged and the environment variable will be left as-is. 
+   This can result in long-lived access keys being unintentionally exposed to other workflow steps.
+For more information on short-lived tokens, see [Develocity API documentation](https://docs.gradle.com/develocity/api-manual/#short_lived_access_tokens).
+
+## Develocity plugin injection
+
+The `setup-gradle` action provides support for transparently injecting and configuring the Develocity Gradle plugin into any Gradle build, 
+without any modification to the project sources. This allows Build Scans to be published for a repository without any changes to the project sources.
+
+Develocity injection is achieved via an init-script installed into Gradle User Home, which is enabled and parameterized via environment variables.

 The same auto-injection behavior is available for the Common Custom User Data Gradle plugin, which enriches any build scans published with additional useful information.

-## Enabling Develocity injection
+### Enabling Develocity injection

-To enable Develocity injection for your build, you must provide the required configuration via environment variables. 
+To enable Develocity injection for your build, you must provide the required configuration via inputs.

 Here's a minimal example:

 ```yaml
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        develocity-injection-enabled: true
+        develocity-url: https://develocity.your-server.com
+        develocity-plugin-version: 3.17.5
+
+    - name: Run a Gradle build with Develocity injection enabled
+      run: ./gradlew build
+```
+
+This configuration will automatically apply `v3.18.1` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+
+This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
+In the likely scenario that your Develocity server requires authentication, you will also need to pass a valid [Develocity access key](https://docs.gradle.com/develocity/gradle-plugin/#via_environment_variable) taken from a secret:
+
+```yaml
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4
+      with:
+        develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}

    - name: Run a Gradle build with Develocity injection enabled
      run: ./gradlew build
@@ -723,44 +860,71 @@ Here's a minimal example:
        DEVELOCITY_PLUGIN_VERSION: 3.17
 ```

-This configuration will automatically apply `v3.17` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+This access key will be used during the action execution to get a short-lived token and set it to the DEVELOCITY_ACCESS_KEY environment variable.

-This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
-In the likely scenario that your Develocity server requires authentication, you will also need to configure an additional environment variable
-with a valid [Develocity access key](https://docs.gradle.com/develocity/gradle-plugin/#via_environment_variable).
-
-## Configuring Develocity injection
+### Configuring Develocity injection

 The `init-script` supports several additional configuration parameters that you may find useful. All configuration options (required and optional) are detailed below:

 | Variable                             | Required | Description                                                                                                                                                             |
 |--------------------------------------| --- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| DEVELOCITY_INJECTION_ENABLED         | :white_check_mark: | enables Develocity injection                                                                                                                                            |
-| DEVELOCITY_URL                       | :white_check_mark: | the URL of the Develocity server                                                                                                                                        |
-| DEVELOCITY_ALLOW_UNTRUSTED_SERVER    | | allow communication with an untrusted server; set to _true_ if your Develocity instance is using a self-signed certificate                                              |
-| DEVELOCITY_CAPTURE_FILE_FINGERPRINTS | | enables capturing the paths and content hashes of each individual input file                                                                                            |
-| DEVELOCITY_ENFORCE_URL               | | enforce the configured Develocity URL over a URL configured in the project's build; set to _true_ to enforce publication of build scans to the configured Develocity URL |
-| DEVELOCITY_PLUGIN_VERSION            | :white_check_mark: | the version of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/) to apply                                                               |
-| DEVELOCITY_CCUD_PLUGIN_VERSION       |  | the version of the [Common Custom User Data Gradle plugin](https://github.com/gradle/common-custom-user-data-gradle-plugin) to apply, if any                            |
-| GRADLE_PLUGIN_REPOSITORY_URL         |  | the URL of the repository to use when resolving the Develocity and CCUD plugins; the Gradle Plugin Portal is used by default                                            |
-| GRADLE_PLUGIN_REPOSITORY_USERNAME    |  | the username for the repository URL to use when resolving the Develocity and CCUD plugins                                                                               |
-| GRADLE_PLUGIN_REPOSITORY_PASSWORD    |  | the password for the repository URL to use when resolving the Develocity and CCUD plugins; Consider using secrets to pass the value to this variable                    |
+| develocity-injection-enabled         | :white_check_mark: | enables Develocity injection                                                                                                                                            |
+| develocity-url                       | :white_check_mark: | the URL of the Develocity server                                                                                                                                        |
+| develocity-allow-untrusted-server    | | allow communication with an untrusted server; set to _true_ if your Develocity instance is using a self-signed certificate                                              |
+| develocity-capture-file-fingerprints | | enables capturing the paths and content hashes of each individual input file                                                                                            |
+| develocity-enforce-url               | | enforce the configured Develocity URL over a URL configured in the project's build; set to _true_ to enforce publication of build scans to the configured Develocity URL |
+| develocity-plugin-version            | :white_check_mark: | the version of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/) to apply                                                               |
+| develocity-ccud-plugin-version       |  | the version of the [Common Custom User Data Gradle plugin](https://github.com/gradle/common-custom-user-data-gradle-plugin) to apply, if any                            |
+| gradle-plugin-repository-url         |  | the URL of the repository to use when resolving the Develocity and CCUD plugins; the Gradle Plugin Portal is used by default                                            |
+| gradle-plugin-repository-username    |  | the username for the repository URL to use when resolving the Develocity and CCUD plugins                                                                               |
+| gradle-plugin-repository-password    |  | the password for the repository URL to use when resolving the Develocity and CCUD plugins; Consider using secrets to pass the value to this variable                    |

-## Publishing to scans.gradle.com
+The input parameters can be expressed as environment variables following the relationships outlined in the table below:

-Develocity injection is designed to enable the publishing of build scans to a Develocity instance,
-but is also useful for publishing to the public Build Scans instance (https://scans.gradle.com).
+| Input                                | Environment Variable                 |
+|--------------------------------------|--------------------------------------|
+| develocity-injection-enabled         | DEVELOCITY_INJECTION_ENABLED         |
+| develocity-url                       | DEVELOCITY_URL                       |
+| develocity-allow-untrusted-server    | DEVELOCITY_ALLOW_UNTRUSTED_SERVER    |
+| develocity-capture-file-fingerprints | DEVELOCITY_CAPTURE_FILE_FINGERPRINTS |
+| develocity-enforce-url               | DEVELOCITY_ENFORCE_URL               |
+| develocity-plugin-version            | DEVELOCITY_PLUGIN_VERSION            |
+| develocity-ccud-plugin-version       | DEVELOCITY_CCUD_PLUGIN_VERSION       |
+| gradle-plugin-repository-url         | GRADLE_PLUGIN_REPOSITORY_URL         |
+| gradle-plugin-repository-username    | GRADLE_PLUGIN_REPOSITORY_USERNAME    |
+| gradle-plugin-repository-password    | GRADLE_PLUGIN_REPOSITORY_PASSWORD    |

-To publish to https://scans.gradle.com, you must specify in your workflow that you accept the [Gradle Terms of Use](https://gradle.com/help/legal-terms-of-use).
+
+Here's an example using the env vars:

 ```yaml
-    - name: Setup Gradle to publish build scans
-      uses: gradle/actions/setup-gradle@v3
-      with:
-        build-scan-publish: true
-        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
-        build-scan-terms-of-use-agree: "yes"
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4

-    - name: Run a Gradle build - a build scan will be published automatically
+    - name: Run a Gradle build with Develocity injection enabled with environment variables
      run: ./gradlew build
+      env:
+        DEVELOCITY_INJECTION_ENABLED: true
+        DEVELOCITY_URL: https://develocity.your-server.com
+        DEVELOCITY_ENFORCE_URL: true
+        DEVELOCITY_PLUGIN_VERSION: "3.18.1"
+        DEVELOCITY_CCUD_PLUGIN_VERSION: "2.0.2"
 ```
+
+# Dependency verification
+
+Develocity injection, Build Scan publishing and Dependency Graph generation all work by applying external plugins to your build.
+If you project has [dependency verification enabled](https://docs.gradle.org/current/userguide/dependency_verification.html#sec:signature-verification), 
+then you'll need to update your verification metadata to trust these plugins.
+
+Each of the plugins is signed by Gradle, and you can simply add the following snippet to your `dependency-verificaton.xml` file:
+
+```xml
+<trusted-keys>
+   <trusted-key id="7B79ADD11F8A779FE90FD3D0893A028475557671">
+      <trusting group="com.gradle"/>
+      <trusting group="org.gradle"/>
+   </trusted-key>
+</trusted-keys>
+```
+
--- a/docs/wrapper-validation.md
+++ b/docs/wrapper-validation.md
@@ -4,6 +4,12 @@ This action validates the checksums of _all_ [Gradle Wrapper](https://docs.gradl

 The action should be run in the root of the repository, as it will recursively search for any files named `gradle-wrapper.jar`.

