Use v1.4.0 of dependency graph plugin (#638 )

[bot] Update dist directory
Bump the npm-dependencies group in /sources with 5 updates (#636 )
2025-11-26 17:09:10 +08:00 · 2025-05-16 11:01:06 -06:00 · 2025-05-13 18:36:21 +00:00 · 2025-05-13 12:35:15 -06:00 · 2025-05-07 09:42:15 -06:00 · 2025-05-05 19:45:57 +00:00
124 changed files with 269805 additions and 334704 deletions
--- a/.github/actions/build-dist/action.yml
+++ b/.github/actions/build-dist/action.yml
@@ -3,7 +3,7 @@ name: 'Build and upload distribution'
 runs:
  using: "composite"
  steps: 
-    - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+    - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
      with:
        node-version: 20
        cache: npm
@@ -23,7 +23,7 @@ runs:
        cp -r sources/dist .

    - name: Upload distribution
-      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        name: dist
        path: dist/
--- a/.github/actions/init-integ-test/action.yml
+++ b/.github/actions/init-integ-test/action.yml
@@ -4,7 +4,7 @@ runs:
  using: "composite"
  steps: 
    - name: Setup Java
-      uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+      uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
      with:
        distribution: 'temurin'
        java-version: 11
@@ -17,7 +17,7 @@ runs:
    # Downloads a 'dist' directory artifact that was uploaded in an earlier 'build-dist' step
    - name: Download dist
      if: ${{ env.SKIP_DIST != 'true' && !env.ACT }}
-      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
      with:
        name: dist
        path: dist/
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,6 +5,7 @@ registries:
    url: https://plugins.gradle.org/m2
    username: dummy # Required by dependabot
    password: dummy # Required by dependabot
+
 updates:
  - package-ecosystem: "npm"
    directory: "/sources"
@@ -16,25 +17,12 @@ updates:
        - "*"
      
  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    groups:
-      github-actions:
-        patterns:
-        - "*"
-  # github-actions with directory: "/" only monitors .github/workflows
-  # https://github.com/dependabot/dependabot-core/issues/6345
-  - package-ecosystem: "github-actions"
-    directory: "/.github/actions/build-dist"
-    schedule:
-      interval: "weekly"
-    groups:
-      github-actions:
-        patterns:
-          - "*"
-  - package-ecosystem: "github-actions"
-    directory: "/.github/actions/init-integ-test"
+    # github-actions with directory: "/" only monitors .github/workflows
+    # https://github.com/dependabot/dependabot-core/issues/6345
+    directories:
+      - "/"
+      - "/.github/actions/build-dist"
+      - "/.github/actions/init-integ-test"
    schedule:
      interval: "weekly"
    groups:
@@ -43,44 +31,19 @@ updates:
          - "*"

  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/gradle-plugin"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/groovy-dsl"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/java-toolchain"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/kotlin-dsl"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/no-wrapper"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/no-wrapper-gradle-5"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "gradle"
-    directory: "sources/test/init-scripts"
+    directories:
+      - ".github/workflow-samples/gradle-plugin"
+      - ".github/workflow-samples/groovy-dsl"
+      - ".github/workflow-samples/java-toolchain"
+      - ".github/workflow-samples/kotlin-dsl"
+      - ".github/workflow-samples/no-wrapper"
+      - ".github/workflow-samples/no-wrapper-gradle-5"
+      - "sources/test/init-scripts"
    registries:
      - gradle-plugin-portal
    schedule:
      interval: "weekly"
+    groups:
+      gradle:
+        patterns:
+          - "*"
--- a/.github/workflow-samples/gradle-plugin/gradle/libs.versions.toml
+++ b/.github/workflow-samples/gradle-plugin/gradle/libs.versions.toml
@@ -0,0 +1,2 @@
+# This file was generated by the Gradle 'init' task.
+# https://docs.gradle.org/current/userguide/platforms.html#sub::toml-dependencies-format
--- a/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties
@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=57dafb5c2622c6cc08b993c85b7c06956a2f53536432a30ead46166dbca0f1e9
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
+distributionSha256Sum=61ad310d3c7d3e5da131b76bbf22b5a4c0786e9d892dae8c1658d4b484de3caa
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/gradle-plugin/gradlew
+++ b/.github/workflow-samples/gradle-plugin/gradlew
@@ -86,8 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
-' "$PWD" ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -115,7 +114,7 @@ case "$( uname )" in                #(
  NONSTOP* )        nonstop=true ;;
 esac

-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+CLASSPATH="\\\"\\\""


 # Determine the Java command to use to start the JVM.
@@ -206,7 +205,7 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'

 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
@@ -214,7 +213,7 @@ DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 set -- \
        "-Dorg.gradle.appname=$APP_BASE_NAME" \
        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
        "$@"

 # Stop when "xargs" is not available.
--- a/.github/workflow-samples/gradle-plugin/gradlew.bat
+++ b/.github/workflow-samples/gradle-plugin/gradlew.bat
@@ -70,11 +70,11 @@ goto fail
 :execute
@rem Setup the command line

-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+set CLASSPATH=


@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*

 :end
@rem End local scope for the variables with windows NT shell
--- a/.github/workflow-samples/gradle-plugin/plugin/build.gradle
+++ b/.github/workflow-samples/gradle-plugin/plugin/build.gradle
@@ -1,60 +0,0 @@
-/*
- * This file was generated by the Gradle 'init' task.
- *
- * This generated file contains a sample Gradle plugin project to get you started.
- * For more details take a look at the Writing Custom Plugins chapter in the Gradle
- * User Manual available at https://docs.gradle.org/7.3/userguide/custom_plugins.html
- * This project uses @Incubating APIs which are subject to change.
- */
-
-plugins {
-    // Apply the Java Gradle plugin development plugin to add support for developing Gradle plugins
-    id 'java-gradle-plugin'
-}
-
-repositories {
-    // Use Maven Central for resolving dependencies.
-    mavenCentral()
-}
-
-testing {
-    suites {
-        // Configure the built-in test suite
-        test {
-            // Use JUnit Jupiter test framework
-            useJUnitJupiter('5.7.2')
-        }
-
-        // Create a new test suite
-        functionalTest(JvmTestSuite) {
-            dependencies {
-                // functionalTest test suite depends on the production code in tests
-                implementation(project(':plugin'))
-            }
-
-            targets {
-                all {
-                    // This test suite should run after the built-in test suite has run its tests
-                    testTask.configure { shouldRunAfter(test) } 
-                }
-            }
-        }
-    }
-}
-
-gradlePlugin {
-    // Define the plugin
-    plugins {
-        greeting {
-            id = 'org.example.gradle.plugin.greeting'
-            implementationClass = 'org.example.gradle.plugin.GradlePluginPlugin'
-        }
-    }
-}
-
-gradlePlugin.testSourceSets(sourceSets.functionalTest)
-
-tasks.named('check') {
-    // Include functionalTest as part of the check lifecycle
-    dependsOn(testing.suites.functionalTest)
-}
--- a/.github/workflow-samples/gradle-plugin/plugin/build.gradle.kts
+++ b/.github/workflow-samples/gradle-plugin/plugin/build.gradle.kts
@@ -0,0 +1,40 @@
+plugins {
+    `java-gradle-plugin`
+}
+
+repositories {
+    mavenCentral()
+}
+
+testing {
+    suites {
+        val test by getting(JvmTestSuite::class) {
+            useJUnitJupiter()
+        }
+
+        val functionalTest by registering(JvmTestSuite::class) {
+            dependencies {
+                implementation(project())
+            }
+
+            targets {
+                all {
+                    testTask.configure { shouldRunAfter(test) } 
+                }
+            }
+        }
+    }
+}
+
+gradlePlugin {
+    val greeting by plugins.creating {
+        id = "org.example.greeting"
+        implementationClass = "org.example.GradlePluginPlugin"
+    }
+}
+
+gradlePlugin.testSourceSets.add(sourceSets["functionalTest"])
+
+tasks.named<Task>("check") {
+    dependsOn(testing.suites.named("functionalTest"))
+}
--- a/.github/workflow-samples/gradle-plugin/plugin/src/functionalTest/java/org/example/gradle/plugin/GradlePluginPluginFunctionalTest.java
+++ b/.github/workflow-samples/gradle-plugin/plugin/src/functionalTest/java/org/example/gradle/plugin/GradlePluginPluginFunctionalTest.java
@@ -1,7 +1,7 @@
 /*
- * This Java source file was generated by the Gradle 'init' task.
+ * This source file was generated by the Gradle 'init' task
 */
-package org.example.gradle.plugin;
+package org.example;

 import java.io.File;
 import java.io.IOException;
@@ -15,7 +15,7 @@ import org.junit.jupiter.api.io.TempDir;
 import static org.junit.jupiter.api.Assertions.*;

 /**
- * A simple functional test for the 'org.example.gradle.plugin.greeting' plugin.
+ * A simple functional test for the 'org.example.greeting' plugin.
 */
 class GradlePluginPluginFunctionalTest {
    @TempDir
@@ -29,24 +29,23 @@ class GradlePluginPluginFunctionalTest {
        return new File(projectDir, "settings.gradle");
    }

-    @Test void canRunTaskWithGradle691() throws IOException {
+    @Test void canRunTask() throws IOException {
        writeString(getSettingsFile(), "");
        writeString(getBuildFile(),
            "plugins {" +
-            "  id('org.example.gradle.plugin.greeting')" +
+            "  id('org.example.greeting')" +
            "}");

        // Run the build
        GradleRunner runner = GradleRunner.create();
        runner.forwardOutput();
-        runner.withGradleVersion("6.9.1");
        runner.withPluginClasspath();
        runner.withArguments("greeting");
        runner.withProjectDir(projectDir);
        BuildResult result = runner.build();

        // Verify the result
-        assertTrue(result.getOutput().contains("Hello from plugin 'org.example.gradle.plugin.greeting'"));
+        assertTrue(result.getOutput().contains("Hello from plugin 'org.example.greeting'"));
    }

    private void writeString(File file, String string) throws IOException {
--- a/.github/workflow-samples/gradle-plugin/plugin/src/main/java/org/example/gradle/plugin/GradlePluginPlugin.java
+++ b/.github/workflow-samples/gradle-plugin/plugin/src/main/java/org/example/gradle/plugin/GradlePluginPlugin.java
@@ -1,7 +1,7 @@
 /*
- * This Java source file was generated by the Gradle 'init' task.
+ * This source file was generated by the Gradle 'init' task
 */
-package org.example.gradle.plugin;
+package org.example;

 import org.gradle.api.Project;
 import org.gradle.api.Plugin;
@@ -13,7 +13,7 @@ public class GradlePluginPlugin implements Plugin<Project> {
    public void apply(Project project) {
        // Register a task
        project.getTasks().register("greeting", task -> {
-            task.doLast(s -> System.out.println("Hello from plugin 'org.example.gradle.plugin.greeting'"));
+            task.doLast(s -> System.out.println("Hello from plugin 'org.example.greeting'"));
        });
    }
 }
--- a/.github/workflow-samples/gradle-plugin/plugin/src/test/java/org/example/gradle/plugin/GradlePluginPluginTest.java
+++ b/.github/workflow-samples/gradle-plugin/plugin/src/test/java/org/example/gradle/plugin/GradlePluginPluginTest.java
@@ -1,7 +1,7 @@
 /*
- * This Java source file was generated by the Gradle 'init' task.
+ * This source file was generated by the Gradle 'init' task
 */
-package org.example.gradle.plugin;
+package org.example;

 import org.gradle.testfixtures.ProjectBuilder;
 import org.gradle.api.Project;
@@ -9,13 +9,13 @@ import org.junit.jupiter.api.Test;
 import static org.junit.jupiter.api.Assertions.*;

 /**
- * A simple unit test for the 'org.example.gradle.plugin.greeting' plugin.
+ * A simple unit test for the 'org.example.greeting' plugin.
 */
 class GradlePluginPluginTest {
    @Test void pluginRegistersATask() {
        // Create a test project and apply the plugin
        Project project = ProjectBuilder.builder().build();
-        project.getPlugins().apply("org.example.gradle.plugin.greeting");
+        project.getPlugins().apply("org.example.greeting");

        // Verify the result
        assertNotNull(project.getTasks().findByName("greeting"));
--- a/.github/workflow-samples/gradle-plugin/settings.gradle
+++ b/.github/workflow-samples/gradle-plugin/settings.gradle
@@ -1,12 +0,0 @@
-/*
- * This file was generated by the Gradle 'init' task.
- *
- * The settings file is used to specify which projects to include in your build.
- *
- * Detailed information about configuring a multi-project build in Gradle can be found
- * in the user manual at https://docs.gradle.org/7.3/userguide/multi_project_builds.html
- * This project uses @Incubating APIs which are subject to change.
- */
-
-rootProject.name = 'gradle-plugin'
-include('plugin')
--- a/.github/workflow-samples/gradle-plugin/settings.gradle.kts
+++ b/.github/workflow-samples/gradle-plugin/settings.gradle.kts
@@ -0,0 +1,2 @@
+rootProject.name = "gradle-plugin-2"
+include("plugin")
--- a/.github/workflow-samples/groovy-dsl/build.gradle
+++ b/.github/workflow-samples/groovy-dsl/build.gradle
@@ -6,8 +6,12 @@ repositories {
    mavenCentral()
 }

-dependencies {
-    testImplementation('junit:junit:4.13.2')
+testing {
+    suites {
+        test {
+            useJUnit()
+        }
+    }
 }

 tasks.named("test").configure {
--- a/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties
@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=57dafb5c2622c6cc08b993c85b7c06956a2f53536432a30ead46166dbca0f1e9
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
+distributionSha256Sum=61ad310d3c7d3e5da131b76bbf22b5a4c0786e9d892dae8c1658d4b484de3caa
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/groovy-dsl/gradlew
+++ b/.github/workflow-samples/groovy-dsl/gradlew
@@ -86,8 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
-' "$PWD" ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -115,7 +114,7 @@ case "$( uname )" in                #(
  NONSTOP* )        nonstop=true ;;
 esac

-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+CLASSPATH="\\\"\\\""


 # Determine the Java command to use to start the JVM.
@@ -206,7 +205,7 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'

 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
@@ -214,7 +213,7 @@ DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 set -- \
        "-Dorg.gradle.appname=$APP_BASE_NAME" \
        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
        "$@"

 # Stop when "xargs" is not available.
--- a/.github/workflow-samples/groovy-dsl/gradlew.bat
+++ b/.github/workflow-samples/groovy-dsl/gradlew.bat
@@ -70,11 +70,11 @@ goto fail
 :execute
@rem Setup the command line

