Pin version in ci-combine-bot-prs.yml

Automatically generated pull request to update the known wrapper
checksums.

In case of conflicts, manually run the workflow from the [Actions
tab](https://github.com/gradle/actions/actions/workflows/update-checksums-file.yml),
the changes will then be force-pushed onto this pull request branch.
Do not manually update the pull request branch; those changes might get
overwritten.

> [!IMPORTANT]  
> GitHub workflows have not been executed for this pull request yet.
Before merging, close and then directly reopen this pull request to
trigger the workflows.

Co-authored-by: bigdaz <179734+bigdaz@users.noreply.github.com>

.github/dependabot.yml

@@ -5,6 +5,7 @@ registries:
     url: https://plugins.gradle.org/m2
     username: dummy # Required by dependabot
     password: dummy # Required by dependabot
+
 updates:
   - package-ecosystem: "npm"
     directory: "/sources"
@@ -16,25 +17,12 @@ updates:
         - "*"
       
   - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    groups:
-      github-actions:
-        patterns:
-        - "*"
     # github-actions with directory: "/" only monitors .github/workflows
     # https://github.com/dependabot/dependabot-core/issues/6345
-  - package-ecosystem: "github-actions"
-    directory: "/.github/actions/build-dist"
-    schedule:
-      interval: "weekly"
-    groups:
-      github-actions:
-        patterns:
-          - "*"
-  - package-ecosystem: "github-actions"
-    directory: "/.github/actions/init-integ-test"
+    directories:
+      - "/"
+      - "/.github/actions/build-dist"
+      - "/.github/actions/init-integ-test"
     schedule:
       interval: "weekly"
     groups:
@@ -43,44 +31,19 @@ updates:
           - "*"
 
   - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/gradle-plugin"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/groovy-dsl"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/java-toolchain"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/kotlin-dsl"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/no-wrapper"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/no-wrapper-gradle-5"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: "sources/test/init-scripts"
+    directories:
+      - ".github/workflow-samples/gradle-plugin"
+      - ".github/workflow-samples/groovy-dsl"
+      - ".github/workflow-samples/java-toolchain"
+      - ".github/workflow-samples/kotlin-dsl"
+      - ".github/workflow-samples/no-wrapper"
+      - ".github/workflow-samples/no-wrapper-gradle-5"
+      - "sources/test/init-scripts"
     registries:
       - gradle-plugin-portal
     schedule:
       interval: "weekly"
+    groups:
+      gradle:
+        patterns:
+          - "*"

.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=57dafb5c2622c6cc08b993c85b7c06956a2f53536432a30ead46166dbca0f1e9
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
+distributionSha256Sum=f397b287023acdba1e9f6fc5ea72d22dd63669d59ed4a289a29b1a76eee151c6
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=57dafb5c2622c6cc08b993c85b7c06956a2f53536432a30ead46166dbca0f1e9
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
+distributionSha256Sum=f397b287023acdba1e9f6fc5ea72d22dd63669d59ed4a289a29b1a76eee151c6
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/groovy-dsl/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.18.2"
+    id "com.gradle.develocity" version "3.19"
     id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.2"
 }
 

.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=57dafb5c2622c6cc08b993c85b7c06956a2f53536432a30ead46166dbca0f1e9
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
+distributionSha256Sum=f397b287023acdba1e9f6fc5ea72d22dd63669d59ed4a289a29b1a76eee151c6
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/kotlin-dsl/build.gradle.kts

@@ -8,9 +8,9 @@ repositories {
 
 dependencies {
     api("org.apache.commons:commons-math3:3.6.1")
-    implementation("com.google.guava:guava:33.3.1-jre")
+    implementation("com.google.guava:guava:33.4.0-jre")
 
-    testImplementation("org.junit.jupiter:junit-jupiter:5.11.3")
+    testImplementation("org.junit.jupiter:junit-jupiter:5.11.4")
 }
 
 tasks.test {

.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=57dafb5c2622c6cc08b993c85b7c06956a2f53536432a30ead46166dbca0f1e9
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
+distributionSha256Sum=f397b287023acdba1e9f6fc5ea72d22dd63669d59ed4a289a29b1a76eee151c6
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/kotlin-dsl/settings.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id("com.gradle.develocity") version "3.18.2"
+    id("com.gradle.develocity") version "3.19"
     id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2"
 }
 

.github/workflow-samples/no-wrapper-gradle-5/build.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.18.2" 
+    id "com.gradle.develocity" version "3.19" 
 }
 
 develocity {

.github/workflow-samples/no-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.18.2"
+    id "com.gradle.develocity" version "3.19"
 }
 
 develocity {

.github/workflow-samples/non-executable-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.18.2"
+    id "com.gradle.develocity" version "3.19"
 }
 
 develocity {

.github/workflows/ci-check-and-unit-test.yml

@@ -25,11 +25,11 @@ jobs:
         cache-dependency-path: sources/package-lock.json
     - name: Setup Gradle
       # Use a released version to avoid breakages
-      uses: gradle/actions/setup-gradle@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0
+      uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
       env:
         ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
       with:
-        gradle-version: "8.11"
+        gradle-version: "8.11.1"
 
     - name: Check formatting and compile
       run: |

.github/workflows/ci-check-no-dist-update.yml

@@ -21,7 +21,7 @@ jobs:
 
     - name: Get changed files
       id: changed-files
-      uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45.0.4
+      uses: tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366 # v45.0.5
       with:
         files: |
           dist/**

.github/workflows/ci-codeql.yml

@@ -35,7 +35,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+      uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
       with:
         languages: ${{ matrix.language }}
         config: |
@@ -43,4 +43,4 @@ jobs:
           - sources/src
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+      uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9

.github/workflows/ci-combine-bot-prs.yml

@@ -0,0 +1,24 @@
+name: Combine Bot PRs
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  combine-wrapperbot-prs:
+    permissions:
+      contents: write
+      pull-requests: write
+      checks: read
+    if: github.repository == 'gradle/actions'
+    runs-on: ubuntu-latest
+    steps:
+      - name: combine-wrapperbot-prs
+        uses: github/combine-prs@2909f404763c3177a456e052bdb7f2e85d3a7cb3 # v5.2.0
+        with:
+          branch_prefix: wrapperbot
+          combine_branch_name: wrapperbot/combined-wrapper-updates
+          pr_title: 'Bump Gradle Wrappers'
+          ci_required: "false"

.github/workflows/ci-init-script-check.yml

@@ -30,7 +30,7 @@ jobs:
         java-version: 11
     - name: Setup Gradle
       # Use a released version to avoid breakages
-      uses: gradle/actions/setup-gradle@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0
+      uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
       env:
         ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
     - name: Run integration tests

.github/workflows/ci-ossf-scorecard.yml

@@ -52,6 +52,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
         with:
           sarif_file: results.sarif

.github/workflows/ci-validate-wrappers.yml

@@ -12,6 +12,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: gradle/actions/wrapper-validation@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0
+      - uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
         with:
           allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

.github/workflows/integ-test-inject-develocity.yml

@@ -36,11 +36,11 @@ jobs:
       matrix:
         gradle: [current, 7.6.2, 6.9.4, 5.6.4]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.18.2]
+        plugin-version: [3.16.2, 3.19]
         include:
         - plugin-version: 3.16.2
           accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
-        - plugin-version: 3.18.2
+        - plugin-version: 3.19
           accessKeyEnv: DEVELOCITY_ACCESS_KEY
 
     runs-on: ${{ matrix.os }}
@@ -82,7 +82,7 @@ jobs:
       matrix:
         gradle: [current, 7.6.2, 6.9.4, 5.6.4]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.18.2]
+        plugin-version: [3.16.2, 3.19]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout sources
@@ -126,7 +126,7 @@ jobs:
       matrix:
         gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.18.2 ]
+        plugin-version: [ 3.16.2, 3.19 ]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
@@ -157,7 +157,7 @@ jobs:
       matrix:
         gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.18.2 ]
+        plugin-version: [ 3.16.2, 3.19 ]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout sources