+> [!NOTE]
+> Starting with v4 the `setup-gradle` action will automatically [perform wrapper validation](../docs/setup-gradle.md#gradle-wrapper-validation)
+> on each execution.
+> 
+> If you are using `setup-gradle` in your workflows, it is unlikely that you will need to use the `wrapper-validation` action.
+
 ## The Gradle Wrapper Problem in Open Source

 The `gradle-wrapper.jar` is a binary blob of executable code that is checked into nearly
@@ -44,7 +50,7 @@ We created an example [Homoglyph attack PR here](https://github.com/JLLeitschuh/
 Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build:

 ```yaml
-uses: gradle/actions/wrapper-validation@v3
+uses: gradle/actions/wrapper-validation@v4
 ```

 This action step should precede any step using `gradle/gradle-build-action` or `gradle/actions/setup-gradle`.
@@ -56,7 +62,10 @@ Here's a sample complete workflow you can add to your repositories:
 **`.github/workflows/gradle-wrapper-validation.yml`**
 ```yaml
 name: "Validate Gradle Wrapper"
-on: [push, pull_request]
+
+on:
+  push:
+  pull_request:

 jobs:
  validation:
@@ -64,7 +73,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v3
+      - uses: gradle/actions/wrapper-validation@v4
 ```

 ## Contributing to an external GitHub Repository
@@ -87,18 +96,22 @@ We recommend the message commit contents of:

 From there, you can easily follow the rest of the prompts to create a Pull Request against the project.

-## Reporting Failures
+## Validation Failures

-If this GitHub action fails because a `gradle-wrapper.jar` doesn't match one of our published SHA-256 checksums,
+A wrapper jar can fail validation for a few reasons:
+1. The wrapper is from a snapshot build of Gradle (nightly or release nightly) and you have not set `allow-snapshots`
+   or `allow-snapshot-wrappers` to `true`.
+2. The wrapper jar is from a version of Gradle with an unverifiable wrapper jar (see below).
+3. The wrapper jar was not published by Gradle, and could be compromised.
+
+If this GitHub action fails because a `gradle-wrapper.jar` was not published by Gradle,
 we highly recommend that you reach out to us at [security@gradle.com](mailto:security@gradle.com).

-**Note:** `gradle-wrapper.jar` generated by Gradle 3.3 to 4.0 are not verifiable because those files were dynamically generated by Gradle in a non-reproducible way. It's not possible to verify the `gradle-wrapper.jar` for those versions are legitimate using a hash comparison. You should try to determine if the `gradle-wrapper.jar` was generated by one of these versions before running the build.
+#### Unverifiable Wrapper Jars
+Wrapper Jars generated by Gradle versions `3.3` to `4.0` are not verifiable because those files were dynamically generated by Gradle in a non-reproducible way. It's not possible to verify the `gradle-wrapper.jar` for those versions are legitimate using a hash comparison. If you have a validation failure, you should try to determine if the `gradle-wrapper.jar` was generated by one of these versions before running the build.

-If the Gradle version in `gradle-wrapper.properties` is out of this range, you may need to regenerate the `gradle-wrapper.jar` by running `./gradlew wrapper`. If you need to use a version of Gradle between 3.3 and 4.0, you can use a newer version of Gradle to generate the `gradle-wrapper.jar`.
-
-If you're curious and want to explore what the differences are between the `gradle-wrapper.jar` in your possession
-and one of our valid release, you can compare them using this online utility: [diffoscope](https://try.diffoscope.org/).
-Regardless of what you find, we still kindly request that you reach out to us and let us know.
+- If the Gradle version in `gradle-wrapper.properties` is outside of this range, you can regenerate the `gradle-wrapper.jar` by running `./gradlew wrapper`. This will generate a new, verifiable wrapper jar.
+- If you need to run your build with a version of Gradle between 3.3 and 4.0, you can use a newer version of Gradle to generate the `gradle-wrapper.jar`.

 ## Resources

--- a/setup-gradle/README.md
+++ b/setup-gradle/README.md
@@ -11,7 +11,8 @@ The recommended way to execute any Gradle build is with the help of the [Gradle
 ```yaml
 name: Build

-on: [ push ]
+on:
+  push:

 jobs:
  build:
@@ -25,7 +26,7 @@ jobs:
        distribution: 'temurin'
        java-version: 17
    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
    - name: Build with Gradle
      run: ./gradlew build
 ```
--- a/setup-gradle/action.yml
+++ b/setup-gradle/action.yml
@@ -40,6 +40,20 @@ inputs:
      Configuration-cache data will not be saved/restored without an encryption key being provided.
    required: false

+  cache-cleanup:
+    description: |
+      Specifies if the action should attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
+      By default ('on-success'), cleanup is performed when all Gradle builds succeed for the Job. 
+      This behaviour can be disabled ('never'), or configured to always run irrespective of the build outcome ('always').
+      Valid values are 'never', 'on-success' and 'always'.
+    required: false
+    default: 'on-success'
+
+  gradle-home-cache-cleanup:
+    description: When 'true', the action will attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
+    required: false
+    deprecation-message: This input has been superceded by the 'cache-cleanup' input parameter.
+
  gradle-home-cache-includes:
    description: Paths within Gradle User Home to cache.
    required: false
@@ -51,11 +65,6 @@ inputs:
    description: Paths within Gradle User Home to exclude from cache.
    required: false

-  gradle-home-cache-cleanup:
-    description: When 'true', the action will attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
-    required: false
-    default: false
-
  # Job summary configuration
  add-job-summary:
    description: Specifies when a Job Summary should be inluded in the action results. Valid values are 'never', 'always' (default), and 'on-failure'.
@@ -71,15 +80,46 @@ inputs:
  dependency-graph:
    description: |
      Specifies if a GitHub dependency snapshot should be generated for each Gradle build, and if so, how.
-      Valid values are 'disabled' (default), 'generate', 'generate-and-submit', 'generate-and-upload', 'download-and-submit' and 'clear'.
+      Valid values are 'disabled' (default), 'generate', 'generate-and-submit', 'generate-and-upload', and 'download-and-submit'.
    required: false
    default: 'disabled'

+  dependency-graph-report-dir:
+    description: |
+      Specifies where the dependency graph report will be generated. 
+      Paths can relative or absolute. Relative paths are resolved relative to the workspace directory.
+    required: false
+    default: 'dependency-graph-reports'
+
  dependency-graph-continue-on-failure:
    description: When 'false' a failure to generate or submit a dependency graph will fail the Step or Job. When 'true' a warning will be emitted but no failure will result.
    required: false
    default: true

+  dependency-graph-exclude-projects:
+    description: |
+      Gradle projects that should be excluded from dependency graph (regular expression).
+      When set, any matching project will be excluded.
+    required: false
+
+  dependency-graph-include-projects:
+    description: |
+      Gradle projects that should be included in dependency graph (regular expression). 
+      When set, only matching projects will be included.
+    required: false
+
+  dependency-graph-exclude-configurations:
+    description: |
+      Gradle configurations that should be included in dependency graph (regular expression). 
+      When set, anymatching configurations will be excluded.
+    required: false
+
+  dependency-graph-include-configurations:
+    description: |
+      Gradle configurations that should be included in dependency graph (regular expression). 
+      When set, only matching configurations will be included.
+    required: false
+
  artifact-retention-days:
    description: Specifies the number of days to retain any artifacts generated by the action. If not set, the default retention settings for the repository will apply.
    required: false
@@ -100,40 +140,74 @@ inputs:
    description: Indicate that you agree to the Build Scan® terms of use. This input value must be "yes".
    required: false