-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+set CLASSPATH=


@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*

 :end
@rem End local scope for the variables with windows NT shell
--- a/.github/workflow-samples/groovy-dsl/settings.gradle
+++ b/.github/workflow-samples/groovy-dsl/settings.gradle
@@ -1,6 +1,6 @@
 plugins {
-    id "com.gradle.develocity" version "3.18.2"
-    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.0.2"
+    id "com.gradle.develocity" version "4.0.1"
+    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.2.1"
 }

 develocity {
--- a/.github/workflow-samples/java-toolchain/build.gradle.kts
+++ b/.github/workflow-samples/java-toolchain/build.gradle.kts
@@ -1,5 +1,5 @@
 plugins {
-    id 'java'
+    java
 }

 java {
@@ -12,6 +12,10 @@ repositories {
    mavenCentral()
 }

-dependencies {
-    testImplementation('junit:junit:4.13.2')
+testing {
+    suites {
+        val test by getting(JvmTestSuite::class) {
+            useJUnit()
+        }
+    }
 }
--- a/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties
@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=57dafb5c2622c6cc08b993c85b7c06956a2f53536432a30ead46166dbca0f1e9
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
+distributionSha256Sum=61ad310d3c7d3e5da131b76bbf22b5a4c0786e9d892dae8c1658d4b484de3caa
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/java-toolchain/gradlew
+++ b/.github/workflow-samples/java-toolchain/gradlew
@@ -86,8 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
-' "$PWD" ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -115,7 +114,7 @@ case "$( uname )" in                #(
  NONSTOP* )        nonstop=true ;;
 esac

-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+CLASSPATH="\\\"\\\""


 # Determine the Java command to use to start the JVM.
@@ -206,7 +205,7 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'

 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
@@ -214,7 +213,7 @@ DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 set -- \
        "-Dorg.gradle.appname=$APP_BASE_NAME" \
        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
        "$@"

 # Stop when "xargs" is not available.
--- a/.github/workflow-samples/java-toolchain/gradlew.bat
+++ b/.github/workflow-samples/java-toolchain/gradlew.bat
@@ -70,11 +70,11 @@ goto fail
 :execute
@rem Setup the command line

-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+set CLASSPATH=


@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*

 :end
@rem End local scope for the variables with windows NT shell
--- a/.github/workflow-samples/java-toolchain/settings.gradle
+++ b/.github/workflow-samples/java-toolchain/settings.gradle
@@ -1,5 +0,0 @@
-plugins {
-    id("org.gradle.toolchains.foojay-resolver-convention") version("0.7.0")
-}
-
-rootProject.name = 'basic'
--- a/.github/workflow-samples/java-toolchain/settings.gradle.kts
+++ b/.github/workflow-samples/java-toolchain/settings.gradle.kts
@@ -0,0 +1,6 @@
+plugins {
+    // Apply the foojay-resolver plugin to allow automatic download of JDKs
+    id("org.gradle.toolchains.foojay-resolver-convention") version "0.10.0"
+}
+
+rootProject.name = "java-toolchains"
--- a/.github/workflow-samples/kotlin-dsl/build.gradle.kts
+++ b/.github/workflow-samples/kotlin-dsl/build.gradle.kts
@@ -8,13 +8,15 @@ repositories {

 dependencies {
    api("org.apache.commons:commons-math3:3.6.1")
-    implementation("com.google.guava:guava:33.3.1-jre")
-
-    testImplementation("org.junit.jupiter:junit-jupiter:5.11.3")
+    implementation("com.google.guava:guava:33.4.8-jre")
 }

-tasks.test {
-    useJUnitPlatform()
+testing {
+    suites { 
+       val test by getting(JvmTestSuite::class) { 
+            useJUnitJupiter() 
+        }
+    }
 }

 tasks.named("test").configure {
--- a/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.jar
+++ b/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.jar
--- a/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties
+++ b/.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties
@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=57dafb5c2622c6cc08b993c85b7c06956a2f53536432a30ead46166dbca0f1e9
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
+distributionSha256Sum=61ad310d3c7d3e5da131b76bbf22b5a4c0786e9d892dae8c1658d4b484de3caa
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
--- a/.github/workflow-samples/kotlin-dsl/gradlew
+++ b/.github/workflow-samples/kotlin-dsl/gradlew
@@ -86,8 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
-' "$PWD" ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -115,7 +114,7 @@ case "$( uname )" in                #(
  NONSTOP* )        nonstop=true ;;
 esac

-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+CLASSPATH="\\\"\\\""


 # Determine the Java command to use to start the JVM.
@@ -206,7 +205,7 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'

 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
@@ -214,7 +213,7 @@ DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 set -- \
        "-Dorg.gradle.appname=$APP_BASE_NAME" \
        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
        "$@"

 # Stop when "xargs" is not available.
--- a/.github/workflow-samples/kotlin-dsl/gradlew.bat
+++ b/.github/workflow-samples/kotlin-dsl/gradlew.bat
@@ -70,11 +70,11 @@ goto fail
 :execute
@rem Setup the command line

-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+set CLASSPATH=


@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*

 :end
@rem End local scope for the variables with windows NT shell
--- a/.github/workflow-samples/kotlin-dsl/settings.gradle.kts
+++ b/.github/workflow-samples/kotlin-dsl/settings.gradle.kts
@@ -1,6 +1,6 @@
 plugins {
-    id("com.gradle.develocity") version "3.18.2"
-    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.0.2"
+    id("com.gradle.develocity") version "4.0.1"
+    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.2.1"
 }

 develocity {
--- a/.github/workflow-samples/no-wrapper-gradle-5/build.gradle
+++ b/.github/workflow-samples/no-wrapper-gradle-5/build.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.18.2" 
+    id "com.gradle.develocity" version "4.0.1" 
 }

 develocity {
--- a/.github/workflow-samples/no-wrapper/settings.gradle
+++ b/.github/workflow-samples/no-wrapper/settings.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.18.2"
+    id "com.gradle.develocity" version "4.0.1"
 }

 develocity {
--- a/.github/workflow-samples/non-executable-wrapper/settings.gradle
+++ b/.github/workflow-samples/non-executable-wrapper/settings.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.18.2"
+    id "com.gradle.develocity" version "4.0.1"
 }

 develocity {
--- a/.github/workflows/ci-check-and-unit-test.yml
+++ b/.github/workflows/ci-check-and-unit-test.yml
@@ -15,29 +15,43 @@ permissions:
 jobs:
  check-format-and-unit-test:
    runs-on: ubuntu-latest
+
    steps:
    - name: Checkout sources
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-    - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+    - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
      with:
        node-version: 20
        cache: npm
        cache-dependency-path: sources/package-lock.json
    - name: Setup Gradle
      # Use a released version to avoid breakages
-      uses: gradle/actions/setup-gradle@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0
+      uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
      env:
        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
      with:
-        gradle-version: "8.11"
+        gradle-version: '8.14'
+
+    - name: Install npm dependencies
+      run: |
+        npm clean-install
+      working-directory: sources

    - name: Check formatting and compile
      run: |
-        npm clean-install
        npm run check
        npm run compile
      working-directory: sources
+      env:
+        NODE_OPTIONS: '-r @gradle/develocity-agent/preload'
+        DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
+        DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'
+
    - name: Run unit tests
      run: |
        npm test
      working-directory: sources
+      env:
+        NODE_OPTIONS: '-r @gradle/develocity-agent/preload'
+        DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
+        DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'
--- a/.github/workflows/ci-check-no-dist-update.yml
+++ b/.github/workflows/ci-check-no-dist-update.yml
@@ -21,7 +21,7 @@ jobs:

    - name: Get changed files
      id: changed-files
-      uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45.0.4
+      uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
      with:
        files: |
          dist/**
--- a/.github/workflows/ci-codeql.yml
+++ b/.github/workflows/ci-codeql.yml
@@ -35,7 +35,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+      uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
      with:
        languages: ${{ matrix.language }}
        config: |
@@ -43,4 +43,4 @@ jobs:
          - sources/src

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+      uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
--- a/.github/workflows/ci-combine-bot-prs.yml
+++ b/.github/workflows/ci-combine-bot-prs.yml
@@ -0,0 +1,24 @@
+name: Combine Bot PRs
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  combine-wrapperbot-prs:
+    permissions:
+      contents: write
+      pull-requests: write
+      checks: read
+    if: github.repository == 'gradle/actions'
+    runs-on: ubuntu-latest
+    steps:
+      - name: combine-wrapperbot-prs
+        uses: github/combine-prs@2909f404763c3177a456e052bdb7f2e85d3a7cb3 # v5.2.0
+        with:
+          branch_prefix: wrapperbot
+          combine_branch_name: wrapperbot/combined-wrapper-updates
+          pr_title: 'Bump Gradle Wrappers'
+          ci_required: "false"
--- a/.github/workflows/ci-init-script-check.yml
+++ b/.github/workflows/ci-init-script-check.yml
@@ -24,13 +24,13 @@ jobs:
    - name: Checkout sources
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
    - name: Setup Java
-      uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+      uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
      with:
        distribution: temurin
        java-version: 11
    - name: Setup Gradle
      # Use a released version to avoid breakages
-      uses: gradle/actions/setup-gradle@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0
+      uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
      env:
        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
    - name: Run integration tests
--- a/.github/workflows/ci-integ-test-full.yml
+++ b/.github/workflows/ci-integ-test-full.yml
@@ -3,6 +3,8 @@ name: CI-integ-test-full
 on:
  workflow_dispatch:
  push:
+    branches:
+    - 'main'
    paths:
    - 'dist/**'

--- a/.github/workflows/ci-ossf-scorecard.yml
+++ b/.github/workflows/ci-ossf-scorecard.yml
@@ -27,7 +27,7 @@ jobs:
          show-progress: false

      - name: 'Run analysis'
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
        with:
          results_file: results.sarif
          results_format: sarif
@@ -44,7 +44,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: 'Upload artifact'
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: SARIF file
          path: results.sarif
@@ -52,6 +52,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
        with:
          sarif_file: results.sarif
--- a/.github/workflows/ci-update-dist.yml
+++ b/.github/workflows/ci-update-dist.yml
@@ -5,6 +5,7 @@ on:
  push:
    branches: 
    - 'main'
+    - 'prerelease/**'
    - 'release/**'
    paths-ignore:
    - 'dist/**'
@@ -27,28 +28,48 @@ jobs:
        token: ${{ secrets.BOT_GITHUB_TOKEN }}

    - name: Set up Node.js
-      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
      with:
        node-version: 20
        cache: npm
        cache-dependency-path: sources/package-lock.json

-    - name: Build distribution
+    - name: Install npm dependencies
      run: |
        npm clean-install
+      working-directory: sources
+
+    - name: Build distribution
+      run: |
        npm run check
        npm run compile
      working-directory: sources
+      env:
+        NODE_OPTIONS: '-r @gradle/develocity-agent/preload'
+        DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
+        DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'

    - name: Copy the generated sources/dist directory to the top-level dist
      run: |
        cp -r sources/dist .

+    - name: Import GPG key to sign commits
+      uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
+      with:
+        gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }}
+        passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}
+        git_user_signingkey: true
+        git_commit_gpgsign: true
+        git_config_global: true
+    
    # Commit and push changes; has no effect if the files did not change
    # Important: The push event will not trigger any other workflows, see
    # https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
    - name: Commit & push changes
-      uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1
+      uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
      with:
+        commit_author: bot-githubaction <bot-githubaction@gradle.com>
+        commit_user_name: bot-githubaction
+        commit_user_email: bot-githubaction@gradle.com
        commit_message: '[bot] Update dist directory'
        file_pattern: dist
--- a/.github/workflows/ci-validate-wrappers.yml
+++ b/.github/workflows/ci-validate-wrappers.yml
@@ -12,6 +12,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: gradle/actions/wrapper-validation@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0
+      - uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
        with:
          allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
--- a/.github/workflows/integ-test-build-scan-publish.yml
+++ b/.github/workflows/integ-test-build-scan-publish.yml
@@ -25,7 +25,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+        gradle: ['current', '7.6.2', '6.9.4', '5.6.4']
        os: ${{fromJSON(inputs.runner-os)}}
    runs-on: ${{ matrix.os }}
    steps:
@@ -41,8 +41,8 @@ jobs:
        cache-read-only: false # For testing, allow writing cache entries on non-default branches
        gradle-version: ${{ matrix.gradle }}
        build-scan-publish: true
-        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
-        build-scan-terms-of-use-agree: "yes"
+        build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service'
+        build-scan-terms-of-use-agree: 'yes'
    - name: Run Gradle build
      id: gradle
      working-directory: .github/workflow-samples/no-ge
--- a/.github/workflows/integ-test-dependency-graph.yml
+++ b/.github/workflows/integ-test-dependency-graph.yml
@@ -153,3 +153,40 @@ jobs:
            ls -l dependency-graph-reports
            exit 1
        fi        
+
+  dependency-graph-generate-submit-and-upload:
+    permissions:
+      contents: write
+    runs-on: "ubuntu-latest"
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./setup-gradle
+      with:
+        dependency-graph: generate-submit-and-upload
+    - name: Run gradle build
+      id: gradle-build
+      run: ./gradlew build
+      working-directory: .github/workflow-samples/groovy-dsl
+
+  dependency-graph-generate-submit-and-upload-check:
+    needs: [dependency-graph-generate-submit-and-upload]
+    runs-on: "ubuntu-latest"
+    steps:
+    - name: Download dependency-graph artifact
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+      with:
+        path: downloaded-dependency-graphs
+        pattern: dependency-graph_*dependency-graph-generate-submit-and-upload.json
+    - name: Check for downloaded dependency graphs
+      shell: bash
+      run: |
+        ls -A "${{ github.workspace }}/downloaded-dependency-graphs"
+        if [ -z "$(ls -A "${{ github.workspace }}/downloaded-dependency-graphs")" ]; then
+          echo "No dependency graph files found"
+          exit 1
+        fi
--- a/.github/workflows/integ-test-dependency-submission-failures.yml
+++ b/.github/workflows/integ-test-dependency-submission-failures.yml
@@ -63,7 +63,7 @@ jobs:
      id: gradle-build
      uses: ./dependency-submission
      with:
-        gradle-version: 7.0.1
+        gradle-version: '7.0.1'
        build-root-directory: .github/workflow-samples/groovy-dsl
      continue-on-error: true
    - name: Check step failed
--- a/.github/workflows/integ-test-dependency-submission.yml
+++ b/.github/workflows/integ-test-dependency-submission.yml
@@ -231,11 +231,11 @@ jobs:
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
-        gradle: [8.0.2, 7.6.4, 7.1.1, 6.9.4, 6.0.1, 5.6.4, 5.2.1]
+        gradle: ['8.0.2', '7.6.4', '7.1.1', '6.9.4', '6.0.1', '5.6.4', '5.2.1']
        include:
-          - gradle: 5.6.4
+          - gradle: '5.6.4'
            build-root-suffix: -gradle-5
-          - gradle: 5.2.1
+          - gradle: '5.2.1'
            build-root-suffix: -gradle-5
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/integ-test-detect-toolchains.yml
+++ b/.github/workflows/integ-test-detect-toolchains.yml
@@ -65,12 +65,12 @@ jobs:
      uses: ./.github/actions/init-integ-test