.github/workflows/integ-test-provision-gradle-versions.yml

@@ -78,7 +78,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        gradle: ["8.11", 8.9, 8.1, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1]
+        gradle: ["8.11.1", 8.9, 8.1, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1]
         os: ${{fromJSON(inputs.runner-os)}}
         include:
           - java-version: 11

docs/dependency-submission.md

@@ -276,7 +276,7 @@ For example, if you want to exclude dependencies resolved by the `buildSrc` proj
       uses: gradle/actions/dependency-submission@v4
       with:
         # Exclude all dependencies that originate solely in the 'buildSrc' project
-        dependency-graph-exclude-projets: ':buildSrc'
+        dependency-graph-exclude-projects: ':buildSrc'
         # Exclude dependencies that are only resolved in test classpaths
         dependency-graph-exclude-configurations: '.*[Tt]est(Compile|Runtime)Classpath'
 ```

docs/setup-gradle.md

@@ -127,6 +127,8 @@ cache-disabled: true
 
 By default, The `setup-gradle` action will only write to the cache from Jobs on the default (`main`/`master`) branch.
 Jobs on other branches will read entries from the cache but will not write updated entries.
+
+This setup is designed around [GitHub imposed restrictions on cache access](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache) and should work well in most scenarios.
 See [Optimizing cache effectiveness](#select-which-branches-should-write-to-the-cache) for a more detailed explanation.
 
 In some circumstances, it makes sense to change this default and configure a workflow Job to read existing cache entries but not to write changes back.
@@ -847,7 +849,7 @@ Here's a minimal example:
       run: ./gradlew build
 ```
 
-This configuration will automatically apply `v3.18.2` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+This configuration will automatically apply `v3.19` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
 