+  develocity-access-key:
+    description: Develocity access key. Should be set to a secret containing the Develocity Access key.
+    required: false
+
+  develocity-token-expiry:
+    description: The Develocity short-lived access tokens expiry in hours. Default is 2 hours.
+    required: false
+
+  develocity-injection-enabled:
+    description: Enables Develocity injection.
+    required: false
+
+  develocity-url:
+    description: The URL for the Develocity server.
+    required: false
+
+  develocity-allow-untrusted-server:
+    description: Allow communication with an untrusted server; set to _true_ if your Develocity instance is using a self-signed.
+    required: false
+
+  develocity-capture-file-fingerprints:
+    description: Enables capturing the paths and content hashes of each individual input file.
+    required: false
+
+  develocity-enforce-url:
+    description: Enforce the configured Develocity URL over a URL configured in the project's build; set to _true_ to enforce publication of build scans to the configured Develocity URL.
+    required: false
+
+  develocity-plugin-version:
+    description: The version of the Develocity Gradle plugin to apply.
+    required: false
+
+  develocity-ccud-plugin-version:
+    description: The version of the Common Custom User Data Gradle plugin to apply, if any.
+    required: false
+
+  gradle-plugin-repository-url:
+    description: The URL of the repository to use when resolving the Develocity and CCUD plugins; the Gradle Plugin Portal is used by default.
+    required: false
+
+  gradle-plugin-repository-username:
+    description: The username for the repository URL to use when resolving the Develocity and CCUD.
+    required: false
+
+  gradle-plugin-repository-password:
+    description: The password for the repository URL to use when resolving the Develocity and CCUD plugins; Consider using secrets to pass the value to this variable.
+    required: false
+
  # Wrapper validation configuration
  validate-wrappers:
    description: |
-      When 'true', the action will perform the 'wrapper-validation' action automatically.
+      When 'true' (the default) the action will automatically validate all wrapper jars found in the repository.
      If the wrapper checksums are not valid, the action will fail.
    required: false
+    default: true
+
+  allow-snapshot-wrappers:
+    description: |
+      When 'true', wrapper validation will include the checksums of snapshot wrapper jars. 
+      Use this if you are running with nightly or snapshot versions of the Gradle wrapper.
+    required: false
    default: false

  # DEPRECATED ACTION INPUTS
-  build-scan-terms-of-service-url:
-    description: The URL to the Build Scan® terms of use. This input must be set to 'https://gradle.com/terms-of-service'.
-    required: false
-    deprecation-message: The input has been renamed to align with the Develocity API. Use 'build-scan-terms-of-use-url' instead.
-
-  build-scan-terms-of-service-agree:
-    description: Indicate that you agree to the Build Scan® terms of use. This input value must be "yes".
-    required: false
-    deprecation-message: The input has been renamed to align with the Develocity API. Use 'build-scan-terms-of-use-agree' instead.
-
-  generate-job-summary:
-    description: When 'false', no Job Summary will be generated for the Job.
-    required: false
-    default: true
-    deprecation-message: Superceded by the new 'add-job-summary' and 'add-job-summary-as-pr-comment' parameters.
-
  arguments:
    description: Gradle command line arguments (supports multi-line input)
    required: false
-    deprecation-message: Using the action to execute Gradle directly is deprecated in favor of using the action to setup Gradle, and executing Gradle in a subsequent Step.
-
-  build-root-directory:
-    description: Path to the root directory of the build. Default is the root of the GitHub workspace.
-    required: false
-    deprecation-message: Using the action to execute Gradle directly is deprecated in favor of using the action to setup Gradle, and executing Gradle in a subsequent Step.
+    deprecation-message: This parameter has been deprecated and removed. It is only left here to allow for better reporting to assist users to migrate.

  # EXPERIMENTAL ACTION INPUTS
  # The following action properties allow fine-grained tweaking of the action caching behaviour.
--- a/sources/.tool-versions
+++ b/sources/.tool-versions
@@ -1,3 +1,3 @@
 # Configuration file for asdf version manager
 nodejs 20.10.0
-gradle 8.7
+gradle 8.10
--- a/sources/package-lock.json
+++ b/sources/package-lock.json
--- a/sources/package.json
+++ b/sources/package.json
@@ -8,11 +8,11 @@
    "prettier-write": "prettier --write 'src/**/*.ts'",
    "prettier-check": "prettier --check 'src/**/*.ts'",
    "lint": "eslint 'src/**/*.ts'",
-    "compile-dependency-submission-main": "ncc build src/dependency-submission/main.ts --out dist/dependency-submission/main --source-map --no-source-map-register",
-    "compile-dependency-submission-post": "ncc build src/dependency-submission/post.ts --out dist/dependency-submission/post --source-map --no-source-map-register",
-    "compile-setup-gradle-main": "ncc build src/setup-gradle/main.ts --out dist/setup-gradle/main --source-map --no-source-map-register",
-    "compile-setup-gradle-post": "ncc build src/setup-gradle/post.ts --out dist/setup-gradle/post --source-map --no-source-map-register",
-    "compile-wrapper-validation-main": "ncc build src/wrapper-validation/main.ts --out dist/wrapper-validation/main --source-map --no-source-map-register",
+    "compile-dependency-submission-main": "ncc build src/actions/dependency-submission/main.ts --out dist/dependency-submission/main --source-map --no-source-map-register",
+    "compile-dependency-submission-post": "ncc build src/actions/dependency-submission/post.ts --out dist/dependency-submission/post --source-map --no-source-map-register",
+    "compile-setup-gradle-main": "ncc build src/actions/setup-gradle/main.ts --out dist/setup-gradle/main --source-map --no-source-map-register",
+    "compile-setup-gradle-post": "ncc build src/actions/setup-gradle/post.ts --out dist/setup-gradle/post --source-map --no-source-map-register",
+    "compile-wrapper-validation-main": "ncc build src/actions/wrapper-validation/main.ts --out dist/wrapper-validation/main --source-map --no-source-map-register",
    "compile": "npm-run-all --parallel compile-*",
    "check": "npm-run-all --parallel prettier-check lint",
    "format": "npm-run-all --parallel prettier-write lint",
@@ -32,38 +32,40 @@
  ],
  "license": "MIT",
  "dependencies": {
-    "@actions/artifact": "2.1.4",
+    "@actions/artifact": "2.1.9",
    "@actions/cache": "3.2.4",
    "@actions/core": "1.10.1",
    "@actions/exec": "1.1.1",
    "@actions/github": "6.0.0",
-    "@actions/glob": "0.4.0",
-    "@actions/http-client": "2.2.1",
+    "@actions/glob": "0.5.0",
+    "@actions/http-client": "2.2.3",
    "@actions/tool-cache": "2.0.1",
-    "@octokit/rest": "20.1.0",
-    "@octokit/webhooks-types": "7.5.0",
-    "semver": "7.6.0",
+    "@octokit/rest": "21.0.2",
+    "@octokit/webhooks-types": "7.5.1",
+    "cheerio": "^1.0.0",
+    "semver": "7.6.3",
    "string-argv": "0.3.2",
-    "typed-rest-client": "1.8.11",
-    "unhomoglyph": "1.0.6"
-},
+    "typed-rest-client": "2.0.2",
+    "unhomoglyph": "1.0.6",
+    "which": "4.0.0"
+  },
  "devDependencies": {
-    "@types/jest": "29.5.12",
-    "@types/node": "20.12.4",
-    "@types/unzipper": "0.10.9",
-    "@typescript-eslint/parser": "7.5.0",
+    "@types/jest": "29.5.13",
+    "@types/node": "20.16.5",
+    "@types/unzipper": "0.10.10",
+    "@types/which": "3.0.4",
+    "@typescript-eslint/parser": "7.18.0",
    "@vercel/ncc": "0.38.1",
    "eslint": "8.57.0",
-    "eslint-plugin-github": "4.10.2",
-    "eslint-plugin-jest": "27.9.0",
-    "eslint-plugin-prettier": "5.1.3",
+    "eslint-plugin-github": "5.0.2",
+    "eslint-plugin-jest": "28.8.3",
    "jest": "29.7.0",
    "js-yaml": "4.1.0",
+    "nock": "13.5.5",
    "npm-run-all": "4.1.5",
    "patch-package": "8.0.0",
-    "prettier": "3.2.5",
-    "ts-jest": "29.1.2",
-    "typescript": "5.4.3",
-    "nock": "13.5.4"
+    "prettier": "3.3.3",
+    "ts-jest": "29.2.5",
+    "typescript": "5.6.2"
  }
 }
--- a/sources/src/actions/dependency-submission/main.ts
+++ b/sources/src/actions/dependency-submission/main.ts
@@ -1,6 +1,7 @@
-import * as setupGradle from '../setup-gradle'
-import * as gradle from '../execution/gradle'
-import * as dependencyGraph from '../dependency-graph'
+import * as core from '@actions/core'
+import * as setupGradle from '../../setup-gradle'
+import * as gradle from '../../execution/gradle'
+import * as dependencyGraph from '../../dependency-graph'

 import {parseArgsStringToArgv} from 'string-argv'
 import {
@@ -9,10 +10,11 @@ import {
    DependencyGraphConfig,
    DependencyGraphOption,
    GradleExecutionConfig,
-    setActionId
-} from '../configuration'
-import {saveDeprecationState} from '../deprecation-collector'
-import {handleMainActionError} from '../errors'
+    setActionId,
+    WrapperValidationConfig
+} from '../../configuration'
+import {saveDeprecationState} from '../../deprecation-collector'
+import {handleMainActionError} from '../../errors'

 /**
 * The main entry point for the action, called by Github Actions for the step.
@@ -22,7 +24,10 @@ export async function run(): Promise<void> {
        setActionId('gradle/actions/dependency-submission')