    - name: Setup Java 20
-      uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+      uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
      with:
        distribution: 'temurin'
        java-version: 20
    - name: Setup Java 16
-      uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+      uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
      with:
        distribution: 'temurin'
        java-version: 16
--- a/.github/workflows/integ-test-inject-develocity.yml
+++ b/.github/workflows/integ-test-inject-develocity.yml
@@ -25,25 +25,25 @@ permissions:

 jobs:
  inject-develocity:
-    env:
-      DEVELOCITY_INJECTION_ENABLED: true
-      DEVELOCITY_URL: https://ge.solutions-team.gradle.com
-      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
-      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0.2'
-      ${{matrix.accessKeyEnv}}: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
    strategy:
      fail-fast: false
      matrix:
-        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+        gradle: ['current', '7.6.2', '6.9.4', '5.6.4']
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.18.2]
+        plugin-version: ['3.16.2', '4.0.1']
        include:
-        - plugin-version: 3.16.2
+        - plugin-version: '3.16.2'
          accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
-        - plugin-version: 3.18.2
+        - plugin-version: '4.0.1'
          accessKeyEnv: DEVELOCITY_ACCESS_KEY
-
    runs-on: ${{ matrix.os }}
+    env:
+      DEVELOCITY_INJECTION_ENABLED: true
+      DEVELOCITY_INJECTION_URL: https://ge.solutions-team.gradle.com
+      DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.2.1'
+      ${{matrix.accessKeyEnv}}: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+
    steps:
    - name: Checkout sources
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -74,15 +74,15 @@ jobs:
  inject-develocity-with-access-key:
    env:
      DEVELOCITY_INJECTION_ENABLED: true
-      DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
-      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
-      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0.2'
+      DEVELOCITY_INJECTION_URL: 'https://ge.solutions-team.gradle.com'
+      DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.2.1'
    strategy:
      fail-fast: false
      matrix:
-        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+        gradle: ['current', '7.6.2', '6.9.4', '5.6.4']
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.18.2]
+        plugin-version: ['3.16.2', '4.0.1']
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout sources
@@ -115,18 +115,18 @@ jobs:
  inject-develocity-short-lived-token-failed:
    env:
      DEVELOCITY_INJECTION_ENABLED: true
-      DEVELOCITY_URL: 'https://localhost:3333/'
-      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
-      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0.2'
+      DEVELOCITY_INJECTION_URL: 'https://localhost:3333/'
+      DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.1'
      # Access key also set as an env var, we want to check it does not leak
      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
    strategy:
      fail-fast: false
      matrix:
-        gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
+        gradle: ['current', '7.6.2', '6.9.4', '5.6.4']
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.18.2 ]
+        plugin-version: [ '3.16.2', '4.0.1' ]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout sources
@@ -155,9 +155,9 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
+        gradle: ['current', '7.6.2', '6.9.4', '5.6.4']
        os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.18.2 ]
+        plugin-version: [ '3.16.2', '4.0.1' ]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout sources
--- a/.github/workflows/integ-test-provision-gradle-versions.yml
+++ b/.github/workflows/integ-test-provision-gradle-versions.yml
@@ -41,14 +41,14 @@ jobs:
      uses: ./setup-gradle
      with:
        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        gradle-version: 6.9
+        gradle-version: '6.9'
    - name: Test uses Gradle v6.9
      working-directory: .github/workflow-samples/no-wrapper
      run: gradle help "-DgradleVersionCheck=6.9"
    - name: Setup Gradle with v7.1.1
      uses: ./setup-gradle
      with:
-        gradle-version: 7.1.1
+        gradle-version: '7.1.1'
    - name: Test uses Gradle v7.1.1
      working-directory: .github/workflow-samples/no-wrapper
      run: gradle help "-DgradleVersionCheck=7.1.1"
@@ -78,20 +78,20 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        gradle: ["8.11", 8.9, 8.1, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1]
+        gradle: ['8.14', '8.12', '8.12-rc-1', '8.9', '8.1', '7.6.4', '6.9.4', '5.6.4', '4.10.3', '3.5.1']
        os: ${{fromJSON(inputs.runner-os)}}
        include:
          - java-version: 11
-          - gradle: 5.6.4
+          - gradle: '5.6.4'
            build-root-suffix: -gradle-5
-          - gradle: 4.10.3
+          - gradle: '4.10.3'
            build-root-suffix: -gradle-4
-          - gradle: 3.5.1
+          - gradle: '3.5.1'
            build-root-suffix: -gradle-4
            java-version: 8
        exclude:
          - os: macos-latest # Java 8 is not supported on macos-latest, so we cannot test Gradle 3.5.1
-            gradle: 3.5.1
+            gradle: '3.5.1'
    runs-on: ${{ matrix.os }}
    steps:
    - name: Checkout sources
@@ -100,7 +100,7 @@ jobs:
      uses: ./.github/actions/init-integ-test

    - name: Setup Java
-      uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+      uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
      with:
        distribution: temurin
        java-version: ${{ matrix.java-version }}
--- a/.github/workflows/update-checksums-file.yml
+++ b/.github/workflows/update-checksums-file.yml
@@ -22,7 +22,7 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Node.js
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 20
          cache: npm
@@ -37,11 +37,22 @@ jobs:
        run: node ../.github/workflows/update-checksums-file.js
        working-directory: sources

+      - name: Import GPG key to sign commits
+        uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
+        with:
+          gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_config_global: true
+
      # If there are no changes, this action will not create a pull request
      - name: Create or update pull request
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
          branch: bot/wrapper-checksums-update
+          author: bot-githubaction <bot-githubaction@gradle.com>
+          committer: bot-githubaction <bot-githubaction@gradle.com>
          commit-message: Update known wrapper checksums
          title: Update known wrapper checksums
          # Note: Unfortunately this action cannot trigger the regular workflows for the PR automatically, see
--- a/RELEASING.md
+++ b/RELEASING.md
@@ -12,15 +12,16 @@

 ## Release gradle/actions
 - Create a tag for the release. The tag should have the format `v4.1.0`
-  - From CLI: `git tag v4.1.0 && git push --tags`
+  - From CLI: `git tag -s -m "v4.1.0" v4.1.0 && git push --tags`
+  - Note that we sign the tag and set the commit message for the tag to the newly released version.
 - Go to https://github.com/gradle/actions/releases and "Draft new release"
  - Use the newly created tag and copy the tag name exactly as the release title.
  - Craft release notes content based on issues closed, PRs merged and commits
  - Include a Full changelog link in the format https://github.com/gradle/actions/compare/v2.12.0...v3.0.0
 - Publish the release.
 - Force push the `v4` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
-  - From CLI: `git tag -f -a -m "v4.0.0" v4 v4.0.0 && git push -f --tags`
-  - Note that we set the commit message for the tag to the newly released version.
+  - From CLI: `git tag -f -s -a -m "v4.0.0" v4 v4.0.0 && git push -f --tags`
+  - Note that we sign the tag and set the commit message for the tag to the newly released version.

 ## Post release steps

--- a/10
+++ b/10
@@ -2,6 +2,12 @@

 cd sources

+if [[ -f ~/.gradle/develocity/keys.properties ]]; then
+    export NODE_OPTIONS='-r @gradle/develocity-agent/preload'
+    export DEVELOCITY_URL=https://ge.solutions-team.gradle.com
+    export DEVELOCITY_ACCESS_KEY=$(paste -sd ';' ~/.gradle/develocity/keys.properties)
+fi
+
 case "$1" in
    all)
        npm run all
@@ -30,6 +36,10 @@ case "$1" in
        npm clean-install
        npm run build
        ;;
+    test)
+        shift
+        npm test -- $@
+        ;;
    *)
        npm run build
        ;;
--- a/dependency-submission/action.yml
+++ b/dependency-submission/action.yml
@@ -96,17 +96,20 @@ inputs:
  # Dependency Graph configuration
  dependency-graph:
    description: |
-      Specifies how the dependency-graph should be handled by this action. By default a dependency-graph will be generated and submitted.
+      Specifies how the dependency-graph should be handled by this action. 
+      By default a dependency-graph will be generated, submitted to the dependency-submission API, and saved as a workflow artifact.
      Valid values are:
-        'generate-and-submit' (default): Generates a dependency graph for the project and submits it in the same Job.
-        'generate-and-upload': Generates a dependency graph for the project and saves it as a workflow artifact.
+        'generate-and-submit': Generates a dependency graph for the project and submits it in the same Job.
+        'generate-submit-and-upload (default)': As per 'generate-and-submit', but also saves the dependency graph as a workflow artifact.
+        'generate-and-upload': Generates a dependency graph for the project and saves it as a workflow artifact. Does not submit it to the repository.
        'download-and-submit': Retrieves a previously saved dependency-graph and submits it to the repository.

+      Use `generate-and-submit` if you prefer not to save the dependency-graph as a workflow artifact.
      The `generate-and-upload` and `download-and-submit` options are designed to be used in an untrusted workflow scenario,
      where the workflow generating the dependency-graph cannot (or should not) be given the `contents: write` permissions
      required to submit via the Dependency Submission API.
    required: false
-    default: 'generate-and-submit'
+    default: 'generate-submit-and-upload'

  dependency-graph-report-dir:
    description: |
@@ -147,7 +150,6 @@ inputs:
  artifact-retention-days:
    description: Specifies the number of days to retain any artifacts generated by the action. If not set, the default retention settings for the repository will apply.
    required: false
-    default: 1

  # Build Scan configuration
  build-scan-publish:
--- a/dist/dependency-submission/main/index.js
+++ b/dist/dependency-submission/main/index.js
--- a/dist/dependency-submission/main/index.js.map
+++ b/dist/dependency-submission/main/index.js.map
--- a/dist/dependency-submission/post/index.js
+++ b/dist/dependency-submission/post/index.js
--- a/dist/dependency-submission/post/index.js.map
+++ b/dist/dependency-submission/post/index.js.map
--- a/dist/setup-gradle/main/index.js
+++ b/dist/setup-gradle/main/index.js
--- a/dist/setup-gradle/main/index.js.map
+++ b/dist/setup-gradle/main/index.js.map
--- a/dist/setup-gradle/post/index.js
+++ b/dist/setup-gradle/post/index.js
--- a/dist/setup-gradle/post/index.js.map
+++ b/dist/setup-gradle/post/index.js.map
--- a/dist/wrapper-validation/main/index.js
+++ b/dist/wrapper-validation/main/index.js
--- a/dist/wrapper-validation/main/index.js.map
+++ b/dist/wrapper-validation/main/index.js.map
--- a/docs/dependency-submission.md
+++ b/docs/dependency-submission.md
@@ -86,7 +86,7 @@ In some cases, the default action configuration will not be sufficient, and addi
      uses: gradle/actions/dependency-submission@v4
      with:
        # Use a particular Gradle version instead of the configured wrapper.
-        gradle-version: 8.6
+        gradle-version: '8.6'

        # The gradle project is not in the root of the repository.
        build-root-directory: my-gradle-project
@@ -103,6 +103,9 @@ In some cases, the default action configuration will not be sufficient, and addi
        # Do not attempt to submit the dependency-graph. Save it as a workflow artifact.
        dependency-graph: generate-and-upload

+        # Change the number of days that workflow artifacts are retained. (Default is 30 days).
+        artifact-retention-days: 5
+
        # Specify the location where dependency graph files will be generated.
        dependency-graph-report-dir: custom-report-dir

@@ -118,6 +121,29 @@ The `GitHub Dependency Graph Gradle Plugin` can be further
 These will be automatically set by the `dependency-submission` action, but you may override these values 
 by setting them explicitly in your workflow file.

+### Reducing storage costs for saved dependency graph artifacts
+
+By default, the dependency graph that is generated is stored as a workflow artifact.
+To reduce storage costs for these artifacts, you can:
+
+1. Set the `artifact-retention-days`:
+
+```yaml
+    - name: Generate dependency graph but only store workflow artifacts for 1 day
+      uses: gradle/actions/dependency-submission@v4
+      with:
+        artifact-retention-days: 1 # Default is 30 days or as configured for repository
+```
+
+2. Disable storing dependency-graph artifacts using `generate-and-submit`
+
+```yaml
+    - name: Generate and submit dependency graph but do not store as workflow artifact
+      uses: gradle/actions/dependency-submission@v4
+      with:
+        dependency-graph: 'generate-and-submit' # Default value is 'generate-submit-and-upload'
+```
+
 # Resolving a dependency vulnerability

 ## Finding the source of a dependency vulnerability
@@ -276,7 +302,7 @@ For example, if you want to exclude dependencies resolved by the `buildSrc` proj
      uses: gradle/actions/dependency-submission@v4
      with:
        # Exclude all dependencies that originate solely in the 'buildSrc' project
-        dependency-graph-exclude-projets: ':buildSrc'
+        dependency-graph-exclude-projects: ':buildSrc'
        # Exclude dependencies that are only resolved in test classpaths
        dependency-graph-exclude-configurations: '.*[Tt]est(Compile|Runtime)Classpath'
 ```
@@ -295,12 +321,19 @@ The GitHub [dependency-review-action](https://github.com/actions/dependency-revi
 understand dependency changes (and the security impact of these changes) for a pull request,
 by comparing the dependency graph for the pull-request with that of the HEAD commit.

-Example of a pull request workflow that executes a build for a pull request and runs the `dependency-review-action`:
+Integrating the Dependency Review Action requires 2 changes to your workflows:
+
+#### 1. Add a `pull_request` trigger to your existing Dependency Submission workflow.
+
+In order to perform Dependency Review on a pull request, the dependency graph must be submitted for the pull request.
+To do this, simply add a `pull_request` trigger to your existing dependency submission workflow.