 This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
 In the likely scenario that your Develocity server requires authentication, you will also need to pass a valid [Develocity access key](https://docs.gradle.com/develocity/gradle-plugin/#via_environment_variable) taken from a secret:
@@ -913,7 +915,7 @@ Here's an example using the env vars:
         DEVELOCITY_INJECTION_ENABLED: true
         DEVELOCITY_URL: https://develocity.your-server.com
         DEVELOCITY_ENFORCE_URL: true
-        DEVELOCITY_PLUGIN_VERSION: "3.18.1"
+        DEVELOCITY_PLUGIN_VERSION: "3.19"
         DEVELOCITY_CCUD_PLUGIN_VERSION: "2.0.2"
 ```
 

docs/wrapper-validation.md

@@ -102,7 +102,8 @@ A wrapper jar can fail validation for a few reasons:
 1. The wrapper is from a snapshot build of Gradle (nightly or release nightly) and you have not set `allow-snapshots`
    or `allow-snapshot-wrappers` to `true`.
 2. The wrapper jar is from a version of Gradle with an unverifiable wrapper jar (see below).
-3. The wrapper jar was not published by Gradle, and could be compromised.
+3. The wrapper jar is saved in Git LFS, and has not been correctly restored on checkout (see below).
+4. The wrapper jar was not published by Gradle, and could be compromised.
 
 If this GitHub action fails because a `gradle-wrapper.jar` was not published by Gradle,
 we highly recommend that you reach out to us at [security@gradle.com](mailto:security@gradle.com).
@@ -113,6 +114,17 @@ Wrapper Jars generated by Gradle versions `3.3` to `4.0` are not verifiable beca
 - If the Gradle version in `gradle-wrapper.properties` is outside of this range, you can regenerate the `gradle-wrapper.jar` by running `./gradlew wrapper`. This will generate a new, verifiable wrapper jar.
 - If you need to run your build with a version of Gradle between 3.3 and 4.0, you can use a newer version of Gradle to generate the `gradle-wrapper.jar`.
 
+#### Wrapper Jar stored with Git LFS
+If your repository is configured to store Wrapper Jars in Git Large File Storage (LFS), then you must include the configuration to correctly
+restore these Jars on checkout. Without this, only a pointer to the Wrapper Jar is restored, and the checksum verification will fail.
+
+```
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          lfs: true  # gradle-wrapper.jar verification will fail without this
+```
+
 ## Resources
 
 To learn more about verifying the Gradle Wrapper JAR locally, see our

sources/.tool-versions

@@ -1,3 +1,3 @@
 # Configuration file for asdf version manager
 nodejs 20.10.0
-gradle 8.11
+gradle 8.11.1

sources/package.json

@@ -33,7 +33,7 @@
   "license": "MIT",
   "dependencies": {
     "@actions/artifact": "2.1.11",
-    "@actions/cache": "3.3.0",
+    "@actions/cache": "4.0.0",
     "@actions/core": "1.11.1",
     "@actions/exec": "1.1.1",
     "@actions/github": "6.0.0",
@@ -51,21 +51,21 @@
   },
   "devDependencies": {
     "@types/jest": "29.5.14",
-    "@types/node": "20.17.6",
+    "@types/node": "20.17.10",
     "@types/unzipper": "0.10.10",
     "@types/which": "3.0.4",
     "@typescript-eslint/parser": "7.18.0",
     "@vercel/ncc": "0.38.3",
     "eslint": "8.57.1",
-    "eslint-plugin-github": "5.0.2",
+    "eslint-plugin-github": "5.1.4",
     "eslint-plugin-jest": "28.9.0",
     "jest": "29.7.0",
     "js-yaml": "4.1.0",
     "nock": "13.5.6",
     "npm-run-all": "4.1.5",
     "patch-package": "8.0.0",
-    "prettier": "3.3.3",
+    "prettier": "3.4.2",
     "ts-jest": "29.2.5",
-    "typescript": "5.6.3"
+    "typescript": "5.7.2"
   }
 }

sources/patches/@actions+cache+3.3.0.patch

@@ -1,113 +0,0 @@
-diff --git a/node_modules/@actions/cache/lib/cache.d.ts b/node_modules/@actions/cache/lib/cache.d.ts
-index 4658366..b796e58 100644
---- a/node_modules/@actions/cache/lib/cache.d.ts
-+++ b/node_modules/@actions/cache/lib/cache.d.ts
-@@ -21,7 +21,7 @@ export declare function isFeatureAvailable(): boolean;
-  * @param enableCrossOsArchive an optional boolean enabled to restore on windows any cache created on any platform
-  * @returns string returns the key for the cache hit, otherwise returns undefined
-  */
--export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<string | undefined>;
-+export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry | undefined>;
- /**
-  * Saves a list of files with the specified key
-  *
-@@ -31,4 +31,12 @@ export declare function restoreCache(paths: string[], primaryKey: string, restor
-  * @param options cache upload options
-  * @returns number returns cacheId if the cache was saved successfully and throws an error if save fails
-  */
--export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<number>;
-+export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry>;
-+
-+// PATCHED: Add `CacheEntry` as return type for save/restore functions
-+// This allows us to track and report on cache entry sizes.
-+export declare class CacheEntry {
-+    key: string;
-+    size?: number;
-+    constructor(key: string, size?: number);
-+}
-diff --git a/node_modules/@actions/cache/lib/cache.js b/node_modules/@actions/cache/lib/cache.js
-index 9d636aa..a176bd7 100644
---- a/node_modules/@actions/cache/lib/cache.js
-+++ b/node_modules/@actions/cache/lib/cache.js
-@@ -127,18 +127,21 @@ function restoreCache(paths, primaryKey, restoreKeys, options, enableCrossOsArch
-             core.info(`Cache Size: ~${Math.round(archiveFileSize / (1024 * 1024))} MB (${archiveFileSize} B)`);
-             yield (0, tar_1.extractTar)(archivePath, compressionMethod);
-             core.info('Cache restored successfully');
--            return cacheEntry.cacheKey;
--        }
--        catch (error) {
--            const typedError = error;
--            if (typedError.name === ValidationError.name) {
--                throw error;
--            }
--            else {
--                // Supress all non-validation cache related errors because caching should be optional
--                core.warning(`Failed to restore: ${error.message}`);
--            }
-+
-+            // PATCHED - Return more inforamtion about restored entry
-+            return new CacheEntry(cacheEntry.cacheKey, archiveFileSize);;
-         }
-+        // PATCHED - propagate errors
-+        // catch (error) {
-+        //     const typedError = error;
-+        //     if (typedError.name === ValidationError.name) {
-+        //         throw error;
-+        //     }
-+        //     else {
-+        //         // Supress all non-validation cache related errors because caching should be optional
-+        //         core.warning(`Failed to restore: ${error.message}`);
-+        //     }
-+        // }
-         finally {
-             // Try to delete the archive to save space
-             try {
-@@ -206,19 +209,23 @@ function saveCache(paths, key, options, enableCrossOsArchive = false) {
-             }
-             core.debug(`Saving Cache (ID: ${cacheId})`);
-             yield cacheHttpClient.saveCache(cacheId, archivePath, options);
-+
-+            // PATCHED - Return more inforamtion about saved entry
-+            return new CacheEntry(key, archiveFileSize);
-         }
--        catch (error) {
--            const typedError = error;
--            if (typedError.name === ValidationError.name) {
--                throw error;
--            }
--            else if (typedError.name === ReserveCacheError.name) {
--                core.info(`Failed to save: ${typedError.message}`);
--            }
--            else {
--                core.warning(`Failed to save: ${typedError.message}`);
--            }
--        }
-+        // PATCHED - propagate errors
-+        // catch (error) {
-+        //     const typedError = error;
-+        //     if (typedError.name === ValidationError.name) {
-+        //         throw error;
-+        //     }
-+        //     else if (typedError.name === ReserveCacheError.name) {
-+        //         core.info(`Failed to save: ${typedError.message}`);
-+        //     }
-+        //     else {
-+        //         core.warning(`Failed to save: ${typedError.message}`);
-+        //     }
-+        // }
-         finally {
-             // Try to delete the archive to save space
-             try {
-@@ -232,4 +239,11 @@ function saveCache(paths, key, options, enableCrossOsArchive = false) {
-     });
- }
- exports.saveCache = saveCache;
-+class CacheEntry {
-+    constructor(key, size) {
-+        this.key = key;
-+        this.size = size;
-+    }
-+}
-+exports.CacheEntry = CacheEntry;
- //# sourceMappingURL=cache.js.map
-\ No newline at end of file

sources/patches/@actions+cache+4.0.0.patch

@@ -0,0 +1,183 @@
+diff --git a/node_modules/@actions/cache/lib/cache.d.ts b/node_modules/@actions/cache/lib/cache.d.ts
+index ef0928b..4e2f570 100644
+--- a/node_modules/@actions/cache/lib/cache.d.ts
++++ b/node_modules/@actions/cache/lib/cache.d.ts