        // Configure Gradle environment (Gradle User Home)
-        await setupGradle.setup(new CacheConfig(), new BuildScanConfig())
+        await setupGradle.setup(new CacheConfig(), new BuildScanConfig(), new WrapperValidationConfig())
+
+        // Capture the enabled state of dependency-graph
+        const originallyEnabled = process.env['GITHUB_DEPENDENCY_GRAPH_ENABLED']

        // Configure the dependency graph submission
        const config = new DependencyGraphConfig()
@@ -53,6 +58,9 @@ export async function run(): Promise<void> {

        await dependencyGraph.complete(config)

+        // Reset the enabled state of dependency graph
+        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_ENABLED', originallyEnabled)
+
        saveDeprecationState()
    } catch (error) {
        handleMainActionError(error)
--- a/sources/src/actions/dependency-submission/post.ts
+++ b/sources/src/actions/dependency-submission/post.ts
@@ -1,7 +1,7 @@
-import * as setupGradle from '../setup-gradle'
+import * as setupGradle from '../../setup-gradle'

-import {CacheConfig, SummaryConfig} from '../configuration'
-import {handlePostActionError} from '../errors'
+import {CacheConfig, SummaryConfig} from '../../configuration'
+import {handlePostActionError} from '../../errors'

 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
 // @actions/toolkit when a failed upload closes the file descriptor causing any in-process reads to
--- a/sources/src/actions/setup-gradle/main.ts
+++ b/sources/src/actions/setup-gradle/main.ts
@@ -1,17 +1,17 @@
-import * as setupGradle from '../setup-gradle'
-import * as gradle from '../execution/gradle'
-import * as dependencyGraph from '../dependency-graph'
+import * as setupGradle from '../../setup-gradle'
+import * as provisioner from '../../execution/provision'
+import * as dependencyGraph from '../../dependency-graph'
 import {
    BuildScanConfig,
    CacheConfig,
    DependencyGraphConfig,
    GradleExecutionConfig,
-    doValidateWrappers,
+    WrapperValidationConfig,
    getActionId,
    setActionId
-} from '../configuration'
-import {recordDeprecation, saveDeprecationState} from '../deprecation-collector'
-import {handleMainActionError} from '../errors'
+} from '../../configuration'
+import {failOnUseOfRemovedFeature, saveDeprecationState} from '../../deprecation-collector'
+import {handleMainActionError} from '../../errors'

 /**
 * The main entry point for the action, called by Github Actions for the step.
@@ -19,30 +19,22 @@ import {handleMainActionError} from '../errors'
 export async function run(): Promise<void> {
    try {
        if (getActionId() === 'gradle/gradle-build-action') {
-            recordDeprecation(
+            failOnUseOfRemovedFeature(
                'The action `gradle/gradle-build-action` has been replaced by `gradle/actions/setup-gradle`'
            )
-        } else {
-            setActionId('gradle/actions/setup-gradle')
        }

-        // Check for invalid wrapper JARs if requested
-        if (doValidateWrappers()) {
-            await setupGradle.checkNoInvalidWrapperJars()
-        }
+        setActionId('gradle/actions/setup-gradle')

        // Configure Gradle environment (Gradle User Home)
-        await setupGradle.setup(new CacheConfig(), new BuildScanConfig())
+        await setupGradle.setup(new CacheConfig(), new BuildScanConfig(), new WrapperValidationConfig())

        // Configure the dependency graph submission
        await dependencyGraph.setup(new DependencyGraphConfig())

        const config = new GradleExecutionConfig()
-        await gradle.provisionAndMaybeExecute(
-            config.getGradleVersion(),
-            config.getBuildRootDirectory(),
-            config.getArguments()
-        )
+        config.verifyNoArguments()
+        await provisioner.provisionGradle(config.getGradleVersion())

        saveDeprecationState()
    } catch (error) {
--- a/sources/src/actions/setup-gradle/post.ts
+++ b/sources/src/actions/setup-gradle/post.ts
@@ -1,9 +1,9 @@
-import * as setupGradle from '../setup-gradle'
-import * as dependencyGraph from '../dependency-graph'
+import * as setupGradle from '../../setup-gradle'
+import * as dependencyGraph from '../../dependency-graph'

-import {CacheConfig, DependencyGraphConfig, SummaryConfig} from '../configuration'
-import {handlePostActionError} from '../errors'
-import {emitDeprecationWarnings, restoreDeprecationState} from '../deprecation-collector'
+import {CacheConfig, DependencyGraphConfig, SummaryConfig} from '../../configuration'
+import {handlePostActionError} from '../../errors'
+import {emitDeprecationWarnings, restoreDeprecationState} from '../../deprecation-collector'

 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
 // @actions/toolkit when a failed upload closes the file descriptor causing any in-process reads to
--- a/sources/src/actions/wrapper-validation/main.ts
+++ b/sources/src/actions/wrapper-validation/main.ts
@@ -0,0 +1,50 @@
+import * as path from 'path'
+import * as core from '@actions/core'
+
+import * as validate from '../../wrapper-validation/validate'
+import {getActionId, setActionId} from '../../configuration'
+import {failOnUseOfRemovedFeature, emitDeprecationWarnings} from '../../deprecation-collector'
+import {handleMainActionError} from '../../errors'
+
+export async function run(): Promise<void> {
+    try {
+        if (getActionId() === 'gradle/wrapper-validation-action') {
+            failOnUseOfRemovedFeature(
+                'The action `gradle/wrapper-validation-action` has been replaced by `gradle/actions/wrapper-validation`'
+            )
+        }
+
+        setActionId('gradle/actions/wrapper-validation')
+
+        const result = await validate.findInvalidWrapperJars(
+            path.resolve('.'),
+            core.getInput('allow-snapshots') === 'true',
+            core.getInput('allow-checksums').split(',')
+        )
+        if (result.isValid()) {
+            core.info(result.toDisplayString())
+
+            const minWrapperCount = +core.getInput('min-wrapper-count')
+            if (result.valid.length < minWrapperCount) {
+                const message =
+                    result.valid.length === 0
+                        ? 'Wrapper validation failed: no Gradle Wrapper jars found. Did you forget to checkout the repository?'
+                        : `Wrapper validation failed: expected at least ${minWrapperCount} Gradle Wrapper jars, but found ${result.valid.length}.`
+                core.setFailed(message)
+            }
+        } else {
+            core.setFailed(
+                `At least one Gradle Wrapper Jar failed validation!\n  See https://github.com/gradle/actions/blob/main/docs/wrapper-validation.md#validation-failures\n${result.toDisplayString()}`
+            )
+            if (result.invalid.length > 0) {
+                core.setOutput('failed-wrapper', `${result.invalid.map(w => w.path).join('|')}`)
+            }
+        }
+
+        emitDeprecationWarnings(false)
+    } catch (error) {
+        handleMainActionError(error)
+    }
+}
+
+run()
--- a/sources/src/build-results.ts
+++ b/sources/src/build-results.ts
@@ -8,15 +8,40 @@ export interface BuildResult {
    get gradleVersion(): string
    get gradleHomeDir(): string
    get buildFailed(): boolean
+    get configCacheHit(): boolean
    get buildScanUri(): string
    get buildScanFailed(): boolean
 }

-export function loadBuildResults(): BuildResult[] {
-    return getUnprocessedResults().map(filePath => {
+export class BuildResults {
+    results: BuildResult[]
+
+    constructor(results: BuildResult[]) {
+        this.results = results
+    }
+
+    anyFailed(): boolean {
+        return this.results.some(result => result.buildFailed)
+    }
+
+    anyConfigCacheHit(): boolean {
+        return this.results.some(result => result.configCacheHit)
+    }
+
+    uniqueGradleHomes(): string[] {
+        const allHomes = this.results.map(buildResult => buildResult.gradleHomeDir)
+        return Array.from(new Set(allHomes))
+    }
+}
+
+export function loadBuildResults(): BuildResults {
+    const results = getUnprocessedResults().map(filePath => {
        const content = fs.readFileSync(filePath, 'utf8')
-        return JSON.parse(content) as BuildResult
+        const buildResult = JSON.parse(content) as BuildResult
+        addScanResults(filePath, buildResult)
+        return buildResult
    })
+    return new BuildResults(results)
 }

 export function markBuildResultsProcessed(): void {
@@ -24,7 +49,7 @@ export function markBuildResultsProcessed(): void {
 }

 function getUnprocessedResults(): string[] {
-    const buildResultsDir = path.resolve(process.env['RUNNER_TEMP']!, '.build-results')
+    const buildResultsDir = path.resolve(process.env['RUNNER_TEMP']!, '.gradle-actions', 'build-results')
    if (!fs.existsSync(buildResultsDir)) {
        return []
    }
@@ -39,6 +64,22 @@ function getUnprocessedResults(): string[] {
        })
 }