 ```yaml
-name: Dependency review for pull requests
+name: Dependency Submission

 on:
+  push:
+    branches: [ 'main' ]
  pull_request:

 permissions:
@@ -318,11 +351,37 @@ jobs:

    - name: Generate and submit dependency graph
      uses: gradle/actions/dependency-submission@v4
-
-    - name: Perform dependency review
-      uses: actions/dependency-review-action@v4
 ```

+#### 2. Add a dedicated Dependency Review workflow
+
+The Dependency Review workflow will be triggered directly on `pull_request`, but will wait until the dependency graph results are
+submitted before the dependency review can complete. The period to wait is controlled by the `retry-on-snapshot-warnings` input parameters.
+
+Here's an example of a separate "Dependency Review" workflow that will wait up to 10 minutes for dependency submission to complete.
+
+```yaml
+name: Dependency Review
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Dependency Review'
+      uses: actions/dependency-review-action@v4
+      with:
+        retry-on-snapshot-warnings: true
+        retry-on-snapshot-warnings-timeout: 600
+```
+
+The `retry-on-snapshot-warnings-timeout` (in seconds) needs to be long enough to allow the modified dependency-submission workflow to complete.
+
 ## Usage with pull requests from public forked repositories

 This `contents: write` permission is [not available for any workflow that is triggered by a pull request submitted from a public forked repository](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token).
@@ -381,36 +440,6 @@ jobs:
        dependency-graph: download-and-submit # Download saved dependency-graph and submit
 ```

-### Integrating `dependency-review-action` for pull requests from public forked repositories
-
-To integrate the `dependency-review-action` into the pull request workflows above, a third workflow file is required.
-This workflow will be triggered directly on `pull_request`, but will wait until the dependency graph results are
-submitted before the dependency review can complete. The period to wait is controlled by the `retry-on-snapshot-warnings` input parameters.
-
-Here's an example of a separate "Dependency Review" workflow that will wait for 10 minutes for the above PR check workflow to complete.
-
-```yaml
-name: dependency-review
-
-on:
-  pull_request:
-
-permissions:
-  contents: read
-
-jobs:
-  dependency-review:
-    runs-on: ubuntu-latest
-    steps:
-    - name: 'Dependency Review'
-      uses: actions/dependency-review-action@v4
-      with:
-        retry-on-snapshot-warnings: true
-        retry-on-snapshot-warnings-timeout: 600
-```
-
-The `retry-on-snapshot-warnings-timeout` (in seconds) needs to be long enough to allow the entire `Generate and save dependency graph` and `Download and submit dependency graph` workflows (above) to complete.
-
 # Gradle version compatibility

 Dependency-graph generation is compatible with most versions of Gradle >= `5.2`, and is tested regularly against 
--- a/docs/deprecation-upgrade-guide.md
+++ b/docs/deprecation-upgrade-guide.md
@@ -101,7 +101,7 @@ The exact syntax depends on whether or not your project is configured with the [
 - name: Setup Gradle for a non-wrapper project
  uses: gradle/actions/setup-gradle@v4
  with:
-    gradle-version: "8.11"
+    gradle-version: '8.11'

 - name: Assemble the project
  run: gradle assemble
--- a/docs/setup-gradle.md
+++ b/docs/setup-gradle.md
@@ -60,7 +60,7 @@ Downloaded Gradle versions are stored in the GitHub Actions cache, to avoid havi
 - name: Setup Gradle 8.10
   uses: gradle/actions/setup-gradle@v4
   with:
-     gradle-version: "8.10" # Quotes required to prevent YAML converting to number
+     gradle-version: '8.10' # Quotes required to prevent YAML converting to number
  - name: Build with Gradle 8.10
    run: gradle build
 ```
@@ -127,6 +127,8 @@ cache-disabled: true

 By default, The `setup-gradle` action will only write to the cache from Jobs on the default (`main`/`master`) branch.
 Jobs on other branches will read entries from the cache but will not write updated entries.
+
+This setup is designed around [GitHub imposed restrictions on cache access](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache) and should work well in most scenarios.
 See [Optimizing cache effectiveness](#select-which-branches-should-write-to-the-cache) for a more detailed explanation.

 In some circumstances, it makes sense to change this default and configure a workflow Job to read existing cache entries but not to write changes back.
@@ -218,8 +220,8 @@ jobs:

    - uses: gradle/actions/setup-gradle@v4
      with:
-        gradle-version: 8.6
-        cache-encryption-key: ${{ secrets.GradleEncryptionKey }}
+        gradle-version: '8.6'
+        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
    - run: gradle build --configuration-cache
 ```

@@ -436,6 +438,15 @@ so that a Job Summary is never generated, or so that a Job Summary is only gener
 add-job-summary: 'on-failure' # Valid values are 'always' (default), 'never', and 'on-failure'
 ```

+### Excluding specific Gradle builds from Job Summary
+
+The Job Summary works by installing an init-script in Gradle User Home which will record details of any Gradle execution during the workflow.
+This means that any Gradle excecution sharing the same Gradle User Home will show up in the Job Summary, which may include Gradle executions 
+run as part of integration testing.
+
+To avoid having these test builds show up in the Job Summary, add the `GRADLE_ACTIONS_SKIP_BUILD_RESULT_CAPTURE=true` environment variable
+to the process that executes Gradle. This will stop the init-script from collecting any build results.
+
 ### Adding Job Summary as a Pull Request comment

 It is sometimes more convenient to view the results of a GitHub Actions Job directly from the Pull Request that triggered
@@ -463,7 +474,7 @@ jobs:
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@v4
      with:
-        add-job-summary-as-pr-comment: on-failure # Valid values are 'never' (default), 'always', and 'on-failure'
+        add-job-summary-as-pr-comment: 'on-failure' # Valid values are 'never' (default), 'always', and 'on-failure'

    - run: ./gradlew build --scan
 ```
@@ -664,7 +675,7 @@ jobs:
    - name: Run a build, resolving the 'dependency-graph' plugin from the plugin portal proxy
      run: ./gradlew build
      env:
-        GRADLE_PLUGIN_REPOSITORY_URL: "https://gradle-plugins-proxy.mycorp.com"
+        GRADLE_PLUGIN_REPOSITORY_URL: 'https://gradle-plugins-proxy.mycorp.com'

        # Set the following variables if your custom plugin repository requires authentication
        # GRADLE_PLUGIN_REPOSITORY_USERNAME: "username"
@@ -716,20 +727,6 @@ A known exception to this is that Gradle `7.0`, `7.0.1`, and `7.0.2` are not sup

 See [here](https://github.com/gradle/github-dependency-graph-gradle-plugin?tab=readme-ov-file#gradle-compatibility) for complete compatibility information.

-### Reducing storage costs for saved dependency graph artifacts
-
-When `generate` or `generate-and-submit` is used with the action, the dependency graph that is generated is stored as a workflow artifact.
-By default, these artifacts are retained for 30 days (or as configured for the repository).
-To reduce storage costs for these artifacts, you can set the `artifact-retention-days` value to a lower number.
-
-```yaml
-    - name: Generate dependency graph, but only retain artifact for one day
-      uses: gradle/actions/setup-gradle@v4
-      with:
-        dependency-graph: generate
-        artifact-retention-days: 1
-```
-
 # Develocity Build Scan® integration

 Publishing a Develocity Build Scan can be very helpful for Gradle builds run on GitHub Actions. Each Build Scan provides a
@@ -749,13 +746,16 @@ To publish to https://scans.gradle.com, you must specify in your workflow that y
      uses: gradle/actions/setup-gradle@v4
      with:
        build-scan-publish: true
-        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
-        build-scan-terms-of-use-agree: "yes"
+        build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service'
+        build-scan-terms-of-use-agree: 'yes'

    - name: Run a Gradle build - a build scan will be published automatically
      run: ./gradlew build
 ```

+If your build is configured to [publish on demand](https://docs.gradle.com/develocity/gradle-plugin/current/#publishing_on_demand) 
+using `onlyIf { false }`, setting `build-scan-publish: true` will not force a scan to be published.
+
 ## Managing Develocity access keys

 Develocity access keys are long-lived, creating risks if they are leaked. To mitigate this risk this, 
@@ -786,7 +786,7 @@ To avoid this, use the `develocity-token-expiry` parameter to specify a differen
      uses: gradle/actions/setup-gradle@v4
      with:
        develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
-        develocity-token-expiry: 8 # The number of hours that the access token should remain valid (max 24).
+        develocity-token-expiry: '8' # The number of hours that the access token should remain valid (max 24).
 ```

 ### Develocity access key supplied as environment variable
@@ -840,14 +840,14 @@ Here's a minimal example:
      uses: gradle/actions/setup-gradle@v4
      with:
        develocity-injection-enabled: true
-        develocity-url: https://develocity.your-server.com
-        develocity-plugin-version: 3.17.5
+        develocity-url: 'https://develocity.your-server.com'
+        develocity-plugin-version: '4.0'

    - name: Run a Gradle build with Develocity injection enabled
      run: ./gradlew build
 ```

-This configuration will automatically apply `v3.18.2` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+This configuration will automatically apply `v4.0.1` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.

 This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
 In the likely scenario that your Develocity server requires authentication, you will also need to pass a valid [Develocity access key](https://docs.gradle.com/develocity/gradle-plugin/#via_environment_variable) taken from a secret:
@@ -860,10 +860,10 @@ In the likely scenario that your Develocity server requires authentication, you

    - name: Run a Gradle build with Develocity injection enabled
      run: ./gradlew build
-      env:
-        DEVELOCITY_INJECTION_ENABLED: true
-        DEVELOCITY_URL: https://develocity.your-server.com
-        DEVELOCITY_PLUGIN_VERSION: 3.17
+      with:
+        develocity-injection-enabled: true
+        develocity-url: 'https://develocity.your-server.com'
+        develocity-plugin-version: '4.0'
 ```

 This access key will be used during the action execution to get a short-lived token and set it to the DEVELOCITY_ACCESS_KEY environment variable.
@@ -873,7 +873,7 @@ This access key will be used during the action execution to get a short-lived to
 The `init-script` supports several additional configuration parameters that you may find useful. All configuration options (required and optional) are detailed below:

 | Variable                             | Required | Description                                                                                                                                                             |
-|--------------------------------------| --- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|--------------------------------------| :---: |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | develocity-injection-enabled         | :white_check_mark: | enables Develocity injection                                                                                                                                            |
 | develocity-url                       | :white_check_mark: | the URL of the Develocity server                                                                                                                                        |
 | develocity-allow-untrusted-server    | | allow communication with an untrusted server; set to _true_ if your Develocity instance is using a self-signed certificate                                              |
@@ -887,18 +887,18 @@ The `init-script` supports several additional configuration parameters that you

 The input parameters can be expressed as environment variables following the relationships outlined in the table below:

-| Input                                | Environment Variable                 |
-|--------------------------------------|--------------------------------------|
-| develocity-injection-enabled         | DEVELOCITY_INJECTION_ENABLED         |
-| develocity-url                       | DEVELOCITY_URL                       |
-| develocity-allow-untrusted-server    | DEVELOCITY_ALLOW_UNTRUSTED_SERVER    |
-| develocity-capture-file-fingerprints | DEVELOCITY_CAPTURE_FILE_FINGERPRINTS |
-| develocity-enforce-url               | DEVELOCITY_ENFORCE_URL               |
-| develocity-plugin-version            | DEVELOCITY_PLUGIN_VERSION            |
-| develocity-ccud-plugin-version       | DEVELOCITY_CCUD_PLUGIN_VERSION       |
-| gradle-plugin-repository-url         | GRADLE_PLUGIN_REPOSITORY_URL         |
-| gradle-plugin-repository-username    | GRADLE_PLUGIN_REPOSITORY_USERNAME    |
-| gradle-plugin-repository-password    | GRADLE_PLUGIN_REPOSITORY_PASSWORD    |
+| Input                                | Environment Variable                           |
+|--------------------------------------|------------------------------------------------|
+| develocity-injection-enabled         | DEVELOCITY_INJECTION_ENABLED                   |
+| develocity-url                       | DEVELOCITY_INJECTION_URL                       |
+| develocity-enforce-url               | DEVELOCITY_INJECTION_ENFORCE_URL               |
+| develocity-allow-untrusted-server    | DEVELOCITY_INJECTION_ALLOW_UNTRUSTED_SERVER    |
+| develocity-capture-file-fingerprints | DEVELOCITY_INJECTION_CAPTURE_FILE_FINGERPRINTS |
+| develocity-plugin-version            | DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION |
+| develocity-ccud-plugin-version       | DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION       |
+| gradle-plugin-repository-url         | DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_URL     |
+| gradle-plugin-repository-username    | DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_USERNAME|
+| gradle-plugin-repository-password    | DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_PASSWORD|