+@@ -21,7 +21,7 @@ export declare function isFeatureAvailable(): boolean;
+  * @param enableCrossOsArchive an optional boolean enabled to restore on windows any cache created on any platform
+  * @returns string returns the key for the cache hit, otherwise returns undefined
+  */
+-export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<string | undefined>;
++export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry | undefined>;
+ /**
+  * Saves a list of files with the specified key
+  *
+@@ -31,4 +31,12 @@ export declare function restoreCache(paths: string[], primaryKey: string, restor
+  * @param options cache upload options
+  * @returns number returns cacheId if the cache was saved successfully and throws an error if save fails
+  */
+-export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<number>;
++export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry>;
++
++// PATCHED: Add `CacheEntry` as return type for save/restore functions
++// This allows us to track and report on cache entry sizes.
++export declare class CacheEntry {
++    key: string;
++    size?: number;
++    constructor(key: string, size?: number);
++}
+\ No newline at end of file
+diff --git a/node_modules/@actions/cache/lib/cache.js b/node_modules/@actions/cache/lib/cache.js
+index 45201b6..2654e4b 100644
+--- a/node_modules/@actions/cache/lib/cache.js
++++ b/node_modules/@actions/cache/lib/cache.js
+@@ -154,18 +154,21 @@ function restoreCacheV1(paths, primaryKey, restoreKeys, options, enableCrossOsAr
+             core.info(`Cache Size: ~${Math.round(archiveFileSize / (1024 * 1024))} MB (${archiveFileSize} B)`);
+             yield (0, tar_1.extractTar)(archivePath, compressionMethod);
+             core.info('Cache restored successfully');
+-            return cacheEntry.cacheKey;
+-        }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else {
+-                // Supress all non-validation cache related errors because caching should be optional
+-                core.warning(`Failed to restore: ${error.message}`);
+-            }
++
++            // PATCHED - Include size of restored entry
++            return new CacheEntry(cacheEntry.cacheKey, archiveFileSize);;
+         }
++            // PATCHED - propagate errors
++            // catch (error) {
++            //     const typedError = error;
++            //     if (typedError.name === ValidationError.name) {
++            //         throw error;
++            //     }
++            //     else {
++            //         // Supress all non-validation cache related errors because caching should be optional
++            //         core.warning(`Failed to restore: ${error.message}`);
++            //     }
++            // }
+         finally {
+             // Try to delete the archive to save space
+             try {
+@@ -232,18 +235,21 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
+             }
+             yield (0, tar_1.extractTar)(archivePath, compressionMethod);
+             core.info('Cache restored successfully');
+-            return response.matchedKey;
+-        }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else {
+-                // Supress all non-validation cache related errors because caching should be optional
+-                core.warning(`Failed to restore: ${error.message}`);
+-            }
++
++            // PATCHED - Include size of restored entry
++            return new CacheEntry(response.matchedKey, archiveFileSize);;
+         }
++            // PATCHED - propagate errors
++            // catch (error) {
++            //     const typedError = error;
++            //     if (typedError.name === ValidationError.name) {
++            //         throw error;
++            //     }
++            //     else {
++            //         // Supress all non-validation cache related errors because caching should be optional
++            //         core.warning(`Failed to restore: ${error.message}`);
++            //     }
++            // }
+         finally {
+             try {
+                 if (archivePath) {
+@@ -334,19 +340,23 @@ function saveCacheV1(paths, key, options, enableCrossOsArchive = false) {
+             }
+             core.debug(`Saving Cache (ID: ${cacheId})`);
+             yield cacheHttpClient.saveCache(cacheId, archivePath, '', options);
++
++            // PATCHED - Include size of saved entry
++            return new CacheEntry(key, archiveFileSize);
+         }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else if (typedError.name === ReserveCacheError.name) {
+-                core.info(`Failed to save: ${typedError.message}`);
+-            }
+-            else {
+-                core.warning(`Failed to save: ${typedError.message}`);
+-            }
+-        }
++            // PATCHED - propagate errors
++            // catch (error) {
++            //     const typedError = error;
++            //     if (typedError.name === ValidationError.name) {
++            //         throw error;
++            //     }
++            //     else if (typedError.name === ReserveCacheError.name) {
++            //         core.info(`Failed to save: ${typedError.message}`);
++            //     }
++            //     else {
++            //         core.warning(`Failed to save: ${typedError.message}`);
++            //     }
++            // }
+         finally {
+             // Try to delete the archive to save space
+             try {
+@@ -422,19 +432,23 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
+                 throw new Error(`Unable to finalize cache with key ${key}, another job may be finalizing this cache.`);
+             }
+             cacheId = parseInt(finalizeResponse.entryId);
++
++            // PATCHED - Include size of saved entry
++            return new CacheEntry(key, archiveFileSize);
+         }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else if (typedError.name === ReserveCacheError.name) {
+-                core.info(`Failed to save: ${typedError.message}`);
+-            }
+-            else {
+-                core.warning(`Failed to save: ${typedError.message}`);
+-            }
+-        }
++            // PATCHED - propagate errors
++            // catch (error) {
++            //     const typedError = error;
++            //     if (typedError.name === ValidationError.name) {
++            //         throw error;
++            //     }
++            //     else if (typedError.name === ReserveCacheError.name) {
++            //         core.info(`Failed to save: ${typedError.message}`);
++            //     }
++            //     else {
++            //         core.warning(`Failed to save: ${typedError.message}`);
++            //     }
++            // }
+         finally {
+             // Try to delete the archive to save space
+             try {
+@@ -447,4 +461,11 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
+         return cacheId;
+     });
+ }
++// PATCHED - CacheEntry class
++class CacheEntry {
++    constructor(key, size) {
++        this.key = key;
++        this.size = size;
++    }
++}
+ //# sourceMappingURL=cache.js.map
+\ No newline at end of file

sources/src/caching/cache-cleaner.ts

@@ -57,7 +57,7 @@ export class CacheCleaner {
 
         // Gradle >= 8.11 required for cache cleanup
         // TODO: This is ineffective: we should be using the newest version of Gradle that ran a build, or a newer version if it's available on PATH.
-        const executable = await provisioner.provisionGradleAtLeast('8.11')
+        const executable = await provisioner.provisionGradleAtLeast('8.11.1')
 
         await core.group('Executing Gradle to clean up caches', async () => {
             core.info(`Cleaning up caches last used before ${cleanTimestamp}`)

sources/src/develocity/build-scan.ts

@@ -22,7 +22,7 @@ export async function setup(config: BuildScanConfig): Promise<void> {
     // except if they are defined in the configuration
     if (config.getBuildScanPublishEnabled()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.18.2')
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.19')
         maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0.2')
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
         maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())

sources/src/resources/init-scripts/gradle-actions.github-dependency-graph-gradle-plugin-apply.groovy

@@ -6,12 +6,12 @@ buildscript {
   def pluginRepositoryUrl = getInputParam('gradle.plugin-repository.url') ?: 'https://plugins.gradle.org/m2'
   def pluginRepositoryUsername = getInputParam('gradle.plugin-repository.username')
   def pluginRepositoryPassword = getInputParam('gradle.plugin-repository.password')
-  def dependencyGraphPluginVersion = getInputParam('dependency-graph-plugin.version') ?: '1.3.1'