+function addScanResults(buildResultsFile: string, buildResult: BuildResult): void {
+    const buildScansDir = path.resolve(process.env['RUNNER_TEMP']!, '.gradle-actions', 'build-scans')
+    if (!fs.existsSync(buildScansDir)) {
+        return
+    }
+
+    const buildScanResults = path.resolve(buildScansDir, path.basename(buildResultsFile))
+    if (fs.existsSync(buildScanResults)) {
+        const content = fs.readFileSync(buildScanResults, 'utf8')
+        const scanResults = JSON.parse(content)
+        Object.assign(buildResult, scanResults)
+    }
+
+    return
+}
+
 function isProcessed(resultFile: string): boolean {
    const markerFile = `${resultFile}.processed`
    return fs.existsSync(markerFile)
--- a/sources/src/build-scan.ts
+++ b/sources/src/build-scan.ts
@@ -1,20 +0,0 @@
-import * as core from '@actions/core'
-import {BuildScanConfig} from './configuration'
-
-export function setup(config: BuildScanConfig): void {
-    maybeExportVariable('DEVELOCITY_INJECTION_INIT_SCRIPT_NAME', 'gradle-actions.inject-develocity.init.gradle')
-    maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions')
-    if (config.getBuildScanPublishEnabled()) {
-        maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.17')
-        maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0')
-        maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
-        maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())
-    }
-}
-
-function maybeExportVariable(variableName: string, value: unknown): void {
-    if (!process.env[variableName]) {
-        core.exportVariable(variableName, value)
-    }
-}
--- a/sources/src/caching/cache-cleaner.ts
+++ b/sources/src/caching/cache-cleaner.ts
@@ -1,8 +1,9 @@
 import * as core from '@actions/core'
 import * as exec from '@actions/exec'
-import * as glob from '@actions/glob'
+
 import fs from 'fs'
 import path from 'path'
+import * as provisioner from '../execution/provision'

 export class CacheCleaner {
    private readonly gradleUserHome: string
@@ -13,26 +14,20 @@ export class CacheCleaner {
        this.tmpDir = tmpDir
    }

-    async prepare(): Promise<void> {
-        // Reset the file-access journal so that files appear not to have been used recently
-        fs.rmSync(path.resolve(this.gradleUserHome, 'caches/journal-1'), {recursive: true, force: true})
-        fs.mkdirSync(path.resolve(this.gradleUserHome, 'caches/journal-1'), {recursive: true})
-        fs.writeFileSync(
-            path.resolve(this.gradleUserHome, 'caches/journal-1/file-access.properties'),
-            'inceptionTimestamp=0'
-        )
-
-        // Set the modification time of all files to the past: this timestamp is used when there is no matching entry in the journal
-        await this.ageAllFiles()
-
-        // Touch all 'gc' files so that cache cleanup won't run immediately.
-        await this.touchAllFiles('gc.properties')
+    async prepare(): Promise<string> {
+        // Save the current timestamp
+        const timestamp = Date.now().toString()
+        core.saveState('clean-timestamp', timestamp)
+        return timestamp
    }

    async forceCleanup(): Promise<void> {
-        // Age all 'gc' files so that cache cleanup will run immediately.
-        await this.ageAllFiles('gc.properties')
+        const cleanTimestamp = core.getState('clean-timestamp')
+        await this.forceCleanupFilesOlderThan(cleanTimestamp)
+    }

+    // Visible for testing
+    async forceCleanupFilesOlderThan(cleanTimestamp: string): Promise<void> {
        // Run a dummy Gradle build to trigger cache cleanup
        const cleanupProjectDir = path.resolve(this.tmpDir, 'dummy-cleanup-project')
        fs.mkdirSync(cleanupProjectDir, {recursive: true})
@@ -40,30 +35,54 @@ export class CacheCleaner {
            path.resolve(cleanupProjectDir, 'settings.gradle'),
            'rootProject.name = "dummy-cleanup-project"'
        )
+        fs.writeFileSync(
+            path.resolve(cleanupProjectDir, 'init.gradle'),
+            `
+            beforeSettings { settings ->
+                def cleanupTime = ${cleanTimestamp}
+            
+                settings.caches {
+                    cleanup = Cleanup.ALWAYS
+            
+                    releasedWrappers.removeUnusedEntriesOlderThan.set(cleanupTime)
+                    snapshotWrappers.removeUnusedEntriesOlderThan.set(cleanupTime)
+                    downloadedResources.removeUnusedEntriesOlderThan.set(cleanupTime)
+                    createdResources.removeUnusedEntriesOlderThan.set(cleanupTime)
+                    buildCache.removeUnusedEntriesOlderThan.set(cleanupTime)
+                }
+            }
+            `
+        )
        fs.writeFileSync(path.resolve(cleanupProjectDir, 'build.gradle'), 'task("noop") {}')

-        const gradleCommand = `gradle -g ${this.gradleUserHome} --no-daemon --build-cache --no-scan --quiet -DGITHUB_DEPENDENCY_GRAPH_ENABLED=false noop`
-        await exec.exec(gradleCommand, [], {
-            cwd: cleanupProjectDir
+        // Gradle >= 8.9 required for cache cleanup
+        const executable = await provisioner.provisionGradleAtLeast('8.9')
+
+        await core.group('Executing Gradle to clean up caches', async () => {
+            core.info(`Cleaning up caches last used before ${cleanTimestamp}`)
+            await this.executeCleanupBuild(executable, cleanupProjectDir)
        })
    }

-    private async ageAllFiles(fileName = '*'): Promise<void> {
-        core.debug(`Aging all files in Gradle User Home with name ${fileName}`)
-        await this.setUtimes(`${this.gradleUserHome}/**/${fileName}`, new Date(0))
-    }
+    private async executeCleanupBuild(executable: string, cleanupProjectDir: string): Promise<void> {
+        const args = [
+            '-g',
+            this.gradleUserHome,
+            '-I',
+            'init.gradle',
+            '--info',
+            '--no-daemon',
+            '--no-scan',
+            '--build-cache',
+            '-DGITHUB_DEPENDENCY_GRAPH_ENABLED=false',
+            'noop'
+        ]

-    private async touchAllFiles(fileName = '*'): Promise<void> {
-        core.debug(`Touching all files in Gradle User Home with name ${fileName}`)
-        await this.setUtimes(`${this.gradleUserHome}/**/${fileName}`, new Date())
-    }
-
-    private async setUtimes(pattern: string, timestamp: Date): Promise<void> {
-        const globber = await glob.create(pattern, {
-            implicitDescendants: false
+        const result = await exec.getExecOutput(executable, args, {
+            cwd: cleanupProjectDir,
+            silent: true
        })
-        for await (const file of globber.globGenerator()) {
-            fs.utimesSync(file, timestamp, timestamp)
-        }
+
+        core.info(result.stdout)
    }
 }
--- a/sources/src/caching/cache-key.ts
+++ b/sources/src/caching/cache-key.ts
@@ -73,7 +73,8 @@ export function getCacheKeyBase(cacheName: string, cacheProtocolVersion: string)

 function getCacheKeyEnvironment(): string {
    const runnerOs = process.env['RUNNER_OS'] || ''
-    return process.env[CACHE_KEY_OS_VAR] || runnerOs
+    const runnerArch = process.env['RUNNER_ARCH'] || ''
+    return process.env[CACHE_KEY_OS_VAR] || `${runnerOs}-${runnerArch}`
 }

 function getCacheKeyJob(): string {
--- a/sources/src/caching/cache-reporting.ts
+++ b/sources/src/caching/cache-reporting.ts
@@ -1,5 +1,27 @@
 import * as cache from '@actions/cache'