 Here's an example using the env vars:
@@ -911,10 +911,10 @@ Here's an example using the env vars:
      run: ./gradlew build
      env:
        DEVELOCITY_INJECTION_ENABLED: true
-        DEVELOCITY_URL: https://develocity.your-server.com
-        DEVELOCITY_ENFORCE_URL: true
-        DEVELOCITY_PLUGIN_VERSION: "3.18.1"
-        DEVELOCITY_CCUD_PLUGIN_VERSION: "2.0.2"
+        DEVELOCITY_INJECTION_URL: https://develocity.your-server.com
+        DEVELOCITY_INJECTION_ENFORCE_URL: true
+        DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: '4.0'
+        DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.2.1'
 ```

 # Dependency verification
--- a/docs/wrapper-validation.md
+++ b/docs/wrapper-validation.md
@@ -102,7 +102,8 @@ A wrapper jar can fail validation for a few reasons:
 1. The wrapper is from a snapshot build of Gradle (nightly or release nightly) and you have not set `allow-snapshots`
   or `allow-snapshot-wrappers` to `true`.
 2. The wrapper jar is from a version of Gradle with an unverifiable wrapper jar (see below).
-3. The wrapper jar was not published by Gradle, and could be compromised.
+3. The wrapper jar is saved in Git LFS, and has not been correctly restored on checkout (see below).
+4. The wrapper jar was not published by Gradle, and could be compromised.

 If this GitHub action fails because a `gradle-wrapper.jar` was not published by Gradle,
 we highly recommend that you reach out to us at [security@gradle.com](mailto:security@gradle.com).
@@ -113,6 +114,17 @@ Wrapper Jars generated by Gradle versions `3.3` to `4.0` are not verifiable beca
 - If the Gradle version in `gradle-wrapper.properties` is outside of this range, you can regenerate the `gradle-wrapper.jar` by running `./gradlew wrapper`. This will generate a new, verifiable wrapper jar.
 - If you need to run your build with a version of Gradle between 3.3 and 4.0, you can use a newer version of Gradle to generate the `gradle-wrapper.jar`.

+#### Wrapper Jar stored with Git LFS
+If your repository is configured to store Wrapper Jars in Git Large File Storage (LFS), then you must include the configuration to correctly
+restore these Jars on checkout. Without this, only a pointer to the Wrapper Jar is restored, and the checksum verification will fail.
+
+```
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          lfs: true  # gradle-wrapper.jar verification will fail without this
+```
+
 ## Resources

 To learn more about verifying the Gradle Wrapper JAR locally, see our
--- a/setup-gradle/action.yml
+++ b/setup-gradle/action.yml
@@ -80,7 +80,7 @@ inputs:
  dependency-graph:
    description: |
      Specifies if a GitHub dependency snapshot should be generated for each Gradle build, and if so, how.
-      Valid values are 'disabled' (default), 'generate', 'generate-and-submit', 'generate-and-upload', and 'download-and-submit'.
+      Valid values are 'disabled' (default), 'generate', 'generate-and-submit', 'generate-submit-and-upload', 'generate-and-upload', and 'download-and-submit'.
    required: false
    default: 'disabled'

--- a/sources/.eslintignore
+++ b/sources/.eslintignore
@@ -1,3 +0,0 @@
-dist/
-lib/
-node_modules/
--- a/sources/.eslintrc.json
+++ b/sources/.eslintrc.json
@@ -1,57 +0,0 @@
-{
-    "plugins": ["jest", "@typescript-eslint"],
-    "extends": ["plugin:github/recommended"],
-    "parser": "@typescript-eslint/parser",
-    "parserOptions": {
-      "ecmaVersion": 9,
-      "sourceType": "module",
-      "project": "./tsconfig.json"
-    },
-    "rules": {
-      "eslint-comments/no-use": "off",
-      "import/no-namespace": "off",
-      "i18n-text/no-en": "off",
-      "no-unused-vars": "off",
-      "no-shadow": "off",
-      "sort-imports": "off",
-      "github/array-foreach": "off",
-      "@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }],
-      "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
-      "@typescript-eslint/no-require-imports": "error",
-      "@typescript-eslint/array-type": "error",
-      "@typescript-eslint/await-thenable": "error",
-      "camelcase": "off",
-      "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
-      "@typescript-eslint/func-call-spacing": ["error", "never"],
-      "@typescript-eslint/no-array-constructor": "error",
-      "@typescript-eslint/no-empty-interface": "error",
-      "@typescript-eslint/no-explicit-any": "error",
-      "@typescript-eslint/no-extraneous-class": "error",
-      "@typescript-eslint/no-for-in-array": "error",
-      "@typescript-eslint/no-inferrable-types": "error",
-      "@typescript-eslint/no-misused-new": "error",
-      "@typescript-eslint/no-namespace": "error", 
-      "@typescript-eslint/no-non-null-assertion": "off",
-      "@typescript-eslint/no-shadow": "error",
-      "@typescript-eslint/no-unnecessary-qualifier": "error",
-      "@typescript-eslint/no-unnecessary-type-assertion": "error",
-      "@typescript-eslint/no-useless-constructor": "error",
-      "@typescript-eslint/no-var-requires": "error",
-      "@typescript-eslint/prefer-for-of": "warn",
-      "@typescript-eslint/prefer-function-type": "warn",
-      "@typescript-eslint/prefer-includes": "error",
-      "@typescript-eslint/prefer-string-starts-ends-with": "error",
-      "@typescript-eslint/promise-function-async": "error",
-      "@typescript-eslint/require-array-sort-compare": ["error", {"ignoreStringArrays":  true}],
-      "@typescript-eslint/restrict-plus-operands": "error",
-      "semi": "off",
-      "@typescript-eslint/semi": ["error", "never"],
-      "@typescript-eslint/type-annotation-spacing": "error",
-      "@typescript-eslint/unbound-method": "error"
-    },
-    "env": {
-      "node": true,
-      "es6": true,
-      "jest/globals": true
-    }
-  }
--- a/sources/.tool-versions
+++ b/sources/.tool-versions
@@ -1,3 +1,3 @@
 # Configuration file for asdf version manager
-nodejs 20.10.0
-gradle 8.11
+nodejs 20.19.0
+gradle 8.14
--- a/sources/eslint.config.mjs
+++ b/sources/eslint.config.mjs
@@ -0,0 +1,70 @@
+import globals from "globals";
+import typescriptParser from "@typescript-eslint/parser";
+import typescriptPlugin from "@typescript-eslint/eslint-plugin";
+
+export default {
+
+    plugins: {
+        "@typescript-eslint": typescriptPlugin,
+    },
+
+    languageOptions: {
+        globals: {
+            ...globals.node,
+        },
+
+        ecmaVersion: 9,
+        sourceType: "module",
+
+        parser: typescriptParser,
+        parserOptions: {
+            project: "./tsconfig.json",
+        },
+    },
+
+    files: ['**/*.ts', '**/*.tsx'],
+
+    rules: {
+        camelcase: "off",
+        semi: "off",
+
+        "@typescript-eslint/explicit-member-accessibility": ["error", {
+            accessibility: "no-public",
+        }],
+
+        "@typescript-eslint/no-require-imports": "error",
+        "@typescript-eslint/array-type": "error",
+        "@typescript-eslint/await-thenable": "error",
+
+        "@typescript-eslint/explicit-function-return-type": ["error", {
+            allowExpressions: true,
+        }],
+
+        "@typescript-eslint/no-array-constructor": "error",
+        "@typescript-eslint/no-empty-interface": "error",
+        "@typescript-eslint/no-explicit-any": "error",
+        "@typescript-eslint/no-extraneous-class": "error",
+        "@typescript-eslint/no-for-in-array": "error",
+        "@typescript-eslint/no-inferrable-types": "error",
+        "@typescript-eslint/no-misused-new": "error",
+        "@typescript-eslint/no-namespace": "error",
+        "@typescript-eslint/no-non-null-assertion": "off",
+        "@typescript-eslint/no-shadow": "error",
+        "@typescript-eslint/no-unnecessary-qualifier": "error",
+        "@typescript-eslint/no-unnecessary-type-assertion": "error",
+        "@typescript-eslint/no-useless-constructor": "error",
+        "@typescript-eslint/no-var-requires": "error",
+        "@typescript-eslint/prefer-for-of": "warn",
+        "@typescript-eslint/prefer-function-type": "warn",
+        "@typescript-eslint/prefer-includes": "error",
+        "@typescript-eslint/prefer-string-starts-ends-with": "error",
+        "@typescript-eslint/promise-function-async": "error",
+
+        "@typescript-eslint/require-array-sort-compare": ["error", {
+            ignoreStringArrays: true,
+        }],
+
+        "@typescript-eslint/restrict-plus-operands": "error",
+        "@typescript-eslint/unbound-method": "error",
+    },
+};
--- a/sources/jest.config.js
+++ b/sources/jest.config.js
@@ -6,5 +6,9 @@ module.exports = {
  transform: {
    '^.+\\.ts$': 'ts-jest'
  },
+  reporters: [
+      'default',
+      '@gradle/develocity-agent/jest-reporter',
+  ],
  verbose: true
 }
--- a/sources/package-lock.json
+++ b/sources/package-lock.json
--- a/sources/package.json
+++ b/sources/package.json
@@ -32,40 +32,47 @@
  ],
  "license": "MIT",
  "dependencies": {
-    "@actions/artifact": "2.1.11",
-    "@actions/cache": "3.3.0",
+    "@actions/artifact": "2.3.2",
+    "@actions/cache": "4.0.3",
    "@actions/core": "1.11.1",
    "@actions/exec": "1.1.1",
-    "@actions/github": "6.0.0",
+    "@actions/github": "6.0.1",
    "@actions/glob": "0.5.0",
    "@actions/http-client": "2.2.3",
-    "@actions/tool-cache": "2.0.1",
-    "@octokit/rest": "21.0.2",
+    "@actions/tool-cache": "2.0.2",
    "@octokit/webhooks-types": "7.6.1",
-    "cheerio": "^1.0.0",
-    "semver": "7.6.3",
+    "cheerio": "1.0.0",
+    "semver": "7.7.2",
    "string-argv": "0.3.2",
-    "typed-rest-client": "2.1.0",
    "unhomoglyph": "1.0.6",
    "which": "5.0.0"
  },
  "devDependencies": {
+    "@gradle/develocity-agent": "https://develocity-npm-pkgs.gradle.com/gradle-develocity-agent-0.10.0.tgz",
+    "@jest/globals": "29.7.0",
    "@types/jest": "29.5.14",
-    "@types/node": "20.17.6",
-    "@types/unzipper": "0.10.10",
+    "@types/node": "20.17.46",
+    "@types/semver": "7.7.0",
+    "@types/unzipper": "0.10.11",
    "@types/which": "3.0.4",
-    "@typescript-eslint/parser": "7.18.0",
+    "@typescript-eslint/eslint-plugin": "8.32.1",
+    "@typescript-eslint/parser": "8.29.1",
    "@vercel/ncc": "0.38.3",
-    "eslint": "8.57.1",
-    "eslint-plugin-github": "5.0.2",
-    "eslint-plugin-jest": "28.9.0",
+    "dedent": "1.6.0",
+    "eslint": "9.24.0",
+    "globals": "16.1.0",
    "jest": "29.7.0",
-    "js-yaml": "4.1.0",
    "nock": "13.5.6",
    "npm-run-all": "4.1.5",
    "patch-package": "8.0.0",
-    "prettier": "3.3.3",
-    "ts-jest": "29.2.5",
-    "typescript": "5.6.3"
+    "prettier": "3.5.3",
+    "ts-jest": "29.3.2",
+    "typescript": "5.8.3"
+  },
+  "overrides": {
+    "@azure/logger": "1.1.4",
+    "@octokit/request": "8.4.1",
+    "@octokit/request-error": "5.1.1",
+    "@octokit/plugin-paginate-rest": "9.2.2"
  }
 }
--- a/sources/patches/@actions+cache+3.3.0.patch
+++ b/sources/patches/@actions+cache+3.3.0.patch
@@ -1,113 +0,0 @@
-diff --git a/node_modules/@actions/cache/lib/cache.d.ts b/node_modules/@actions/cache/lib/cache.d.ts
-index 4658366..b796e58 100644
--- a/node_modules/@actions/cache/lib/cache.d.ts
-+++ b/node_modules/@actions/cache/lib/cache.d.ts
-@@ -21,7 +21,7 @@ export declare function isFeatureAvailable(): boolean;
-  * @param enableCrossOsArchive an optional boolean enabled to restore on windows any cache created on any platform
-  * @returns string returns the key for the cache hit, otherwise returns undefined
-  */
-export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<string | undefined>;
-+export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry | undefined>;
- /**
-  * Saves a list of files with the specified key
-  *
-@@ -31,4 +31,12 @@ export declare function restoreCache(paths: string[], primaryKey: string, restor
-  * @param options cache upload options
-  * @returns number returns cacheId if the cache was saved successfully and throws an error if save fails
-  */
-export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<number>;
-+export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry>;
-+
-+// PATCHED: Add `CacheEntry` as return type for save/restore functions
-+// This allows us to track and report on cache entry sizes.
-+export declare class CacheEntry {
-+    key: string;
-+    size?: number;
-+    constructor(key: string, size?: number);
-+}
-diff --git a/node_modules/@actions/cache/lib/cache.js b/node_modules/@actions/cache/lib/cache.js
-index 9d636aa..a176bd7 100644
--- a/node_modules/@actions/cache/lib/cache.js
-+++ b/node_modules/@actions/cache/lib/cache.js
-@@ -127,18 +127,21 @@ function restoreCache(paths, primaryKey, restoreKeys, options, enableCrossOsArch
-             core.info(`Cache Size: ~${Math.round(archiveFileSize / (1024 * 1024))} MB (${archiveFileSize} B)`);
-             yield (0, tar_1.extractTar)(archivePath, compressionMethod);
-             core.info('Cache restored successfully');
-            return cacheEntry.cacheKey;
-        }
-        catch (error) {
-            const typedError = error;
-            if (typedError.name === ValidationError.name) {
-                throw error;
-            }
-            else {
-                // Supress all non-validation cache related errors because caching should be optional
-                core.warning(`Failed to restore: ${error.message}`);
-            }
-+
-+            // PATCHED - Return more inforamtion about restored entry
-+            return new CacheEntry(cacheEntry.cacheKey, archiveFileSize);;
-         }
-+        // PATCHED - propagate errors
-+        // catch (error) {
-+        //     const typedError = error;
-+        //     if (typedError.name === ValidationError.name) {
-+        //         throw error;
-+        //     }
-+        //     else {
-+        //         // Supress all non-validation cache related errors because caching should be optional
-+        //         core.warning(`Failed to restore: ${error.message}`);
-+        //     }
-+        // }
-         finally {
-             // Try to delete the archive to save space
-             try {
-@@ -206,19 +209,23 @@ function saveCache(paths, key, options, enableCrossOsArchive = false) {
-             }
-             core.debug(`Saving Cache (ID: ${cacheId})`);
-             yield cacheHttpClient.saveCache(cacheId, archivePath, options);
-+
-+            // PATCHED - Return more inforamtion about saved entry
-+            return new CacheEntry(key, archiveFileSize);
-         }
-        catch (error) {
-            const typedError = error;
-            if (typedError.name === ValidationError.name) {
-                throw error;
-            }
-            else if (typedError.name === ReserveCacheError.name) {
-                core.info(`Failed to save: ${typedError.message}`);
-            }
-            else {
-                core.warning(`Failed to save: ${typedError.message}`);
-            }
-        }
-+        // PATCHED - propagate errors
-+        // catch (error) {
-+        //     const typedError = error;
-+        //     if (typedError.name === ValidationError.name) {
-+        //         throw error;
-+        //     }
-+        //     else if (typedError.name === ReserveCacheError.name) {
-+        //         core.info(`Failed to save: ${typedError.message}`);
-+        //     }
-+        //     else {
-+        //         core.warning(`Failed to save: ${typedError.message}`);
-+        //     }
-+        // }
-         finally {
-             // Try to delete the archive to save space
-             try {
-@@ -232,4 +239,11 @@ function saveCache(paths, key, options, enableCrossOsArchive = false) {
-     });
- }
- exports.saveCache = saveCache;
-+class CacheEntry {
-+    constructor(key, size) {
-+        this.key = key;
-+        this.size = size;
-+    }
-+}
-+exports.CacheEntry = CacheEntry;
- //# sourceMappingURL=cache.js.map
-\ No newline at end of file
--- a/sources/patches/@actions+cache+4.0.3.patch
+++ b/sources/patches/@actions+cache+4.0.3.patch
@@ -0,0 +1,183 @@
+diff --git a/node_modules/@actions/cache/lib/cache.d.ts b/node_modules/@actions/cache/lib/cache.d.ts
+index ef0928b..4e2f570 100644
+--- a/node_modules/@actions/cache/lib/cache.d.ts
+++ b/node_modules/@actions/cache/lib/cache.d.ts
+@@ -21,7 +21,7 @@ export declare function isFeatureAvailable(): boolean;
+  * @param enableCrossOsArchive an optional boolean enabled to restore on windows any cache created on any platform