+  def dependencyGraphPluginVersion = getInputParam('dependency-graph-plugin.version') ?: '1.3.2'
 
   logger.lifecycle("Resolving dependency graph plugin ${dependencyGraphPluginVersion} from plugin repository: ${pluginRepositoryUrl}")
   repositories {
     maven { 
-      url pluginRepositoryUrl 
+      url = pluginRepositoryUrl
       if (pluginRepositoryUsername && pluginRepositoryPassword) {
         logger.lifecycle("Applying credentials for plugin repository: ${pluginRepositoryUrl}")
         credentials {

sources/src/resources/init-scripts/gradle-actions.inject-develocity.init.gradle

@@ -1,6 +1,6 @@
 /*
  * Initscript for injection of Develocity into Gradle builds.
- * Version: v1.0
+ * Version: v1.1
  */
 
 import org.gradle.util.GradleVersion
@@ -12,29 +12,29 @@ initscript {
         return
     }
 
-    def getInputParam = { String name ->
+    def getInputParam = { Gradle gradle, String name ->
         def ENV_VAR_PREFIX = ''
         def envVarName = ENV_VAR_PREFIX + name.toUpperCase().replace('.', '_').replace('-', '_')
-        return System.getProperty(name) ?: System.getenv(envVarName)
+        return gradle.startParameter.systemPropertiesArgs[name] ?: System.getProperty(name) ?: System.getenv(envVarName)
     }
 
-    def requestedInitScriptName = getInputParam('develocity.injection.init-script-name')
+    def requestedInitScriptName = getInputParam(gradle, 'develocity.injection.init-script-name')
     def initScriptName = buildscript.sourceFile.name
     if (requestedInitScriptName != initScriptName) {
         return
     }
 
     // Plugin loading is only required for Develocity injection. Abort early if not enabled.
-    def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam("develocity.injection-enabled"))
+    def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam(gradle, "develocity.injection-enabled"))
     if (!develocityInjectionEnabled) {
         return
     }
 
-    def pluginRepositoryUrl = getInputParam('gradle.plugin-repository.url')
-    def pluginRepositoryUsername = getInputParam('gradle.plugin-repository.username')
-    def pluginRepositoryPassword = getInputParam('gradle.plugin-repository.password')
-    def develocityPluginVersion = getInputParam('develocity.plugin.version')
-    def ccudPluginVersion = getInputParam('develocity.ccud-plugin.version')
+    def pluginRepositoryUrl = getInputParam(gradle, 'gradle.plugin-repository.url')
+    def pluginRepositoryUsername = getInputParam(gradle, 'gradle.plugin-repository.username')
+    def pluginRepositoryPassword = getInputParam(gradle, 'gradle.plugin-repository.password')
+    def develocityPluginVersion = getInputParam(gradle, 'develocity.plugin.version')
+    def ccudPluginVersion = getInputParam(gradle, 'develocity.ccud-plugin.version')
 
     def atLeastGradle5 = GradleVersion.current() >= GradleVersion.version('5.0')
     def atLeastGradle4 = GradleVersion.current() >= GradleVersion.version('4.0')
@@ -79,10 +79,10 @@ initscript {
     }
 }
 
-static getInputParam(String name) {
+static getInputParam(Gradle gradle, String name) {
     def ENV_VAR_PREFIX = ''
     def envVarName = ENV_VAR_PREFIX + name.toUpperCase().replace('.', '_').replace('-', '_')
-    return System.getProperty(name) ?: System.getenv(envVarName)
+    return gradle.startParameter.systemPropertiesArgs[name] ?: System.getProperty(name) ?: System.getenv(envVarName)
 }
 
 def isTopLevelBuild = !gradle.parent
@@ -90,14 +90,14 @@ if (!isTopLevelBuild) {
     return
 }
 
-def requestedInitScriptName = getInputParam('develocity.injection.init-script-name')
+def requestedInitScriptName = getInputParam(gradle, 'develocity.injection.init-script-name')
 def initScriptName = buildscript.sourceFile.name
 if (requestedInitScriptName != initScriptName) {
     logger.quiet("Ignoring init script '${initScriptName}' as requested name '${requestedInitScriptName}' does not match")
     return
 }
 
-def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam("develocity.injection-enabled"))
+def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam(gradle, "develocity.injection-enabled"))
 if (develocityInjectionEnabled) {
     enableDevelocityInjection()
 }
@@ -123,16 +123,16 @@ void enableDevelocityInjection() {
     def CCUD_PLUGIN_ID = 'com.gradle.common-custom-user-data-gradle-plugin'
     def CCUD_PLUGIN_CLASS = 'com.gradle.CommonCustomUserDataGradlePlugin'
 
-    def develocityUrl = getInputParam('develocity.url')
-    def develocityAllowUntrustedServer = Boolean.parseBoolean(getInputParam('develocity.allow-untrusted-server'))
-    def develocityEnforceUrl = Boolean.parseBoolean(getInputParam('develocity.enforce-url'))
-    def buildScanUploadInBackground = Boolean.parseBoolean(getInputParam('develocity.build-scan.upload-in-background'))
-    def develocityCaptureFileFingerprints = getInputParam('develocity.capture-file-fingerprints') ? Boolean.parseBoolean(getInputParam('develocity.capture-file-fingerprints')) : true
-    def develocityPluginVersion = getInputParam('develocity.plugin.version')
-    def ccudPluginVersion = getInputParam('develocity.ccud-plugin.version')
-    def buildScanTermsOfUseUrl = getInputParam('develocity.terms-of-use.url')
-    def buildScanTermsOfUseAgree = getInputParam('develocity.terms-of-use.agree')
-    def ciAutoInjectionCustomValueValue = getInputParam('develocity.auto-injection.custom-value')
+    def develocityUrl = getInputParam(gradle, 'develocity.url')
+    def develocityAllowUntrustedServer = Boolean.parseBoolean(getInputParam(gradle, 'develocity.allow-untrusted-server'))
+    def develocityEnforceUrl = Boolean.parseBoolean(getInputParam(gradle, 'develocity.enforce-url'))
+    def buildScanUploadInBackground = Boolean.parseBoolean(getInputParam(gradle, 'develocity.build-scan.upload-in-background'))
+    def develocityCaptureFileFingerprints = getInputParam(gradle, 'develocity.capture-file-fingerprints') ? Boolean.parseBoolean(getInputParam(gradle, 'develocity.capture-file-fingerprints')) : true
+    def develocityPluginVersion = getInputParam(gradle, 'develocity.plugin.version')
+    def ccudPluginVersion = getInputParam(gradle, 'develocity.ccud-plugin.version')
+    def buildScanTermsOfUseUrl = getInputParam(gradle, 'develocity.terms-of-use.url')
+    def buildScanTermsOfUseAgree = getInputParam(gradle, 'develocity.terms-of-use.agree')
+    def ciAutoInjectionCustomValueValue = getInputParam(gradle, 'develocity.auto-injection.custom-value')
 
     def atLeastGradle5 = GradleVersion.current() >= GradleVersion.version('5.0')
     def atLeastGradle4 = GradleVersion.current() >= GradleVersion.version('4.0')
@@ -145,6 +145,14 @@ void enableDevelocityInjection() {
         return geValue instanceof Closure<?> ? geValue() : geValue
     }
 
+    def printEnforcingDevelocityUrl = {
+        logger.lifecycle("Enforcing Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer")
+    }
+
+    def printAcceptingGradleTermsOfUse = {
+        logger.lifecycle("Accepting Gradle Terms of Use: $buildScanTermsOfUseUrl")
+    }
+
     // finish early if configuration parameters passed in via system properties are not valid/supported
     if (ccudPluginVersion && isNotAtLeast(ccudPluginVersion, '1.7')) {
         logger.warn("Common Custom User Data Gradle plugin must be at least 1.7. Configured version is $ccudPluginVersion.")
@@ -163,8 +171,8 @@ void enableDevelocityInjection() {
                     }
                     if (!scanPluginComponent) {
                         def pluginClass = dvOrGe(DEVELOCITY_PLUGIN_CLASS, BUILD_SCAN_PLUGIN_CLASS)
-                        logger.lifecycle("Applying $pluginClass via init script")
-                        applyPluginExternally(pluginManager, pluginClass)
+                        def pluginVersion = atLeastGradle5 ? develocityPluginVersion : "1.16"
+                        applyPluginExternally(pluginManager, pluginClass, pluginVersion)
                         def rootExtension = dvOrGe(
                             { develocity },
                             { buildScan }
@@ -196,48 +204,52 @@ void enableDevelocityInjection() {
                             }
                         }
                     }
-
-                    if (develocityUrl && develocityEnforceUrl) {
-                        logger.lifecycle("Enforcing Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
                 }
 
-                    pluginManager.withPlugin(BUILD_SCAN_PLUGIN_ID) {
-                        // Only execute if develocity plugin isn't applied.
-                        if (gradle.rootProject.extensions.findByName("develocity")) return
-                        afterEvaluate {
-                            if (develocityUrl && develocityEnforceUrl) {
-                                buildScan.server = develocityUrl
-                                buildScan.allowUntrustedServer = develocityAllowUntrustedServer