+export const DEFAULT_CACHE_ENABLED_REASON = `[Cache was enabled](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#caching-build-state-between-jobs). Action attempted to both restore and save the Gradle User Home.`
+
+export const DEFAULT_READONLY_REASON = `[Cache was read-only](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#using-the-cache-read-only). By default, the action will only write to the cache for Jobs running on the default branch.`
+
+export const DEFAULT_DISABLED_REASON = `[Cache was disabled](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#disabling-caching) via action confiugration. Gradle User Home was not restored from or saved to the cache.`
+
+export const DEFAULT_WRITEONLY_REASON = `[Cache was set to write-only](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#using-the-cache-write-only) via action configuration. Gradle User Home was not restored from cache.`
+
+export const EXISTING_GRADLE_HOME = `[Cache was disabled to avoid overwriting a pre-existing Gradle User Home](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#overwriting-an-existing-gradle-user-home). Gradle User Home was not restored from or saved to the cache.`
+
+export const CLEANUP_DISABLED_READONLY = `[Cache cleanup](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#configuring-cache-cleanup) is always disabled when cache is read-only or disabled.`
+
+export const DEFAULT_CLEANUP_ENABLED_REASON = `[Cache cleanup](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#configuring-cache-cleanup) was enabled. Stale files in Gradle User Home were purged before saving to the cache.`
+
+export const DEFAULT_CLEANUP_DISABLED_REASON = `[Cache cleanup](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#configuring-cache-cleanup) was disabled via action parameter. No cleanup of Gradle User Home was performed.`
+
+export const CLEANUP_DISABLED_DUE_TO_FAILURE =
+    '[Cache cleanup was disabled due to build failure](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#configuring-cache-cleanup). Use `cache-cleanup: always` to override this behavior.'
+
+export const CLEANUP_DISABLED_DUE_TO_CONFIG_CACHE_HIT =
+    '[Cache cleanup was disabled due to configuration-cache reuse](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#configuring-cache-cleanup). This is expected.'
+
 /**
 * Collects information on what entries were saved and restored during the action.
 * This information is used to generate a summary of the cache usage.
@@ -9,7 +31,8 @@ export class CacheListener {
    cacheReadOnly = false
    cacheWriteOnly = false
    cacheDisabled = false
-    cacheDisabledReason = 'disabled'
+    cacheStatusReason: string = DEFAULT_CACHE_ENABLED_REASON
+    cacheCleanupMessage: string = DEFAULT_CLEANUP_DISABLED_REASON

    get fullyRestored(): boolean {
        return this.cacheEntries.every(x => !x.wasRequestedButNotRestored())
@@ -17,12 +40,37 @@ export class CacheListener {

    get cacheStatus(): string {
        if (!cache.isFeatureAvailable()) return 'not available'
-        if (this.cacheDisabled) return this.cacheDisabledReason
+        if (this.cacheDisabled) return 'disabled'
        if (this.cacheWriteOnly) return 'write-only'
        if (this.cacheReadOnly) return 'read-only'
        return 'enabled'
    }

+    setReadOnly(reason: string = DEFAULT_READONLY_REASON): void {
+        this.cacheReadOnly = true
+        this.cacheStatusReason = reason
+        this.cacheCleanupMessage = CLEANUP_DISABLED_READONLY
+    }
+
+    setDisabled(reason: string = DEFAULT_DISABLED_REASON): void {
+        this.cacheDisabled = true
+        this.cacheStatusReason = reason
+        this.cacheCleanupMessage = CLEANUP_DISABLED_READONLY
+    }
+
+    setWriteOnly(reason: string = DEFAULT_WRITEONLY_REASON): void {
+        this.cacheWriteOnly = true
+        this.cacheStatusReason = reason
+    }
+
+    setCacheCleanupEnabled(): void {
+        this.cacheCleanupMessage = DEFAULT_CLEANUP_ENABLED_REASON
+    }
+
+    setCacheCleanupDisabled(reason: string = DEFAULT_CLEANUP_DISABLED_REASON): void {
+        this.cacheCleanupMessage = reason
+    }
+
    entry(name: string): CacheEntryListener {
        for (const entry of this.cacheEntries) {
            if (entry.entryName === name) {
@@ -117,6 +165,10 @@ export function generateCachingReport(listener: CacheListener): string {
    return `
 <details>
 <summary><h4>Caching for Gradle actions was ${listener.cacheStatus} - expand for details</h4></summary>
+
+- ${listener.cacheStatusReason}
+- ${listener.cacheCleanupMessage}
+
 ${renderEntryTable(entries)}

 <h5>Cache Entry Details</h5>
--- a/sources/src/caching/caches.ts
+++ b/sources/src/caching/caches.ts
@@ -1,9 +1,15 @@
 import * as core from '@actions/core'
-import {CacheListener} from './cache-reporting'
+import {
+    CacheListener,
+    EXISTING_GRADLE_HOME,
+    CLEANUP_DISABLED_DUE_TO_FAILURE,
+    CLEANUP_DISABLED_DUE_TO_CONFIG_CACHE_HIT
+} from './cache-reporting'
 import {GradleUserHomeCache} from './gradle-user-home-cache'
 import {CacheCleaner} from './cache-cleaner'
 import {DaemonController} from '../daemon-controller'
 import {CacheConfig} from '../configuration'
+import {BuildResults} from '../build-results'

 const CACHE_RESTORED_VAR = 'GRADLE_BUILD_ACTION_CACHE_RESTORED'

@@ -26,7 +32,7 @@ export async function restore(
        core.info('Cache is disabled: will not restore state from previous builds.')
        // Initialize the Gradle User Home even when caching is disabled.
        gradleStateCache.init()
-        cacheListener.cacheDisabled = true
+        cacheListener.setDisabled()
        return
    }

@@ -35,8 +41,7 @@ export async function restore(
            core.info('Gradle User Home already exists: will not restore from cache.')
            // Initialize pre-existing Gradle User Home.
            gradleStateCache.init()
-            cacheListener.cacheDisabled = true
-            cacheListener.cacheDisabledReason = 'disabled due to pre-existing Gradle User Home'
+            cacheListener.setDisabled(EXISTING_GRADLE_HOME)
            return
        }
        core.info('Gradle User Home already exists: will overwrite with cached contents.')
@@ -46,21 +51,21 @@ export async function restore(
    // Mark the state as restored so that post-action will perform save.
    core.saveState(CACHE_RESTORED_VAR, true)

+    if (cacheConfig.isCacheCleanupEnabled()) {
+        core.info('Preparing cache for cleanup.')
+        const cacheCleaner = new CacheCleaner(gradleUserHome, process.env['RUNNER_TEMP']!)
+        await cacheCleaner.prepare()
+    }
+
    if (cacheConfig.isCacheWriteOnly()) {
        core.info('Cache is write-only: will not restore from cache.')
-        cacheListener.cacheWriteOnly = true
+        cacheListener.setWriteOnly()
        return
    }

    await core.group('Restore Gradle state from cache', async () => {
        await gradleStateCache.restore(cacheListener)
    })
-
-    if (cacheConfig.isCacheCleanupEnabled()) {
-        core.info('Preparing cache for cleanup.')
-        const cacheCleaner = new CacheCleaner(gradleUserHome, process.env['RUNNER_TEMP']!)
-        await cacheCleaner.prepare()
-    }
 }

 export async function save(
@@ -68,6 +73,7 @@ export async function save(
    gradleUserHome: string,
    cacheListener: CacheListener,
    daemonController: DaemonController,
+    buildResults: BuildResults,
    cacheConfig: CacheConfig
 ): Promise<void> {
    if (cacheConfig.isCacheDisabled()) {
@@ -82,19 +88,24 @@ export async function save(

    if (cacheConfig.isCacheReadOnly()) {
        core.info('Cache is read-only: will not save state for use in subsequent builds.')
-        cacheListener.cacheReadOnly = true
+        cacheListener.setReadOnly()
        return
    }

+    await core.group('Stopping Gradle daemons', async () => {
        await daemonController.stopAllDaemons()
+    })

    if (cacheConfig.isCacheCleanupEnabled()) {
-        core.info('Forcing cache cleanup.')
-        const cacheCleaner = new CacheCleaner(gradleUserHome, process.env['RUNNER_TEMP']!)
-        try {
-            await cacheCleaner.forceCleanup()
-        } catch (e) {
-            core.warning(`Cache cleanup failed. Will continue. ${String(e)}`)
+        if (buildResults.anyConfigCacheHit()) {
+            core.info('Not performing cache-cleanup due to config-cache reuse')
+            cacheListener.setCacheCleanupDisabled(CLEANUP_DISABLED_DUE_TO_CONFIG_CACHE_HIT)
+        } else if (cacheConfig.shouldPerformCacheCleanup(buildResults.anyFailed())) {
+            cacheListener.setCacheCleanupEnabled()
+            await performCacheCleanup(gradleUserHome)
+        } else {
+            core.info('Not performing cache-cleanup due to build failure')
+            cacheListener.setCacheCleanupDisabled(CLEANUP_DISABLED_DUE_TO_FAILURE)
        }
    }

@@ -102,3 +113,12 @@ export async function save(
        return new GradleUserHomeCache(userHome, gradleUserHome, cacheConfig).save(cacheListener)
    })
 }
+
+async function performCacheCleanup(gradleUserHome: string): Promise<void> {
+    const cacheCleaner = new CacheCleaner(gradleUserHome, process.env['RUNNER_TEMP']!)
+    try {
+        await cacheCleaner.forceCleanup()
+    } catch (e) {
+        core.warning(`Cache cleanup failed. Will continue. ${String(e)}`)
+    }
+}
--- a/sources/src/caching/gradle-home-extry-extractor.ts
+++ b/sources/src/caching/gradle-home-extry-extractor.ts
@@ -2,15 +2,14 @@ import path from 'path'
 import fs from 'fs'
 import * as core from '@actions/core'
 import * as glob from '@actions/glob'
-import * as semver from 'semver'