+  * @returns string returns the key for the cache hit, otherwise returns undefined
+  */
+-export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<string | undefined>;
+export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry | undefined>;
+ /**
+  * Saves a list of files with the specified key
+  *
+@@ -31,4 +31,12 @@ export declare function restoreCache(paths: string[], primaryKey: string, restor
+  * @param options cache upload options
+  * @returns number returns cacheId if the cache was saved successfully and throws an error if save fails
+  */
+-export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<number>;
+export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry>;
+
+// PATCHED: Add `CacheEntry` as return type for save/restore functions
+// This allows us to track and report on cache entry sizes.
+export declare class CacheEntry {
+    key: string;
+    size?: number;
+    constructor(key: string, size?: number);
+}
+\ No newline at end of file
+diff --git a/node_modules/@actions/cache/lib/cache.js b/node_modules/@actions/cache/lib/cache.js
+index e9e45c9..336733b 100644
+--- a/node_modules/@actions/cache/lib/cache.js
+++ b/node_modules/@actions/cache/lib/cache.js
+@@ -154,18 +154,21 @@ function restoreCacheV1(paths, primaryKey, restoreKeys, options, enableCrossOsAr
+             core.info(`Cache Size: ~${Math.round(archiveFileSize / (1024 * 1024))} MB (${archiveFileSize} B)`);
+             yield (0, tar_1.extractTar)(archivePath, compressionMethod);
+             core.info('Cache restored successfully');
+-            return cacheEntry.cacheKey;
+-        }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else {
+-                // Supress all non-validation cache related errors because caching should be optional
+-                core.warning(`Failed to restore: ${error.message}`);
+-            }
+
+            // PATCHED - Include size of restored entry
+            return new CacheEntry(cacheEntry.cacheKey, archiveFileSize);;
+         }
+            // PATCHED - propagate errors
+            // catch (error) {
+            //     const typedError = error;
+            //     if (typedError.name === ValidationError.name) {
+            //         throw error;
+            //     }
+            //     else {
+            //         // Supress all non-validation cache related errors because caching should be optional
+            //         core.warning(`Failed to restore: ${error.message}`);
+            //     }
+            // }
+         finally {
+             // Try to delete the archive to save space
+             try {
+@@ -232,18 +235,21 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
+             }
+             yield (0, tar_1.extractTar)(archivePath, compressionMethod);
+             core.info('Cache restored successfully');
+-            return response.matchedKey;
+-        }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else {
+-                // Supress all non-validation cache related errors because caching should be optional
+-                core.warning(`Failed to restore: ${error.message}`);
+-            }
+
+            // PATCHED - Include size of restored entry
+            return new CacheEntry(response.matchedKey, archiveFileSize);;
+         }
+            // PATCHED - propagate errors
+            // catch (error) {
+            //     const typedError = error;
+            //     if (typedError.name === ValidationError.name) {
+            //         throw error;
+            //     }
+            //     else {
+            //         // Supress all non-validation cache related errors because caching should be optional
+            //         core.warning(`Failed to restore: ${error.message}`);
+            //     }
+            // }
+         finally {
+             try {
+                 if (archivePath) {
+@@ -334,19 +340,23 @@ function saveCacheV1(paths, key, options, enableCrossOsArchive = false) {
+             }
+             core.debug(`Saving Cache (ID: ${cacheId})`);
+             yield cacheHttpClient.saveCache(cacheId, archivePath, '', options);
+
+            // PATCHED - Include size of saved entry
+            return new CacheEntry(key, archiveFileSize);
+         }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else if (typedError.name === ReserveCacheError.name) {
+-                core.info(`Failed to save: ${typedError.message}`);
+-            }
+-            else {
+-                core.warning(`Failed to save: ${typedError.message}`);
+-            }
+-        }
+            // PATCHED - propagate errors
+            // catch (error) {
+            //     const typedError = error;
+            //     if (typedError.name === ValidationError.name) {
+            //         throw error;
+            //     }
+            //     else if (typedError.name === ReserveCacheError.name) {
+            //         core.info(`Failed to save: ${typedError.message}`);
+            //     }
+            //     else {
+            //         core.warning(`Failed to save: ${typedError.message}`);
+            //     }
+            // }
+         finally {
+             // Try to delete the archive to save space
+             try {
+@@ -430,19 +440,23 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
+                 throw new Error(`Unable to finalize cache with key ${key}, another job may be finalizing this cache.`);
+             }
+             cacheId = parseInt(finalizeResponse.entryId);
+
+            // PATCHED - Include size of saved entry
+            return new CacheEntry(key, archiveFileSize);
+         }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else if (typedError.name === ReserveCacheError.name) {
+-                core.info(`Failed to save: ${typedError.message}`);
+-            }
+-            else {
+-                core.warning(`Failed to save: ${typedError.message}`);
+-            }
+-        }
+            // PATCHED - propagate errors
+            // catch (error) {
+            //     const typedError = error;
+            //     if (typedError.name === ValidationError.name) {
+            //         throw error;
+            //     }
+            //     else if (typedError.name === ReserveCacheError.name) {
+            //         core.info(`Failed to save: ${typedError.message}`);
+            //     }
+            //     else {
+            //         core.warning(`Failed to save: ${typedError.message}`);
+            //     }
+            // }
+         finally {
+             // Try to delete the archive to save space
+             try {
+@@ -455,4 +469,11 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
+         return cacheId;
+     });
+ }
+// PATCHED - CacheEntry class
+class CacheEntry {
+    constructor(key, size) {
+        this.key = key;
+        this.size = size;
+    }
+}
+ //# sourceMappingURL=cache.js.map
+\ No newline at end of file
--- a/sources/patches/@azure+logger+1.0.4.patch
+++ b/sources/patches/@azure+logger+1.0.4.patch
@@ -1,48 +0,0 @@
-diff --git a/node_modules/@azure/logger/dist-esm/src/debug.js b/node_modules/@azure/logger/dist-esm/src/debug.js
-index d202779..30e8313 100644
--- a/node_modules/@azure/logger/dist-esm/src/debug.js
-+++ b/node_modules/@azure/logger/dist-esm/src/debug.js
-@@ -7,7 +7,7 @@ let enabledNamespaces = [];
- let skippedNamespaces = [];
- const debuggers = [];
- if (debugEnvVariable) {
-    enable(debugEnvVariable);
-+    // enable(debugEnvVariable);
- }
- const debugObj = Object.assign((namespace) => {
-     return createDebugger(namespace);
-diff --git a/node_modules/@azure/logger/dist-esm/src/index.js b/node_modules/@azure/logger/dist-esm/src/index.js
-index cc25720..2925db5 100644
--- a/node_modules/@azure/logger/dist-esm/src/index.js
-+++ b/node_modules/@azure/logger/dist-esm/src/index.js
-@@ -20,7 +20,7 @@ if (logLevelFromEnv) {
-         setLogLevel(logLevelFromEnv);
-     }
-     else {
-        console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
-+        console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
-     }
- }
- /**
-diff --git a/node_modules/@azure/logger/dist/index.js b/node_modules/@azure/logger/dist/index.js
-index 81e97c3..a415e2f 100644
--- a/node_modules/@azure/logger/dist/index.js
-+++ b/node_modules/@azure/logger/dist/index.js
-@@ -21,7 +21,7 @@ let enabledNamespaces = [];
- let skippedNamespaces = [];
- const debuggers = [];
- if (debugEnvVariable) {
-    enable(debugEnvVariable);
-+    // enable(debugEnvVariable);
- }
- const debugObj = Object.assign((namespace) => {
-     return createDebugger(namespace);
-@@ -125,7 +125,7 @@ if (logLevelFromEnv) {
-         setLogLevel(logLevelFromEnv);
-     }
-     else {
-        console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
-+        console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
-     }
- }
- /**
--- a/sources/src/build-results.ts
+++ b/sources/src/build-results.ts
@@ -1,5 +1,6 @@
 import * as fs from 'fs'
 import * as path from 'path'
+import {versionIsAtLeast} from './execution/gradle'

 export interface BuildResult {
    get rootProjectName(): string
@@ -32,6 +33,18 @@ export class BuildResults {
        const allHomes = this.results.map(buildResult => buildResult.gradleHomeDir)
        return Array.from(new Set(allHomes))
    }
+
+    highestGradleVersion(): string | null {
+        if (this.results.length === 0) {
+            return null
+        }
+        return this.results
+            .map(result => result.gradleVersion)
+            .reduce((maxVersion: string, currentVersion: string) => {
+                if (!maxVersion) return currentVersion
+                return versionIsAtLeast(currentVersion, maxVersion) ? currentVersion : maxVersion
+            })
+    }
 }

 export function loadBuildResults(): BuildResults {
--- a/sources/src/caching/cache-cleaner.ts
+++ b/sources/src/caching/cache-cleaner.ts
@@ -4,6 +4,9 @@ import * as exec from '@actions/exec'
 import fs from 'fs'
 import path from 'path'
 import * as provisioner from '../execution/provision'
+import {BuildResult, BuildResults} from '../build-results'
+import {versionIsAtLeast} from '../execution/gradle'
+import {gradleWrapperScript} from '../execution/gradlew'

 export class CacheCleaner {
    private readonly gradleUserHome: string
@@ -21,13 +24,51 @@ export class CacheCleaner {
        return timestamp
    }

-    async forceCleanup(): Promise<void> {
+    async forceCleanup(buildResults: BuildResults): Promise<void> {
+        const executable = await this.gradleExecutableForCleanup(buildResults)
        const cleanTimestamp = core.getState('clean-timestamp')
-        await this.forceCleanupFilesOlderThan(cleanTimestamp)
+        await this.forceCleanupFilesOlderThan(cleanTimestamp, executable)
+    }
+
+    /**
+     * Attempt to use the newest Gradle version that was used to run a build, at least 8.11.
+     *
+     * This will avoid the need to provision a Gradle version for the cleanup when not necessary.
+     */
+    private async gradleExecutableForCleanup(buildResults: BuildResults): Promise<string> {
+        const preferredVersion = buildResults.highestGradleVersion()
+        if (preferredVersion && versionIsAtLeast(preferredVersion, '8.11')) {
+            try {
+                const wrapperScripts = buildResults.results
+                    .map(result => this.findGradleWrapperScript(result))
+                    .filter(Boolean) as string[]
+
+                return await provisioner.provisionGradleWithVersionAtLeast(preferredVersion, wrapperScripts)
+            } catch (_) {
+                // Ignore the case where the preferred version cannot be located in https://services.gradle.org/versions/all.
+                // This can happen for snapshot Gradle versions.
+                core.info(
+                    `Failed to provision Gradle ${preferredVersion} for cache cleanup. Falling back to default version.`
+                )
+            }
+        }
+
+        // Fallback to the minimum version required for cache-cleanup
+        return await provisioner.provisionGradleWithVersionAtLeast('8.11')
+    }
+
+    private findGradleWrapperScript(result: BuildResult): string | null {
+        try {
+            const wrapperScript = gradleWrapperScript(result.rootProjectDir)
+            return path.resolve(result.rootProjectDir, wrapperScript)
+        } catch (error) {
+            core.debug(`No Gradle Wrapper found for ${result.rootProjectName}: ${error}`)
+            return null
+        }
    }

    // Visible for testing
-    async forceCleanupFilesOlderThan(cleanTimestamp: string): Promise<void> {
+    async forceCleanupFilesOlderThan(cleanTimestamp: string, executable: string): Promise<void> {
        // Run a dummy Gradle build to trigger cache cleanup
        const cleanupProjectDir = path.resolve(this.tmpDir, 'dummy-cleanup-project')
        fs.mkdirSync(cleanupProjectDir, {recursive: true})
@@ -55,10 +96,6 @@ export class CacheCleaner {
        )
        fs.writeFileSync(path.resolve(cleanupProjectDir, 'build.gradle'), 'task("noop") {}')

-        // Gradle >= 8.11 required for cache cleanup
-        // TODO: This is ineffective: we should be using the newest version of Gradle that ran a build, or a newer version if it's available on PATH.
-        const executable = await provisioner.provisionGradleAtLeast('8.11')
-
        await core.group('Executing Gradle to clean up caches', async () => {
            core.info(`Cleaning up caches last used before ${cleanTimestamp}`)
            await this.executeCleanupBuild(executable, cleanupProjectDir)
@@ -76,6 +113,7 @@ export class CacheCleaner {
            '--no-scan',
            '--build-cache',
            '-DGITHUB_DEPENDENCY_GRAPH_ENABLED=false',
+            '-DGRADLE_ACTIONS_SKIP_BUILD_RESULT_CAPTURE=true',
            'noop'
        ]

--- a/sources/src/caching/cache-reporting.ts
+++ b/sources/src/caching/cache-reporting.ts
@@ -4,7 +4,7 @@ export const DEFAULT_CACHE_ENABLED_REASON = `[Cache was enabled](https://github.

 export const DEFAULT_READONLY_REASON = `[Cache was read-only](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#using-the-cache-read-only). By default, the action will only write to the cache for Jobs running on the default branch.`

-export const DEFAULT_DISABLED_REASON = `[Cache was disabled](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#disabling-caching) via action confiugration. Gradle User Home was not restored from or saved to the cache.`
+export const DEFAULT_DISABLED_REASON = `[Cache was disabled](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#disabling-caching) via action configuration. Gradle User Home was not restored from or saved to the cache.`

 export const DEFAULT_WRITEONLY_REASON = `[Cache was set to write-only](https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#using-the-cache-write-only) via action configuration. Gradle User Home was not restored from cache.`

--- a/sources/src/caching/caches.ts
+++ b/sources/src/caching/caches.ts
@@ -102,7 +102,7 @@ export async function save(
            cacheListener.setCacheCleanupDisabled(CLEANUP_DISABLED_DUE_TO_CONFIG_CACHE_HIT)
        } else if (cacheConfig.shouldPerformCacheCleanup(buildResults.anyFailed())) {
            cacheListener.setCacheCleanupEnabled()
-            await performCacheCleanup(gradleUserHome)
+            await performCacheCleanup(gradleUserHome, buildResults)
        } else {
            core.info('Not performing cache-cleanup due to build failure')
            cacheListener.setCacheCleanupDisabled(CLEANUP_DISABLED_DUE_TO_FAILURE)
@@ -114,10 +114,10 @@ export async function save(
    })
 }

-async function performCacheCleanup(gradleUserHome: string): Promise<void> {
+async function performCacheCleanup(gradleUserHome: string, buildResults: BuildResults): Promise<void> {
    const cacheCleaner = new CacheCleaner(gradleUserHome, process.env['RUNNER_TEMP']!)
    try {
-        await cacheCleaner.forceCleanup()
+        await cacheCleaner.forceCleanup(buildResults)
    } catch (e) {
        core.warning(`Cache cleanup failed. Will continue. ${String(e)}`)
    }
--- a/sources/src/caching/gradle-user-home-utils.ts
+++ b/sources/src/caching/gradle-user-home-utils.ts
@@ -13,34 +13,37 @@ export function readResourceFileAsString(...paths: string[]): string {
 * @VisibleForTesting