-                            }
-                        }
-
-                        if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
-                            buildScan.termsOfServiceUrl = buildScanTermsOfUseUrl
-                            buildScan.termsOfServiceAgree = buildScanTermsOfUseAgree
-                        }
-                    }
-
-                    pluginManager.withPlugin(DEVELOCITY_PLUGIN_ID) {
+                eachDevelocityProjectExtension(project,
+                    { develocity ->
                         afterEvaluate {
                             if (develocityUrl && develocityEnforceUrl) {
+                                printEnforcingDevelocityUrl()
                                 develocity.server = develocityUrl
                                 develocity.allowUntrustedServer = develocityAllowUntrustedServer
                             }
                         }
 
                         if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
+                            printAcceptingGradleTermsOfUse()
                             develocity.buildScan.termsOfUseUrl = buildScanTermsOfUseUrl
                             develocity.buildScan.termsOfUseAgree = buildScanTermsOfUseAgree
                         }
+                    },
+                    { buildScan ->
+                        afterEvaluate {
+                            if (develocityUrl && develocityEnforceUrl) {
+                                printEnforcingDevelocityUrl()
+                                buildScan.server = develocityUrl
+                                buildScan.allowUntrustedServer = develocityAllowUntrustedServer
                             }
                         }
 
+                        if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
+                            printAcceptingGradleTermsOfUse()
+                            if (buildScan.metaClass.respondsTo(buildScan, 'setTermsOfServiceUrl', String)) {
+                                buildScan.termsOfServiceUrl = buildScanTermsOfUseUrl
+                                buildScan.termsOfServiceAgree = buildScanTermsOfUseAgree
+                            } else {
+                                buildScan.licenseAgreementUrl = buildScanTermsOfUseUrl
+                                buildScan.licenseAgree = buildScanTermsOfUseAgree
+                            }
+                        }
+                    }
+                )
+
                 if (ccudPluginVersion && atLeastGradle4) {
                     def ccudPluginComponent = resolutionResult.allComponents.find {
                         it.moduleVersion.with { group == "com.gradle" && name == "common-custom-user-data-gradle-plugin" }
                     }
                     if (!ccudPluginComponent) {
-                        logger.lifecycle("Applying $CCUD_PLUGIN_CLASS via init script")
+                        logger.lifecycle("Applying $CCUD_PLUGIN_CLASS with version $ccudPluginVersion via init script")
                         pluginManager.apply(initscript.classLoader.loadClass(CCUD_PLUGIN_CLASS))
                     }
                 }
@@ -248,13 +260,18 @@ void enableDevelocityInjection() {
             if (develocityPluginVersion) {
                 if (!settings.pluginManager.hasPlugin(GRADLE_ENTERPRISE_PLUGIN_ID) && !settings.pluginManager.hasPlugin(DEVELOCITY_PLUGIN_ID)) {
                     def pluginClass = dvOrGe(DEVELOCITY_PLUGIN_CLASS, GRADLE_ENTERPRISE_PLUGIN_CLASS)
-                    logger.lifecycle("Applying $pluginClass via init script")
-                    applyPluginExternally(settings.pluginManager, pluginClass)
+                    applyPluginExternally(settings.pluginManager, pluginClass, develocityPluginVersion)
                     if (develocityUrl) {
                         logger.lifecycle("Connection to Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
                         eachDevelocitySettingsExtension(settings) { ext ->
+                            // server and allowUntrustedServer must be configured via buildScan extension for gradle-enterprise-plugin 3.1.1 and earlier
+                            if (ext.metaClass.respondsTo(ext, 'getServer')) {
                                 ext.server = develocityUrl
                                 ext.allowUntrustedServer = develocityAllowUntrustedServer
+                            } else {
+                                ext.buildScan.server = develocityUrl
+                                ext.buildScan.allowUntrustedServer = develocityAllowUntrustedServer
+                            }
                         }
                     }
 
@@ -281,40 +298,46 @@ void enableDevelocityInjection() {
                         }
                     )
                 }
-
-                if (develocityUrl && develocityEnforceUrl) {
-                    logger.lifecycle("Enforcing Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
             }
 
             eachDevelocitySettingsExtension(settings,
                 { develocity ->
                     if (develocityUrl && develocityEnforceUrl) {
+                        printEnforcingDevelocityUrl()
                         develocity.server = develocityUrl
                         develocity.allowUntrustedServer = develocityAllowUntrustedServer
                     }
 
                     if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
+                        printAcceptingGradleTermsOfUse()
                         develocity.buildScan.termsOfUseUrl = buildScanTermsOfUseUrl
                         develocity.buildScan.termsOfUseAgree = buildScanTermsOfUseAgree
                     }
                 },
                 { gradleEnterprise ->
                     if (develocityUrl && develocityEnforceUrl) {
+                        printEnforcingDevelocityUrl()
+                        // server and allowUntrustedServer must be configured via buildScan extension for gradle-enterprise-plugin 3.1.1 and earlier
+                        if (gradleEnterprise.metaClass.respondsTo(gradleEnterprise, 'getServer')) {
                             gradleEnterprise.server = develocityUrl
                             gradleEnterprise.allowUntrustedServer = develocityAllowUntrustedServer
+                        } else {
+                            gradleEnterprise.buildScan.server = develocityUrl
+                            gradleEnterprise.buildScan.allowUntrustedServer = develocityAllowUntrustedServer
+                        }
                     }
 
                     if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
+                        printAcceptingGradleTermsOfUse()
                         gradleEnterprise.buildScan.termsOfServiceUrl = buildScanTermsOfUseUrl
                         gradleEnterprise.buildScan.termsOfServiceAgree = buildScanTermsOfUseAgree
                     }
                 }
             )
-            }
 
             if (ccudPluginVersion) {
                 if (!settings.pluginManager.hasPlugin(CCUD_PLUGIN_ID)) {
-                    logger.lifecycle("Applying $CCUD_PLUGIN_CLASS via init script")
+                    logger.lifecycle("Applying $CCUD_PLUGIN_CLASS with version $ccudPluginVersion via init script")
                     settings.pluginManager.apply(initscript.classLoader.loadClass(CCUD_PLUGIN_CLASS))
                 }
             }
@@ -322,7 +345,9 @@ void enableDevelocityInjection() {
     }
 }
 
-void applyPluginExternally(def pluginManager, String pluginClassName) {
+void applyPluginExternally(def pluginManager, String pluginClassName, String pluginVersion) {
+    logger.lifecycle("Applying $pluginClassName with version $pluginVersion via init script")
+
     def externallyApplied = 'develocity.externally-applied'
     def externallyAppliedDeprecated = 'gradle.enterprise.externally-applied'
     def oldValue = System.getProperty(externallyApplied)
@@ -367,6 +392,32 @@ static def eachDevelocitySettingsExtension(def settings, def dvAction, def geAct
     }
 }
 
+/**
+ * Apply the `dvAction` to the 'develocity' extension.
+ * If no 'develocity' extension is found, apply the `bsAction` to the 'buildScan' extension.
+ * (The develocity plugin creates both extensions, and we want to prefer configuring 'develocity').
+ */
+static def eachDevelocityProjectExtension(def project, def dvAction, def bsAction = dvAction) {
+    def BUILD_SCAN_PLUGIN_ID = 'com.gradle.build-scan'
+    def DEVELOCITY_PLUGIN_ID = 'com.gradle.develocity'
+
+    def configureDvOrBsExtension = {
+        if (project.extensions.findByName("develocity")) {
+            dvAction(project.develocity)
+        } else {
+            bsAction(project.buildScan)
+        }
+    }
+
+    project.pluginManager.withPlugin(BUILD_SCAN_PLUGIN_ID, configureDvOrBsExtension)