-import {META_FILE_DIR} from './gradle-user-home-cache'
 import {CacheEntryListener, CacheListener} from './cache-reporting'
 import {cacheDebug, hashFileNames, isCacheDebuggingEnabled, restoreCache, saveCache, tryDelete} from './cache-utils'

 import {BuildResult, loadBuildResults} from '../build-results'
-import {CacheConfig} from '../configuration'
+import {CacheConfig, ACTION_METADATA_DIR} from '../configuration'
 import {getCacheKeyBase} from './cache-key'
+import {versionIsAtLeast} from '../execution/gradle'

 const SKIP_RESTORE_VAR = 'GRADLE_BUILD_ACTION_SKIP_RESTORE'
 const CACHE_PROTOCOL_VERSION = 'v1'
@@ -298,7 +297,7 @@ abstract class AbstractEntryExtractor {
    }

    private getCacheMetadataFile(): string {
-        const actionMetadataDirectory = path.resolve(this.gradleUserHome, META_FILE_DIR)
+        const actionMetadataDirectory = path.resolve(this.gradleUserHome, ACTION_METADATA_DIR)
        fs.mkdirSync(actionMetadataDirectory, {recursive: true})

        return path.resolve(actionMetadataDirectory, `${this.extractorName}-entry-metadata.json`)
@@ -435,8 +434,7 @@ export class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
            // If any associated build result used Gradle < 8.6, then mark it as not cacheable
            if (
                pathResults.find(result => {
-                    const gradleVersion = semver.coerce(result.gradleVersion)
-                    return gradleVersion && semver.lt(gradleVersion, '8.6.0')
+                    return !versionIsAtLeast(result.gradleVersion, '8.6.0')
                })
            ) {
                core.info(
@@ -449,7 +447,7 @@ export class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
    }

    private getConfigCacheDirectoriesWithAssociatedBuildResults(): Record<string, BuildResult[]> {
-        return loadBuildResults().reduce(
+        return loadBuildResults().results.reduce(
            (acc, buildResult) => {
                // For each build result, find the config-cache dir
                const configCachePath = path.resolve(buildResult.rootProjectDir, '.gradle/configuration-cache')
--- a/sources/src/caching/gradle-user-home-cache.ts
+++ b/sources/src/caching/gradle-user-home-cache.ts
@@ -7,14 +7,12 @@ import fs from 'fs'
 import {generateCacheKey} from './cache-key'
 import {CacheListener} from './cache-reporting'
 import {saveCache, restoreCache, cacheDebug, isCacheDebuggingEnabled, tryDelete} from './cache-utils'
-import {CacheConfig} from '../configuration'
+import {CacheConfig, ACTION_METADATA_DIR} from '../configuration'
 import {GradleHomeEntryExtractor, ConfigurationCacheEntryExtractor} from './gradle-home-extry-extractor'
 import {getPredefinedToolchains, mergeToolchainContent, readResourceFileAsString} from './gradle-user-home-utils'

 const RESTORED_CACHE_KEY_KEY = 'restored-cache-key'

-export const META_FILE_DIR = '.setup-gradle'
-
 export class GradleUserHomeCache {
    private readonly cacheName = 'home'
    private readonly cacheDescription = 'Gradle User Home'
@@ -86,6 +84,7 @@ export class GradleUserHomeCache {
        await this.debugReportGradleUserHomeSize('as restored from cache')
        await new GradleHomeEntryExtractor(this.gradleUserHome, this.cacheConfig).restore(listener)
        await new ConfigurationCacheEntryExtractor(this.gradleUserHome, this.cacheConfig).restore(listener)
+        await this.deleteExcludedPaths()
        await this.debugReportGradleUserHomeSize('after restoring common artifacts')
    }

@@ -171,7 +170,7 @@ export class GradleUserHomeCache {
     */
    protected getCachePath(): string[] {
        const rawPaths: string[] = this.cacheConfig.getCacheIncludes()
-        rawPaths.push(META_FILE_DIR)
+        rawPaths.push(ACTION_METADATA_DIR)
        const resolvedPaths = rawPaths.map(x => this.resolveCachePath(x))
        cacheDebug(`Using cache paths: ${resolvedPaths}`)
        return resolvedPaths
@@ -187,7 +186,7 @@ export class GradleUserHomeCache {

    private initializeGradleUserHome(): void {
        // Create a directory for storing action metadata
-        const actionCacheDir = path.resolve(this.gradleUserHome, META_FILE_DIR)
+        const actionCacheDir = path.resolve(this.gradleUserHome, ACTION_METADATA_DIR)
        fs.mkdirSync(actionCacheDir, {recursive: true})

        this.copyInitScripts()
--- a/sources/src/configuration.ts
+++ b/sources/src/configuration.ts
@@ -4,11 +4,12 @@ import * as cache from '@actions/cache'
 import * as deprecator from './deprecation-collector'
 import {SUMMARY_ENV_VAR} from '@actions/core/lib/summary'

-import {parseArgsStringToArgv} from 'string-argv'
 import path from 'path'

 const ACTION_ID_VAR = 'GRADLE_ACTION_ID'

+export const ACTION_METADATA_DIR = '.setup-gradle'
+
 export class DependencyGraphConfig {
    getDependencyGraphOption(): DependencyGraphOption {
        const val = core.getInput('dependency-graph')
@@ -23,11 +24,9 @@ export class DependencyGraphConfig {
                return DependencyGraphOption.GenerateAndUpload
            case 'download-and-submit':
                return DependencyGraphOption.DownloadAndSubmit
-            case 'clear':
-                return DependencyGraphOption.Clear
        }
        throw TypeError(
-            `The value '${val}' is not valid for 'dependency-graph'. Valid values are: [disabled, generate, generate-and-submit, generate-and-upload, download-and-submit, clear]. The default value is 'disabled'.`
+            `The value '${val}' is not valid for 'dependency-graph'. Valid values are: [disabled, generate, generate-and-submit, generate-and-upload, download-and-submit]. The default value is 'disabled'.`
        )
    }

@@ -45,6 +44,31 @@ export class DependencyGraphConfig {
        return DependencyGraphConfig.constructJobCorrelator(github.context.workflow, github.context.job, getJobMatrix())
    }

+    getReportDirectory(): string {
+        const param = core.getInput('dependency-graph-report-dir')
+        return path.resolve(getWorkspaceDirectory(), param)
+    }
+
+    getDownloadArtifactName(): string | undefined {
+        return process.env['DEPENDENCY_GRAPH_DOWNLOAD_ARTIFACT_NAME']
+    }
+
+    getExcludeProjects(): string | undefined {
+        return getOptionalInput('dependency-graph-exclude-projects')
+    }
+
+    getIncludeProjects(): string | undefined {
+        return getOptionalInput('dependency-graph-include-projects')
+    }
+
+    getExcludeConfigurations(): string | undefined {
+        return getOptionalInput('dependency-graph-exclude-configurations')
+    }
+
+    getIncludeConfigurations(): string | undefined {
+        return getOptionalInput('dependency-graph-include-configurations')
+    }
+
    static constructJobCorrelator(workflow: string, jobId: string, matrixJson: string): string {
        const matrixString = this.describeMatrix(matrixJson)
        const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`
@@ -73,8 +97,7 @@ export enum DependencyGraphOption {
    Generate = 'generate',
    GenerateAndSubmit = 'generate-and-submit',
    GenerateAndUpload = 'generate-and-upload',
-    DownloadAndSubmit = 'download-and-submit',
-    Clear = 'clear'
+    DownloadAndSubmit = 'download-and-submit'
 }

 export class CacheConfig {
@@ -103,7 +126,45 @@ export class CacheConfig {
    }

    isCacheCleanupEnabled(): boolean {
-        return getBooleanInput('gradle-home-cache-cleanup') && !this.isCacheReadOnly()
+        if (this.isCacheReadOnly()) {
+            return false
+        }
+        const cleanupOption = this.getCacheCleanupOption()
+        return cleanupOption === CacheCleanupOption.Always || cleanupOption === CacheCleanupOption.OnSuccess
+    }
+
+    shouldPerformCacheCleanup(hasFailure: boolean): boolean {
+        const cleanupOption = this.getCacheCleanupOption()
+        if (cleanupOption === CacheCleanupOption.Always) {
+            return true
+        }
+        if (cleanupOption === CacheCleanupOption.OnSuccess) {
+            return !hasFailure
+        }
+        return false
+    }
+
+    private getCacheCleanupOption(): CacheCleanupOption {
+        const legacyVal = getOptionalBooleanInput('gradle-home-cache-cleanup')
+        if (legacyVal !== undefined) {
+            deprecator.recordDeprecation(
+                'The `gradle-home-cache-cleanup` input parameter has been replaced by `cache-cleanup`'
+            )
+            return legacyVal ? CacheCleanupOption.Always : CacheCleanupOption.Never
+        }
+
+        const val = core.getInput('cache-cleanup')
+        switch (val.toLowerCase().trim()) {
+            case 'always':
+                return CacheCleanupOption.Always
+            case 'on-success':
+                return CacheCleanupOption.OnSuccess
+            case 'never':
+                return CacheCleanupOption.Never
+        }
+        throw TypeError(
+            `The value '${val}' is not valid for cache-cleanup. Valid values are: [never, always, on-success].`
+        )
    }

    getCacheEncryptionKey(): string {
@@ -119,6 +180,12 @@ export class CacheConfig {
    }
 }