 */
 export function getPredefinedToolchains(): string | null {
-    const javaHomeEnvs: string[] = []
-    for (const javaHomeEnvsKey in process.env) {
-        if (javaHomeEnvsKey.startsWith('JAVA_HOME_')) {
-            javaHomeEnvs.push(javaHomeEnvsKey)
-        }
-    }
+    // Get the version and path for each JAVA_HOME env var
+    const javaHomeEnvs = Object.entries(process.env)
+        .filter(([key]) => key.startsWith('JAVA_HOME_') && process.env[key])
+        .map(([key, value]) => ({
+            jdkVersion: key.match(/JAVA_HOME_(\d+)_/)?.[1] ?? null,
+            jdkPath: value as string
+        }))
+        .filter(env => env.jdkVersion !== null)
+
    if (javaHomeEnvs.length === 0) {
        return null
    }
+
    // language=XML
-    let toolchainsXml = `<?xml version="1.0" encoding="UTF-8"?>
+    return `<?xml version="1.0" encoding="UTF-8"?>
 <toolchains>
 <!-- JDK Toolchains installed by default on GitHub-hosted runners -->
-`
-    for (const javaHomeEnv of javaHomeEnvs) {
-        const version = javaHomeEnv.match(/JAVA_HOME_(\d+)_/)?.[1]!
-        toolchainsXml += `  <toolchain>
+${javaHomeEnvs
+    .map(
+        ({jdkVersion, jdkPath}) => `  <toolchain>
    <type>jdk</type>
    <provides>
-      <version>${version}</version>
+      <version>${jdkVersion}</version>
    </provides>
    <configuration>
-      <jdkHome>\${env.${javaHomeEnv}}</jdkHome>
+      <jdkHome>${jdkPath}</jdkHome>
    </configuration>
-  </toolchain>\n`
-    }
-    toolchainsXml += `</toolchains>\n`
-    return toolchainsXml
+  </toolchain>`
+    )
+    .join('\n')}
+</toolchains>\n`
 }

 export function mergeToolchainContent(existingToolchainContent: string, preInstalledToolchains: string): string {
--- a/sources/src/configuration.ts
+++ b/sources/src/configuration.ts
@@ -20,13 +20,15 @@ export class DependencyGraphConfig {
                return DependencyGraphOption.Generate
            case 'generate-and-submit':
                return DependencyGraphOption.GenerateAndSubmit
+            case 'generate-submit-and-upload':
+                return DependencyGraphOption.GenerateSubmitAndUpload
            case 'generate-and-upload':
                return DependencyGraphOption.GenerateAndUpload
            case 'download-and-submit':
                return DependencyGraphOption.DownloadAndSubmit
        }
        throw TypeError(
-            `The value '${val}' is not valid for 'dependency-graph'. Valid values are: [disabled, generate, generate-and-submit, generate-and-upload, download-and-submit]. The default value is 'disabled'.`
+            `The value '${val}' is not valid for 'dependency-graph'. Valid values are: [disabled, generate, generate-and-submit, generate-submit-and-upload, generate-and-upload, download-and-submit].`
        )
    }

@@ -96,6 +98,7 @@ export enum DependencyGraphOption {
    Disabled = 'disabled',
    Generate = 'generate',
    GenerateAndSubmit = 'generate-and-submit',
+    GenerateSubmitAndUpload = 'generate-submit-and-upload',
    GenerateAndUpload = 'generate-and-upload',
    DownloadAndSubmit = 'download-and-submit'
 }
--- a/sources/src/dependency-graph.ts
+++ b/sources/src/dependency-graph.ts
@@ -3,7 +3,6 @@ import * as github from '@actions/github'
 import * as glob from '@actions/glob'
 import {DefaultArtifactClient} from '@actions/artifact'
 import {GitHub} from '@actions/github/lib/utils'
-import {RequestError} from '@octokit/request-error'
 import type {PullRequestEvent} from '@octokit/webhooks-types'

 import * as path from 'path'
@@ -60,7 +59,10 @@ export async function complete(config: DependencyGraphConfig): Promise<void> {
            case DependencyGraphOption.DownloadAndSubmit: // Performed in setup
                return
            case DependencyGraphOption.GenerateAndSubmit:
-                await findAndSubmitDependencyGraphs(config)
+                await findAndSubmitDependencyGraphs(config, false)
+                return
+            case DependencyGraphOption.GenerateSubmitAndUpload:
+                await findAndSubmitDependencyGraphs(config, true)
                return
            case DependencyGraphOption.GenerateAndUpload:
                await findAndUploadDependencyGraphs(config)
@@ -83,7 +85,7 @@ async function downloadAndSubmitDependencyGraphs(config: DependencyGraphConfig):
    }
 }

-async function findAndSubmitDependencyGraphs(config: DependencyGraphConfig): Promise<void> {
+async function findAndSubmitDependencyGraphs(config: DependencyGraphConfig, uploadAfterSubmit: boolean): Promise<void> {
    if (isRunningInActEnvironment()) {
        core.info('Dependency graph not supported in the ACT environment.')
        return
@@ -100,6 +102,10 @@ async function findAndSubmitDependencyGraphs(config: DependencyGraphConfig): Pro
        }
        throw e
    }
+
+    if (uploadAfterSubmit) {
+        await uploadDependencyGraphs(dependencyGraphFiles, config)
+    }
 }

 async function findAndUploadDependencyGraphs(config: DependencyGraphConfig): Promise<void> {
@@ -184,7 +190,7 @@ async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<v
        try {
            await submitDependencyGraphFile(dependencyGraphFile)
        } catch (error) {
-            if (error instanceof RequestError) {
+            if (error instanceof Error && error.name === 'HttpError') {
                error.message = translateErrorMessage(dependencyGraphFile, error)
            }
            throw error
@@ -192,7 +198,7 @@ async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<v
    }
 }

-function translateErrorMessage(jsonFile: string, error: RequestError): string {
+function translateErrorMessage(jsonFile: string, error: Error): string {
    const relativeJsonFile = getRelativePathFromWorkspace(jsonFile)
    const mainWarning = `Dependency submission failed for ${relativeJsonFile}.\n${error.message}`
    if (error.message === 'Resource not accessible by integration') {
--- a/sources/src/develocity/build-scan.ts
+++ b/sources/src/develocity/build-scan.ts
@@ -4,31 +4,47 @@ import {setupToken} from './short-lived-token'

 export async function setup(config: BuildScanConfig): Promise<void> {
    maybeExportVariable('DEVELOCITY_INJECTION_INIT_SCRIPT_NAME', 'gradle-actions.inject-develocity.init.gradle')
-    maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions')
+    maybeExportVariable('DEVELOCITY_INJECTION_CUSTOM_VALUE', 'gradle-actions')

    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_ENABLED', config.getDevelocityInjectionEnabled())
-    maybeExportVariableNotEmpty('DEVELOCITY_URL', config.getDevelocityUrl())
-    maybeExportVariableNotEmpty('DEVELOCITY_ALLOW_UNTRUSTED_SERVER', config.getDevelocityAllowUntrustedServer())
-    maybeExportVariableNotEmpty('DEVELOCITY_CAPTURE_FILE_FINGERPRINTS', config.getDevelocityCaptureFileFingerprints())
-    maybeExportVariableNotEmpty('DEVELOCITY_ENFORCE_URL', config.getDevelocityEnforceUrl())
-    maybeExportVariableNotEmpty('DEVELOCITY_PLUGIN_VERSION', config.getDevelocityPluginVersion())
-    maybeExportVariableNotEmpty('DEVELOCITY_CCUD_PLUGIN_VERSION', config.getDevelocityCcudPluginVersion())
-    maybeExportVariableNotEmpty('GRADLE_PLUGIN_REPOSITORY_URL', config.getGradlePluginRepositoryUrl())
-    maybeExportVariableNotEmpty('GRADLE_PLUGIN_REPOSITORY_USERNAME', config.getGradlePluginRepositoryUsername())
-    maybeExportVariableNotEmpty('GRADLE_PLUGIN_REPOSITORY_PASSWORD', config.getGradlePluginRepositoryPassword())
+    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_URL', config.getDevelocityUrl())
+    maybeExportVariableNotEmpty(
+        'DEVELOCITY_INJECTION_ALLOW_UNTRUSTED_SERVER',
+        config.getDevelocityAllowUntrustedServer()
+    )
+    maybeExportVariableNotEmpty(
+        'DEVELOCITY_INJECTION_CAPTURE_FILE_FINGERPRINTS',
+        config.getDevelocityCaptureFileFingerprints()
+    )
+    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_ENFORCE_URL', config.getDevelocityEnforceUrl())
+    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION', config.getDevelocityPluginVersion())
+    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION', config.getDevelocityCcudPluginVersion())
+    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION__PLUGIN_REPOSITORY_URL', config.getGradlePluginRepositoryUrl())
+    maybeExportVariableNotEmpty(
+        'DEVELOCITY_INJECTION__PLUGIN_REPOSITORY_USERNAME',
+        config.getGradlePluginRepositoryUsername()
+    )
+    maybeExportVariableNotEmpty(
+        'DEVELOCITY_INJECTION__PLUGIN_REPOSITORY_PASSWORD',
+        config.getGradlePluginRepositoryPassword()
+    )

    // If build-scan-publish is enabled, ensure the environment variables are set
    // The DEVELOCITY_PLUGIN_VERSION and DEVELOCITY_CCUD_PLUGIN_VERSION are set to the latest versions
    // except if they are defined in the configuration
    if (config.getBuildScanPublishEnabled()) {
        maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.18.2')
-        maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.0.2')
-        maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
-        maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())
+        maybeExportVariable('DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION', '4.0.1')
+        maybeExportVariable('DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION', '2.1')
+        maybeExportVariable('DEVELOCITY_INJECTION_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
+        maybeExportVariable('DEVELOCITY_INJECTION_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())
    }

-    return setupToken(config.getDevelocityAccessKey(), config.getDevelocityTokenExpiry())
+    return setupToken(
+        config.getDevelocityAccessKey(),
+        config.getDevelocityAllowUntrustedServer(),
+        config.getDevelocityTokenExpiry()
+    )
 }

 function maybeExportVariable(variableName: string, value: unknown): void {
--- a/sources/src/develocity/short-lived-token.ts
+++ b/sources/src/develocity/short-lived-token.ts
@@ -1,13 +1,17 @@
-import * as httpm from 'typed-rest-client/HttpClient'
 import * as core from '@actions/core'
+import * as httpm from '@actions/http-client'
 import {BuildScanConfig} from '../configuration'
 import {recordDeprecation} from '../deprecation-collector'

-export async function setupToken(develocityAccessKey: string, develocityTokenExpiry: string): Promise<void> {
+export async function setupToken(
+    develocityAccessKey: string,
+    develocityAllowUntrustedServer: boolean | undefined,
+    develocityTokenExpiry: string
+): Promise<void> {
    if (develocityAccessKey) {
        try {
            core.debug('Fetching short-lived token...')
-            const tokens = await getToken(develocityAccessKey, develocityTokenExpiry)
+            const tokens = await getToken(develocityAccessKey, develocityAllowUntrustedServer, develocityTokenExpiry)
            if (tokens != null && !tokens.isEmpty()) {
                core.debug(`Got token(s), setting the access key env vars`)
                const token = tokens.raw()
@@ -41,10 +45,14 @@ function handleMissingAccessToken(): void {
    }
 }

-export async function getToken(accessKey: string, expiry: string): Promise<DevelocityAccessCredentials | null> {
+export async function getToken(
+    accessKey: string,
+    allowUntrustedServer: undefined | boolean,
+    expiry: string
+): Promise<DevelocityAccessCredentials | null> {
    const empty: Promise<DevelocityAccessCredentials | null> = new Promise(r => r(null))
    const develocityAccessKey = DevelocityAccessCredentials.parse(accessKey)
-    const shortLivedTokenClient = new ShortLivedTokenClient()
+    const shortLivedTokenClient = new ShortLivedTokenClient(allowUntrustedServer)

    if (develocityAccessKey == null) {
        return empty
@@ -67,10 +75,16 @@ export async function getToken(accessKey: string, expiry: string): Promise<Devel
 }

 class ShortLivedTokenClient {
-    httpc = new httpm.HttpClient('gradle/actions/setup-gradle')
+    httpc: httpm.HttpClient
    maxRetries = 3
    retryInterval = 1000

+    constructor(develocityAllowUntrustedServer: boolean | undefined) {
+        this.httpc = new httpm.HttpClient('gradle/actions/setup-gradle', undefined, {
+            ignoreSslError: develocityAllowUntrustedServer
+        })
+    }
+
    async fetchToken(serverUrl: string, accessKey: HostnameAccessKey, expiry: string): Promise<HostnameAccessKey> {
        const queryParams = expiry ? `?expiresInHours=${expiry}` : ''
        const sanitizedServerUrl = !serverUrl.endsWith('/') ? `${serverUrl}/` : serverUrl
@@ -92,7 +106,7 @@ class ShortLivedTokenClient {
                // This should be only 404
                attempts++
                if (attempts === this.maxRetries) {
-                    return new Promise((resolve, reject) =>
+                    return new Promise((_resolve, reject) =>
                        reject(
                            new Error(
                                `Develocity short lived token request failed ${serverUrl} with status code ${response.message.statusCode}`
@@ -103,12 +117,12 @@ class ShortLivedTokenClient {
            } catch (error) {
                attempts++
                if (attempts === this.maxRetries) {
-                    return new Promise((resolve, reject) => reject(error))
+                    return new Promise((_resolve, reject) => reject(error))
                }
            }
            await new Promise(resolve => setTimeout(resolve, this.retryInterval))
        }
-        return new Promise((resolve, reject) => reject(new Error('Illegal state')))
+        return new Promise((_resolve, reject) => reject(new Error('Illegal state')))
    }
 }

--- a/sources/src/errors.ts
+++ b/sources/src/errors.ts
@@ -41,7 +41,7 @@ export function handlePostActionError(error: unknown): void {
            core.info(error.stack)
        }
    } else {
-        core.warning(`Unhandled error in Gradle post-action - job will continue: ${error}`)
+        core.warning(`Unhandled error in Gradle post-action. Job will continue: ${error}`)
        if (error instanceof Error && error.stack) {
            core.info(error.stack)
        }
--- a/sources/src/execution/gradle.ts
+++ b/sources/src/execution/gradle.ts
@@ -35,29 +35,54 @@ async function executeGradleBuild(executable: string | undefined, root: string,
 }

 export function versionIsAtLeast(actualVersion: string, requiredVersion: string): boolean {
-    const splitVersion = actualVersion.split('-')
-    const coreVersion = splitVersion[0]
-    const prerelease = splitVersion.length > 1
-
-    const actualSemver = semver.coerce(coreVersion)!
-    const comparisonSemver = semver.coerce(requiredVersion)!
-
-    if (prerelease) {
-        return semver.gt(actualSemver, comparisonSemver)
-    } else {
-        return semver.gte(actualSemver, comparisonSemver)
+    if (actualVersion === requiredVersion) {
+        return true
    }
+
+    const actual = new GradleVersion(actualVersion)
+    const required = new GradleVersion(requiredVersion)
+
+    const actualSemver = semver.coerce(actual.versionPart)!
+    const comparisonSemver = semver.coerce(required.versionPart)!
+
+    if (semver.gt(actualSemver, comparisonSemver)) {
+        return true // Actual version is greater than comparison. So it's at least as new.
+    }
+    if (semver.lt(actualSemver, comparisonSemver)) {
+        return false // Actual version is less than comparison. So it's not as new.
+    }
+
+    // Actual and required version numbers are equal, so compare the other parts
+
+    if (actual.snapshotPart || required.snapshotPart) {
+        if (actual.snapshotPart && !required.snapshotPart && !required.stagePart) {
+            return false // Actual has a snapshot, but required is a plain version. Required is newer.
+        }
+        if (required.snapshotPart && !actual.snapshotPart && !actual.stagePart) {
+            return true // Required has a snapshot, but actual is a plain version. Actual is newer.
+        }
+
+        return false // Cannot compare case where both versions have a snapshot or stage
+    }
+
+    if (actual.stagePart) {
+        if (required.stagePart) {
+            return actual.stagePart >= required.stagePart // Compare stages for newer
+        }
+
+        return false // Actual has a stage, but required does not. So required is always newer.