+
+    project.pluginManager.withPlugin(DEVELOCITY_PLUGIN_ID) {
+        // Proper extension will be configured by the build-scan callback.
+        if (project.pluginManager.hasPlugin(BUILD_SCAN_PLUGIN_ID)) return
+        configureDvOrBsExtension()
+    }
+}
+
 static boolean isAtLeast(String versionUnderTest, String referenceVersion) {
     GradleVersion.version(versionUnderTest) >= GradleVersion.version(referenceVersion)
 }
@@ -376,21 +427,13 @@ static boolean isNotAtLeast(String versionUnderTest, String referenceVersion) {
 }
 
 void enableBuildScanLinkCapture(BuildScanCollector collector) {
-    def BUILD_SCAN_PLUGIN_ID = 'com.gradle.build-scan'
-    def DEVELOCITY_PLUGIN_ID = 'com.gradle.develocity'
-
     // Conditionally apply and configure the Develocity plugin
     if (GradleVersion.current() < GradleVersion.version('6.0')) {
         rootProject {
-            pluginManager.withPlugin(BUILD_SCAN_PLUGIN_ID) {
-                // Only execute if develocity plugin isn't applied.
-                if (gradle.rootProject.extensions.findByName("develocity")) return
-                buildScanPublishedAction(buildScan, collector)
-            }
-
-            pluginManager.withPlugin(DEVELOCITY_PLUGIN_ID) {
-                buildScanPublishedAction(develocity.buildScan, collector)
-            }
+            eachDevelocityProjectExtension(project,
+                { develocity -> buildScanPublishedAction(develocity.buildScan, collector) },
+                { buildScan  -> buildScanPublishedAction(buildScan, collector) }
+            )
         }
     } else {
         gradle.settingsEvaluated { settings ->

sources/src/wrapper-validation/checksums.ts

@@ -1,5 +1,6 @@
 import * as httpm from 'typed-rest-client/HttpClient'
 import * as cheerio from 'cheerio'
+import * as core from '@actions/core'
 
 import fileWrapperChecksums from './wrapper-checksums.json'
 
@@ -59,12 +60,7 @@ export async function fetchUnknownChecksums(
     }
 
     const wrapperChecksums = new WrapperChecksums()
-    await Promise.all(
-        checksumUrls.map(async ([version, url]) => {
-            const checksum = await httpGetText(url)
-            wrapperChecksums.add(version, checksum)
-        })
-    )
+    await fetchAndStoreChecksums(checksumUrls, wrapperChecksums)
     return wrapperChecksums
 }
 
@@ -94,3 +90,20 @@ async function addDistributionSnapshotChecksumUrls(checksumUrls: [string, string
         }
     })
 }
+
+async function fetchAndStoreChecksums(
+    checksumUrls: [string, string][],
+    wrapperChecksums: WrapperChecksums
+): Promise<void> {
+    const batchSize = 10
+    for (let i = 0; i < checksumUrls.length; i += batchSize) {
+        const batch = checksumUrls.slice(i, i + batchSize)
+        await Promise.all(
+            batch.map(async ([version, url]) => {
+                const checksum = await httpGetText(url)
+                wrapperChecksums.add(version, checksum)
+            })
+        )
+        core.info(`Fetched ${i + batch.length} of ${checksumUrls.length} checksums`)
+    }
+}

sources/src/wrapper-validation/wrapper-checksums.json

@@ -1,4 +1,16 @@
 [
+  {
+    "version": "8.12-rc-2",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.12-rc-1",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
+  {
+    "version": "8.11.1",
+    "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"
+  },
   {
     "version": "8.11",
     "checksum": "2db75c40782f5e8ba1fc278a5574bab070adccb2d21ca5a6e5ed840888448046"

sources/test/init-scripts/build.gradle

@@ -20,7 +20,7 @@ dependencies {
     testImplementation ('io.ratpack:ratpack-groovy-test:1.9.0') {
         exclude group: 'org.codehaus.groovy', module: 'groovy-all'
     }
-    testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.18.1'
+    testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.18.2'
 }
 
 test {

sources/test/init-scripts/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
+distributionSha256Sum=f397b287023acdba1e9f6fc5ea72d22dd63669d59ed4a289a29b1a76eee151c6
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

sources/test/init-scripts/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.18.2"
+    id "com.gradle.develocity" version "3.19"
     id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.2"
 }
 

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy

@@ -16,7 +16,7 @@ import java.nio.file.Files
 import java.util.zip.GZIPOutputStream
 
 class BaseInitScriptTest extends Specification {
-    static final String DEVELOCITY_PLUGIN_VERSION = '3.18.2'
+    static final String DEVELOCITY_PLUGIN_VERSION = '3.19'
     static final String CCUD_PLUGIN_VERSION = '2.0.2'
 
     static final TestGradleVersion GRADLE_3_X = new TestGradleVersion(GradleVersion.version('3.5.1'), 7, 9)
@@ -28,7 +28,7 @@ class BaseInitScriptTest extends Specification {
     static final TestGradleVersion GRADLE_7_1 = new TestGradleVersion(GradleVersion.version('7.1.1'), 8, 16)
     static final TestGradleVersion GRADLE_7_X = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
     static final TestGradleVersion GRADLE_8_0 = new TestGradleVersion(GradleVersion.version('8.0.2'), 8, 19)
-    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.11'), 8, 23)
+    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.11.1'), 8, 23)
 
     static final List<TestGradleVersion> ALL_VERSIONS = [
         GRADLE_3_X, // First version where TestKit supports environment variables

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestBuildResultRecorder.groovy

@@ -196,7 +196,7 @@ class TestBuildResultRecorder extends BaseInitScriptTest {
         when:
         settingsFile.text = """
             plugins {
-                id 'com.gradle.develocity' version '3.18.2' apply(false)
+                id 'com.gradle.develocity' version '3.19' apply(false)
             }
             gradle.settingsEvaluated {
                 apply plugin: 'com.gradle.develocity'

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestDependencyGraph.groovy

@@ -141,7 +141,7 @@ class TestDependencyGraph extends BaseInitScriptTest {
         // TODO:DAZ This props are set too late to control init-script plugin resolution
         // This makes the tests fail on Mac with Gradle < 6
         def args = jvmArgs
-        args.add('-DGRADLE_PLUGIN_REPOSITORY_URL=https://plugins.grdev.net/m2')
+        args.add('-Dgradle.plugin-repository.url=https://plugins.grdev.net/m2')
         def result = run(['help', '--info'], initScript, testGradleVersion.gradleVersion, args, vars)
 
         then:
@@ -160,12 +160,11 @@ class TestDependencyGraph extends BaseInitScriptTest {
         vars.put('GRADLE_PLUGIN_REPOSITORY_URL', 'https://plugins.grdev.net/m2')
         vars.put('GRADLE_PLUGIN_REPOSITORY_USERNAME', 'REPO_USER')
         vars.put('GRADLE_PLUGIN_REPOSITORY_PASSWORD', 'REPO_PASSWORD')
-        // TODO:DAZ This props are set too late to control init-script plugin resolution
-        // This makes the tests fail on Mac with Gradle < 6
+
         def args = jvmArgs
-        args.add('-DGRADLE_PLUGIN_REPOSITORY_URL=https://plugins.grdev.net/m2')
-        args.add('-DGRADLE_PLUGIN_REPOSITORY_USERNAME=REPO_USER')
-        args.add('-DGRADLE_PLUGIN_REPOSITORY_PASSWORD=REPO_PASSWORD')
+        args.add('-Dgradle.plugin-repository.url=https://plugins.grdev.net/m2')
+        args.add('-Dgradle.plugin-repository.username=REPO_USER')
+        args.add('-Dgradle.plugin-repository.password=REPO_PASSWORD')
         def result = run(['help', '--info'], initScript, testGradleVersion.gradleVersion, args, vars)
 
         then:

sources/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestDevelocityInjection.groovy

@@ -12,6 +12,7 @@ class TestDevelocityInjection extends BaseInitScriptTest {
     def initScript = 'gradle-actions.inject-develocity.init.gradle'
 
     private static final GradleVersion GRADLE_5 = GradleVersion.version('5.0')
+    private static final GradleVersion GRADLE_6 = GradleVersion.version('6.0')
 
     def "does not apply Develocity plugins when not requested"() {
         assumeTrue testGradleVersion.compatibleWithCurrentJvm
@@ -91,19 +92,12 @@ class TestDevelocityInjection extends BaseInitScriptTest {
     def "applies deprecated Gradle Enterprise or Build Scan plugins if requested"() {
         assumeTrue testGradleVersion.compatibleWithCurrentJvm
 
-        given:
-        def appliedPluginClass = testGradleVersion.gradleVersion >= GradleVersion.version("6.0")
-                ? "com.gradle.enterprise.gradleplugin.GradleEnterprisePlugin"
-                : "com.gradle.scan.plugin.BuildScanPlugin"
-
         when:
         // 3.16.2 is the latest version of deprecated plugins
         def result = run(testGradleVersion, testConfig('3.16.2'))
 
         then:
-        1 == result.output.count("Applying $appliedPluginClass via init script")