+export enum CacheCleanupOption {
+    Never = 'never',
+    OnSuccess = 'on-success',
+    Always = 'always'
+}
+
 export class SummaryConfig {
    shouldGenerateJobSummary(hasFailure: boolean): boolean {
        // Check if Job Summary is supported on this platform
@@ -126,11 +193,6 @@ export class SummaryConfig {
            return false
        }

-        // Check if Job Summary is disabled using the deprecated input
-        if (!this.isJobSummaryEnabled()) {
-            return false
-        }
-
        return this.shouldAddJobSummary(this.getJobSummaryOption(), hasFailure)
    }

@@ -149,10 +211,6 @@ export class SummaryConfig {
        }
    }

-    private isJobSummaryEnabled(): boolean {
-        return getBooleanInput('generate-job-summary', true)
-    }
-
    private getJobSummaryOption(): JobSummaryOption {
        return this.parseJobSummaryOption('add-job-summary')
    }
@@ -184,16 +242,72 @@ export enum JobSummaryOption {
 }

 export class BuildScanConfig {
+    static DevelocityAccessKeyEnvVar = 'DEVELOCITY_ACCESS_KEY'
+    static GradleEnterpriseAccessKeyEnvVar = 'GRADLE_ENTERPRISE_ACCESS_KEY'
+
    getBuildScanPublishEnabled(): boolean {
        return getBooleanInput('build-scan-publish') && this.verifyTermsOfUseAgreement()
    }

    getBuildScanTermsOfUseUrl(): string {
-        return this.getTermsOfUseProp('build-scan-terms-of-use-url', 'build-scan-terms-of-service-url')
+        return core.getInput('build-scan-terms-of-use-url')
    }

    getBuildScanTermsOfUseAgree(): string {
-        return this.getTermsOfUseProp('build-scan-terms-of-use-agree', 'build-scan-terms-of-service-agree')
+        return core.getInput('build-scan-terms-of-use-agree')
+    }
+
+    getDevelocityAccessKey(): string {
+        return (
+            core.getInput('develocity-access-key') ||
+            process.env[BuildScanConfig.DevelocityAccessKeyEnvVar] ||
+            process.env[BuildScanConfig.GradleEnterpriseAccessKeyEnvVar] ||
+            ''
+        )
+    }
+
+    getDevelocityTokenExpiry(): string {
+        return core.getInput('develocity-token-expiry')
+    }
+
+    getDevelocityInjectionEnabled(): boolean | undefined {
+        return getOptionalBooleanInput('develocity-injection-enabled')
+    }
+
+    getDevelocityUrl(): string {
+        return core.getInput('develocity-url')
+    }
+
+    getDevelocityAllowUntrustedServer(): boolean | undefined {
+        return getOptionalBooleanInput('develocity-allow-untrusted-server')
+    }
+
+    getDevelocityCaptureFileFingerprints(): boolean | undefined {
+        return getOptionalBooleanInput('develocity-capture-file-fingerprints')
+    }
+
+    getDevelocityEnforceUrl(): boolean | undefined {
+        return getOptionalBooleanInput('develocity-enforce-url')
+    }
+
+    getDevelocityPluginVersion(): string {
+        return core.getInput('develocity-plugin-version')
+    }
+
+    getDevelocityCcudPluginVersion(): string {
+        return core.getInput('develocity-ccud-plugin-version')
+    }
+
+    getGradlePluginRepositoryUrl(): string {
+        return core.getInput('gradle-plugin-repository-url')
+    }
+
+    getGradlePluginRepositoryUsername(): string {
+        return core.getInput('gradle-plugin-repository-username')
+    }
+
+    getGradlePluginRepositoryPassword(): string {
+        return core.getInput('gradle-plugin-repository-password')
    }

    private verifyTermsOfUseAgreement(): boolean {
@@ -209,22 +323,6 @@ export class BuildScanConfig {
        }
        return true
    }
-
-    /**
-     * TODO @bigdaz: remove support for the deprecated input property in the next major release of the action
-     */
-    private getTermsOfUseProp(newPropName: string, oldPropName: string): string {
-        const newProp = core.getInput(newPropName)
-        if (newProp !== '') {
-            return newProp
-        }
-        const oldProp = core.getInput(oldPropName)
-        if (oldProp !== '') {
-            deprecator.recordDeprecation('The `build-scan-terms-of-service` input parameters have been renamed')
-            return oldProp
-        }
-        return core.getInput(oldPropName)
-    }
 }

 export class GradleExecutionConfig {
@@ -242,16 +340,6 @@ export class GradleExecutionConfig {
        return resolvedBuildRootDirectory
    }

-    getArguments(): string[] {
-        const input = core.getInput('arguments')
-        if (input.length !== 0) {
-            deprecator.recordDeprecation(
-                'Using the action to execute Gradle via the `arguments` parameter is deprecated'
-            )
-        }
-        return parseArgsStringToArgv(input)
-    }
-
    getDependencyResolutionTask(): string {
        return core.getInput('dependency-resolution-task') || ':ForceDependencyResolutionPlugin_resolveAllDependencies'
    }
@@ -259,10 +347,26 @@ export class GradleExecutionConfig {
    getAdditionalArguments(): string {
        return core.getInput('additional-arguments')
    }
+
+    verifyNoArguments(): void {
+        const input = core.getInput('arguments')
+        if (input.length !== 0) {
+            deprecator.failOnUseOfRemovedFeature(
+                `The 'arguments' parameter is no longer supported for ${getActionId()}`,
+                'Using the action to execute Gradle via the `arguments` parameter is deprecated'
+            )
+        }
+    }
 }

-export function doValidateWrappers(): boolean {
+export class WrapperValidationConfig {
+    doValidateWrappers(): boolean {
        return getBooleanInput('validate-wrappers')
+    }
+
+    allowSnapshotWrappers(): boolean {
+        return getBooleanInput('allow-snapshot-wrappers')
+    }
 }

 // Internal parameters
@@ -297,6 +401,14 @@ export function parseNumericInput(paramName: string, paramValue: string, paramDe
    return numericValue
 }

+function getOptionalInput(paramName: string): string | undefined {
+    const paramValue = core.getInput(paramName)
+    if (paramValue.length > 0) {
+        return paramValue
+    }
+    return undefined
+}
+
 function getBooleanInput(paramName: string, paramDefault = false): boolean {
    const paramValue = core.getInput(paramName)
    switch (paramValue.toLowerCase().trim()) {
@@ -309,3 +421,11 @@ function getBooleanInput(paramName: string, paramDefault = false): boolean {
    }
    throw TypeError(`The value '${paramValue} is not valid for '${paramName}. Valid values are: [true, false]`)
 }
+
+function getOptionalBooleanInput(paramName: string): boolean | undefined {
+    const paramValue = core.getInput(paramName)
+    if (paramValue === '') {
+        return undefined
+    }
+    return getBooleanInput(paramName)
+}
--- a/sources/src/daemon-controller.ts
+++ b/sources/src/daemon-controller.ts
@@ -2,19 +2,16 @@ import * as core from '@actions/core'
 import * as exec from '@actions/exec'
 import * as fs from 'fs'
 import * as path from 'path'
-import {BuildResult} from './build-results'
+import {BuildResults} from './build-results'

 export class DaemonController {
    private readonly gradleHomes

-    constructor(buildResults: BuildResult[]) {
-        const allHomes = buildResults.map(buildResult => buildResult.gradleHomeDir)
-        this.gradleHomes = Array.from(new Set(allHomes))
+    constructor(buildResults: BuildResults) {
+        this.gradleHomes = buildResults.uniqueGradleHomes()
    }

    async stopAllDaemons(): Promise<void> {
-        core.info('Stopping all Gradle daemons before saving Gradle User Home state')
-
        const executions: Promise<number>[] = []
        const args = ['--stop']

--- a/Show More
+++ b/Show More