-
-        and:
+        outputContainsDevelocityPluginApplicationViaInitScript(result, testGradleVersion.gradleVersion, '3.16.2')
         outputContainsBuildScanUrl(result)
 
         where:
@@ -366,35 +360,52 @@ class TestDevelocityInjection extends BaseInitScriptTest {
         assert 1 == result.output.count(message)
     }
 
-    void outputContainsDevelocityPluginApplicationViaInitScript(BuildResult result, GradleVersion gradleVersion) {
-        def pluginApplicationLogMsgGradle4 = "Applying com.gradle.scan.plugin.BuildScanPlugin via init script"
-        def pluginApplicationLogMsgGradle5AndHigher = "Applying com.gradle.develocity.agent.gradle.DevelocityPlugin via init script"
+    void outputContainsDevelocityPluginApplicationViaInitScript(BuildResult result, GradleVersion gradleVersion, String pluginVersion = DEVELOCITY_PLUGIN_VERSION) {
+        def pluginApplicationLogMsgGradle4 = "Applying com.gradle.scan.plugin.BuildScanPlugin with version 1.16 via init script"
+        def pluginApplicationLogMsgBuildScanPlugin = "Applying com.gradle.scan.plugin.BuildScanPlugin with version ${pluginVersion} via init script"
+        def pluginApplicationLogMsgGEPlugin = "Applying com.gradle.enterprise.gradleplugin.GradleEnterprisePlugin with version ${pluginVersion} via init script"
+        def pluginApplicationLogMsgDVPlugin = "Applying com.gradle.develocity.agent.gradle.DevelocityPlugin with version ${pluginVersion} via init script"
+
+        def isGEPluginVersion = GradleVersion.version(pluginVersion) < GradleVersion.version("3.17")
+
         if (gradleVersion < GRADLE_5) {
             assert result.output.contains(pluginApplicationLogMsgGradle4)
             assert 1 == result.output.count(pluginApplicationLogMsgGradle4)
-            assert !result.output.contains(pluginApplicationLogMsgGradle5AndHigher)
-        } else {
-            assert result.output.contains(pluginApplicationLogMsgGradle5AndHigher)
-            assert 1 == result.output.count(pluginApplicationLogMsgGradle5AndHigher)
+            assert !result.output.contains(pluginApplicationLogMsgGEPlugin)
+            assert !result.output.contains(pluginApplicationLogMsgDVPlugin)
+        } else if (gradleVersion < GRADLE_6 && isGEPluginVersion) {
+            assert result.output.contains(pluginApplicationLogMsgBuildScanPlugin)
+            assert 1 == result.output.count(pluginApplicationLogMsgBuildScanPlugin)
+            assert !result.output.contains(pluginApplicationLogMsgGEPlugin)
+            assert !result.output.contains(pluginApplicationLogMsgDVPlugin)
+        } else if (isGEPluginVersion) {
+            assert result.output.contains(pluginApplicationLogMsgGEPlugin)
+            assert 1 == result.output.count(pluginApplicationLogMsgGEPlugin)
             assert !result.output.contains(pluginApplicationLogMsgGradle4)
+            assert !result.output.contains(pluginApplicationLogMsgDVPlugin)
+        } else {
+            assert result.output.contains(pluginApplicationLogMsgDVPlugin)
+            assert 1 == result.output.count(pluginApplicationLogMsgDVPlugin)
+            assert !result.output.contains(pluginApplicationLogMsgGradle4)
+            assert !result.output.contains(pluginApplicationLogMsgGEPlugin)
         }
     }
 
     void outputMissesDevelocityPluginApplicationViaInitScript(BuildResult result) {
-        def pluginApplicationLogMsgGradle4 = "Applying com.gradle.scan.plugin.BuildScanPlugin via init script"
-        def pluginApplicationLogMsgGradle5AndHigher = "Applying com.gradle.develocity.agent.gradle.DevelocityPlugin via init script"
+        def pluginApplicationLogMsgGradle4 = "Applying com.gradle.scan.plugin.BuildScanPlugin"
+        def pluginApplicationLogMsgGradle5AndHigher = "Applying com.gradle.develocity.agent.gradle.DevelocityPlugin"
         assert !result.output.contains(pluginApplicationLogMsgGradle4)
         assert !result.output.contains(pluginApplicationLogMsgGradle5AndHigher)
     }
 
-    void outputContainsCcudPluginApplicationViaInitScript(BuildResult result) {
-        def pluginApplicationLogMsg = "Applying com.gradle.CommonCustomUserDataGradlePlugin via init script"
+    void outputContainsCcudPluginApplicationViaInitScript(BuildResult result, String ccudPluginVersion = CCUD_PLUGIN_VERSION) {
+        def pluginApplicationLogMsg = "Applying com.gradle.CommonCustomUserDataGradlePlugin with version ${ccudPluginVersion} via init script"
         assert result.output.contains(pluginApplicationLogMsg)
         assert 1 == result.output.count(pluginApplicationLogMsg)
     }
 
     void outputMissesCcudPluginApplicationViaInitScript(BuildResult result) {
-        def pluginApplicationLogMsg = "Applying com.gradle.CommonCustomUserDataGradlePlugin via init script"
+        def pluginApplicationLogMsg = "Applying com.gradle.CommonCustomUserDataGradlePlugin"
         assert !result.output.contains(pluginApplicationLogMsg)
     }
 

sources/test/jest/cache-cleanup.test.ts

@@ -53,7 +53,7 @@ test('will cleanup unused gradle versions', async () => {
     const transforms3 = path.resolve(gradleUserHome, "caches/transforms-3")
     const metadata100 = path.resolve(gradleUserHome, "caches/modules-2/metadata-2.100")
     const wrapper802 = path.resolve(gradleUserHome, "wrapper/dists/gradle-8.0.2-bin")
-    const gradleCurrent = path.resolve(gradleUserHome, "caches/8.11")
+    const gradleCurrent = path.resolve(gradleUserHome, "caches/8.11.1")
     const metadataCurrent = path.resolve(gradleUserHome, "caches/modules-2/metadata-2.107")
 
     expect(fs.existsSync(gradle802)).toBe(true)

sources/test/jest/wrapper-validation/checksums.test.ts

@@ -2,7 +2,7 @@ import * as checksums from '../../../src/wrapper-validation/checksums'
 import nock from 'nock'
 import {afterEach, describe, expect, test, jest} from '@jest/globals'
 
-jest.setTimeout(30000)
+jest.setTimeout(60000)
 
 const CHECKSUM_8_1 = 'ed2c26eba7cfb93cc2b7785d05e534f07b5b48b5e7fc941921cd098628abca58'
 
@@ -39,7 +39,7 @@ test('has loaded hardcoded wrapper jars checksums', async () => {
 test('fetches wrapper jar checksums that are missing from hardcoded set', async () => {
   const unknownChecksums = await checksums.fetchUnknownChecksums(false, knownChecksumsWithout8_1())
 
-  expect(unknownChecksums.checksums.size).toEqual(1)
+  expect(unknownChecksums.checksums.size).toBeGreaterThan(0)
   expect(unknownChecksums.checksums.has(CHECKSUM_8_1)).toBe(true)
   expect(unknownChecksums.checksums.get(CHECKSUM_8_1)).toEqual(new Set(['8.1-rc-1', '8.1-rc-2', '8.1-rc-3', '8.1-rc-4', '8.1', '8.1.1']))
 })
@@ -70,8 +70,8 @@ describe('retry', () => {
           code: 'ECONNREFUSED'
         })
 
-      const validChecksums = await checksums.fetchUnknownChecksums(false, new checksums.WrapperChecksums)
-      expect(validChecksums.checksums.size).toBeGreaterThan(10)
+      const validChecksums = await checksums.fetchUnknownChecksums(false, knownChecksumsWithout8_1())
+      expect(validChecksums.checksums.size).toBeGreaterThan(0)
       nock.isDone()
     })
   })

sources/test/jest/wrapper-validation/validate.test.ts

@@ -2,7 +2,7 @@ import * as path from 'path'
 import * as fs from 'fs'
 import * as validate from '../../../src/wrapper-validation/validate'
 import {expect, test, jest} from '@jest/globals'
-import { WrapperChecksums } from '../../../src/wrapper-validation/checksums'
+import { WrapperChecksums, KNOWN_CHECKSUMS } from '../../../src/wrapper-validation/checksums'
 import { ChecksumCache } from '../../../src/wrapper-validation/cache'
 import exp from 'constants'
 
@@ -11,6 +11,21 @@ jest.setTimeout(30000)
 const baseDir = path.resolve('./test/jest/wrapper-validation')
 const tmpDir = path.resolve('./test/jest/tmp')
 
+const CHECKSUM_3888 = '3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce'
+
+function knownChecksumsWithout3888(): WrapperChecksums {
+  const knownChecksums = new WrapperChecksums()
+  // iterate over all known checksums and add them to the knownChecksums object
+  for (const [checksum, versions] of KNOWN_CHECKSUMS.checksums) {
+    if (checksum !== CHECKSUM_3888) {
+      for (const version of versions) {
+        knownChecksums.add(version, checksum)
+      }
+    }
+  }
+  return knownChecksums
+}
+
 test('succeeds if all found wrapper jars are valid', async () => {
   const result = await validate.findInvalidWrapperJars(baseDir, false, [
     'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
@@ -47,7 +62,7 @@ test('succeeds if all found wrapper jars are previously valid', async () => {
 })
 
 test('succeeds if all found wrapper jars are valid (and checksums are fetched from Gradle API)', async () => {
-  const knownValidChecksums = new WrapperChecksums()
+  const knownValidChecksums = knownChecksumsWithout3888()
   const result = await validate.findInvalidWrapperJars(
     baseDir,
     false,