+    }
+
+    return true // Actual has no stage part or snapshot part, so it cannot be older than required.
 }

-export async function findGradleVersionOnPath(): Promise<GradleExecutable | undefined> {
-    const gradleExecutable = await which('gradle', {nothrow: true})
-    if (gradleExecutable) {
-        const output = await exec.getExecOutput(gradleExecutable, ['-v'], {silent: true})
-        const version = parseGradleVersionFromOutput(output.stdout)
-        return version ? new GradleExecutable(version, gradleExecutable) : undefined
-    }
+export async function findGradleExecutableOnPath(): Promise<string | null> {
+    return await which('gradle', {nothrow: true})
+}

-    return undefined
+export async function determineGradleVersion(gradleExecutable: string): Promise<string | undefined> {
+    const output = await exec.getExecOutput(gradleExecutable, ['-v'], {silent: true})
+    return parseGradleVersionFromOutput(output.stdout)
 }

 export function parseGradleVersionFromOutput(output: string): string | undefined {
@@ -66,9 +91,21 @@ export function parseGradleVersionFromOutput(output: string): string | undefined
    return versionString
 }

-class GradleExecutable {
-    constructor(
-        readonly version: string,
-        readonly executable: string
-    ) {}
+class GradleVersion {
+    static PATTERN = /((\d+)(\.\d+)+)(-([a-z]+)-(\w+))?(-(SNAPSHOT|\d{14}([-+]\d{4})?))?/
+
+    versionPart: string
+    stagePart: string
+    snapshotPart: string
+
+    constructor(readonly version: string) {
+        const matcher = GradleVersion.PATTERN.exec(version)
+        if (!matcher) {
+            throw new Error(`'${version}' is not a valid Gradle version string (examples: '1.0', '1.0-rc-1')`)
+        }
+
+        this.versionPart = matcher[1]
+        this.stagePart = matcher[4]
+        this.snapshotPart = matcher[7]
+    }
 }
--- a/sources/src/execution/provision.ts
+++ b/sources/src/execution/provision.ts
@@ -6,7 +6,7 @@ import * as core from '@actions/core'
 import * as cache from '@actions/cache'
 import * as toolCache from '@actions/tool-cache'

-import {findGradleVersionOnPath, versionIsAtLeast} from './gradle'
+import {determineGradleVersion, findGradleExecutableOnPath, versionIsAtLeast} from './gradle'
 import * as gradlew from './gradlew'
 import {handleCacheFailure} from '../caching/cache-utils'
 import {CacheConfig} from '../configuration'
@@ -25,16 +25,6 @@ export async function provisionGradle(gradleVersion: string): Promise<string | u
    return undefined
 }

-/**
- * Ensure that the Gradle version on PATH is no older than the specified version.
- * If the version on PATH is older, install the specified version and add it to the PATH.
- * @return Installed Gradle executable or undefined if no version configured.
- */
-export async function provisionGradleAtLeast(gradleVersion: string): Promise<string> {
-    const installedVersion = await installGradleVersionAtLeast(await gradleRelease(gradleVersion))
-    return addToPath(installedVersion)
-}
-
 async function addToPath(executable: string): Promise<string> {
    core.addPath(path.dirname(executable))
    return executable
@@ -88,7 +78,7 @@ async function gradleReleaseNightly(): Promise<GradleVersionInfo> {
 async function gradleRelease(version: string): Promise<GradleVersionInfo> {
    const versionInfo = await findGradleVersionDeclaration(version)
    if (!versionInfo) {
-        throw new Error(`Gradle version ${version} does not exists`)
+        throw new Error(`Gradle version ${version} does not exist`)
    }
    return versionInfo
 }
@@ -106,27 +96,44 @@ async function findGradleVersionDeclaration(version: string): Promise<GradleVers

 async function installGradleVersion(versionInfo: GradleVersionInfo): Promise<string> {
    return core.group(`Provision Gradle ${versionInfo.version}`, async () => {
-        const gradleOnPath = await findGradleVersionOnPath()
-        if (gradleOnPath?.version === versionInfo.version) {
-            core.info(`Gradle version ${versionInfo.version} is already available on PATH. Not installing.`)
-            return gradleOnPath.executable
+        const gradleOnPath = await findGradleExecutableOnPath()
+        if (gradleOnPath) {
+            const gradleOnPathVersion = await determineGradleVersion(gradleOnPath)
+            if (gradleOnPathVersion === versionInfo.version) {
+                core.info(`Gradle version ${versionInfo.version} is already available on PATH. Not installing.`)
+                return gradleOnPath
+            }
        }

        return locateGradleAndDownloadIfRequired(versionInfo)
    })
 }

-async function installGradleVersionAtLeast(versionInfo: GradleVersionInfo): Promise<string> {
-    return core.group(`Provision Gradle >= ${versionInfo.version}`, async () => {
-        const gradleOnPath = await findGradleVersionOnPath()
-        if (gradleOnPath && versionIsAtLeast(gradleOnPath.version, versionInfo.version)) {
-            core.info(
-                `Gradle version ${gradleOnPath.version} is available on PATH and >= ${versionInfo.version}. Not installing.`
-            )
-            return gradleOnPath.executable
+/**
+ * Find (or install) a Gradle executable that meets the specified version requirement.
+ * The Gradle version on PATH and all candidates are first checked for version compatibility.
+ * If no existing Gradle version meets the requirement, the required version is installed.
+ * @return Gradle executable with at least the required version.
+ */
+export async function provisionGradleWithVersionAtLeast(
+    minimumVersion: string,
+    candidates: string[] = []
+): Promise<string> {
+    const gradleOnPath = await findGradleExecutableOnPath()
+    const allCandidates = gradleOnPath ? [gradleOnPath, ...candidates] : candidates
+
+    return core.group(`Provision Gradle >= ${minimumVersion}`, async () => {
+        for (const candidate of allCandidates) {
+            const candidateVersion = await determineGradleVersion(candidate)
+            if (candidateVersion && versionIsAtLeast(candidateVersion, minimumVersion)) {
+                core.info(
+                    `Gradle version ${candidateVersion} is available at ${candidate} and >= ${minimumVersion}. Not installing.`
+                )
+                return candidate
+            }
        }

-        return locateGradleAndDownloadIfRequired(versionInfo)
+        return locateGradleAndDownloadIfRequired(await gradleRelease(minimumVersion))
    })
 }

--- a/sources/src/job-summary.ts
+++ b/sources/src/job-summary.ts
@@ -1,6 +1,5 @@
 import * as core from '@actions/core'
 import * as github from '@actions/github'
-import {RequestError} from '@octokit/request-error'

 import {BuildResults, BuildResult} from './build-results'
 import {SummaryConfig, getActionId, getGithubToken} from './configuration'
@@ -66,7 +65,7 @@ ${jobSummary}`
            body: prComment
        })
    } catch (error) {
-        if (error instanceof RequestError) {
+        if (error instanceof Error && error.name === 'HttpError') {
            core.warning(buildWarningMessage(error))
        } else {
            throw error
@@ -74,7 +73,7 @@ ${jobSummary}`
    }
 }

-function buildWarningMessage(error: RequestError): string {
+function buildWarningMessage(error: Error): string {
    const mainWarning = `Failed to generate PR comment.\n${String(error)}`
    if (error.message === 'Resource not accessible by integration') {
        return `${mainWarning}
--- a/sources/src/resources/init-scripts/gradle-actions.build-result-capture-service.plugin.groovy
+++ b/sources/src/resources/init-scripts/gradle-actions.build-result-capture-service.plugin.groovy
@@ -6,6 +6,7 @@ import org.gradle.api.internal.tasks.execution.*
 import org.gradle.execution.*
 import org.gradle.internal.build.event.BuildEventListenerRegistryInternal
 import org.gradle.util.GradleVersion
+import org.slf4j.LoggerFactory

 settingsEvaluated { settings ->
    def projectTracker = gradle.sharedServices.registerIfAbsent("gradle-action-buildResultsRecorder", BuildResultsRecorder, { spec ->
@@ -20,6 +21,7 @@ settingsEvaluated { settings ->
 }

 abstract class BuildResultsRecorder implements BuildService<BuildResultsRecorder.Params>, BuildOperationListener, AutoCloseable {
+    private final logger = LoggerFactory.getLogger("gradle/actions")
    private boolean buildFailed = false
    private boolean configCacheHit = true
    interface Params extends BuildServiceParameters {
@@ -39,7 +41,8 @@ abstract class BuildResultsRecorder implements BuildService<BuildResultsRecorder
            // Got EVALUATE SETTINGS event: not a config-cache hit"
            configCacheHit = false
        }
-        if (buildOperation.details in RunRootBuildWorkBuildOperationType.Details) {
+        if (buildOperation.metadata == BuildOperationCategory.RUN_WORK ||
+            buildOperation.metadata == BuildOperationCategory.CONFIGURE_PROJECT) {
            if (finishEvent.failure != null) {
                buildFailed = true
            }
@@ -69,6 +72,7 @@ abstract class BuildResultsRecorder implements BuildService<BuildResultsRecorder
            buildResultsDir.mkdirs()
            def buildResultsFile = new File(buildResultsDir, githubActionStep + getParameters().getInvocationId().get() + ".json")
            if (!buildResultsFile.exists()) {
+                logger.lifecycle("gradle/actions: Writing build results to ${buildResultsFile}")
                buildResultsFile << groovy.json.JsonOutput.toJson(buildResults)
            }
        } catch (Exception e) {
--- a/sources/src/resources/init-scripts/gradle-actions.build-result-capture.init.gradle
+++ b/sources/src/resources/init-scripts/gradle-actions.build-result-capture.init.gradle
@@ -2,7 +2,9 @@
 * Capture information for each executed Gradle build to display in the job summary.
 */
 import org.gradle.util.GradleVersion
+import org.slf4j.LoggerFactory

+def SKIP_BUILD_CAPTURE = "GRADLE_ACTIONS_SKIP_BUILD_RESULT_CAPTURE"
 def BUILD_SCAN_PLUGIN_ID = "com.gradle.build-scan"
 def BUILD_SCAN_EXTENSION = "buildScan"
 def DEVELOCITY_PLUGIN_ID = "com.gradle.develocity"
@@ -10,6 +12,11 @@ def DEVELOCITY_EXTENSION = "develocity"
 def GE_PLUGIN_ID = "com.gradle.enterprise"
 def GE_EXTENSION = "gradleEnterprise"

+if (System.properties[SKIP_BUILD_CAPTURE] ?: System.getenv(SKIP_BUILD_CAPTURE)) {
+    logger.lifecycle("gradle/actions: Not capturing build results")
+    return
+}
+
 // Only run against root build. Do not run against included builds.
 def isTopLevelBuild = gradle.getParent() == null
 if (isTopLevelBuild) {
@@ -18,13 +25,13 @@ if (isTopLevelBuild) {

    def atLeastGradle3 = version >= GradleVersion.version("3.0")
    def atLeastGradle6 = version >= GradleVersion.version("6.0")
+    def atLeastGradle7 = version >= GradleVersion.version("7.0")

    def invocationId = "-${System.currentTimeMillis()}"

    if (atLeastGradle6) {
-        // By default, use standard mechanisms to capture build results
-        def useBuildService = version >= GradleVersion.version("6.6")
-        if (useBuildService) {
+        // Use BuildService for modern Gradle versions
+        if (atLeastGradle7) {
            captureUsingBuildService(invocationId)
        } else {
            captureUsingBuildFinished(gradle, invocationId, resultsWriter)
@@ -79,7 +86,6 @@ def captureUsingBuildService(invocationId) {

 void captureUsingBuildFinished(gradle, String invocationId, ResultsWriter resultsWriter) {
    gradle.buildFinished { result ->
-        println "Got buildFinished: ${result}"
        def buildResults = [
            rootProjectName: rootProject.name,
            rootProjectDir: rootProject.projectDir.absolutePath,
@@ -124,6 +130,8 @@ void captureUsingBuildScanPublished(buildScanExtension, String invocationId, Res
 }

 class ResultsWriter {
+    private final logger = LoggerFactory.getLogger("gradle/actions")
+
    void writeToResultsFile(String subDir, String invocationId, def content) {
        def runnerTempDir = System.getProperty("RUNNER_TEMP") ?: System.getenv("RUNNER_TEMP")
        def githubActionStep = System.getProperty("GITHUB_ACTION") ?: System.getenv("GITHUB_ACTION")
@@ -136,6 +144,7 @@ class ResultsWriter {
            buildResultsDir.mkdirs()
            def buildResultsFile = new File(buildResultsDir, githubActionStep + invocationId + ".json")
            if (!buildResultsFile.exists()) {
+                logger.lifecycle("gradle/actions: Writing build results to ${buildResultsFile}")
                buildResultsFile << groovy.json.JsonOutput.toJson(content)
            }
        } catch (Exception e) {
--- a/sources/src/resources/init-scripts/gradle-actions.github-dependency-graph-gradle-plugin-apply.groovy
+++ b/sources/src/resources/init-scripts/gradle-actions.github-dependency-graph-gradle-plugin-apply.groovy
@@ -6,17 +6,17 @@ buildscript {
  def pluginRepositoryUrl = getInputParam('gradle.plugin-repository.url') ?: 'https://plugins.gradle.org/m2'
  def pluginRepositoryUsername = getInputParam('gradle.plugin-repository.username')
  def pluginRepositoryPassword = getInputParam('gradle.plugin-repository.password')
-  def dependencyGraphPluginVersion = getInputParam('dependency-graph-plugin.version') ?: '1.3.1'
+  def dependencyGraphPluginVersion = getInputParam('dependency-graph-plugin.version') ?: '1.4.0'

  logger.lifecycle("Resolving dependency graph plugin ${dependencyGraphPluginVersion} from plugin repository: ${pluginRepositoryUrl}")
  repositories {
    maven { 
-      url pluginRepositoryUrl 
+      url = pluginRepositoryUrl
      if (pluginRepositoryUsername && pluginRepositoryPassword) {
        logger.lifecycle("Applying credentials for plugin repository: ${pluginRepositoryUrl}")
        credentials {
-          username(pluginRepositoryUsername)
-          password(pluginRepositoryPassword)
+          username = pluginRepositoryUsername
+          password = pluginRepositoryPassword
        }
        authentication {
          basic(BasicAuthentication)
--- a/sources/src/resources/init-scripts/gradle-actions.inject-develocity.init.gradle
+++ b/sources/src/resources/init-scripts/gradle-actions.inject-develocity.init.gradle
@@ -1,6 +1,6 @@
 /*
 * Initscript for injection of Develocity into Gradle builds.
- * Version: v1.0
+ * Version: 2.0
 */

 import org.gradle.util.GradleVersion
@@ -12,45 +12,46 @@ initscript {
        return
    }

-    def getInputParam = { String name ->
+    def getInputParam = { Gradle gradle, String name ->
        def ENV_VAR_PREFIX = ''
        def envVarName = ENV_VAR_PREFIX + name.toUpperCase().replace('.', '_').replace('-', '_')
-        return System.getProperty(name) ?: System.getenv(envVarName)
+        return gradle.startParameter.systemPropertiesArgs[name] ?: System.getProperty(name) ?: System.getenv(envVarName)
    }

-    def requestedInitScriptName = getInputParam('develocity.injection.init-script-name')
+    def requestedInitScriptName = getInputParam(gradle, 'develocity-injection.init-script-name')
    def initScriptName = buildscript.sourceFile.name
    if (requestedInitScriptName != initScriptName) {
        return
    }

    // Plugin loading is only required for Develocity injection. Abort early if not enabled.
-    def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam("develocity.injection-enabled"))
+    def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam(gradle, "develocity-injection.enabled"))
    if (!develocityInjectionEnabled) {
        return
    }

-    def pluginRepositoryUrl = getInputParam('gradle.plugin-repository.url')
-    def pluginRepositoryUsername = getInputParam('gradle.plugin-repository.username')
-    def pluginRepositoryPassword = getInputParam('gradle.plugin-repository.password')
-    def develocityPluginVersion = getInputParam('develocity.plugin.version')
-    def ccudPluginVersion = getInputParam('develocity.ccud-plugin.version')
+    def pluginRepositoryUrl = getInputParam(gradle, 'develocity-injection.plugin-repository.url')
+    def pluginRepositoryUsername = getInputParam(gradle, 'develocity-injection.plugin-repository.username')
+    def pluginRepositoryPassword = getInputParam(gradle, 'develocity-injection.plugin-repository.password')
+    def develocityPluginVersion = getInputParam(gradle, 'develocity-injection.develocity-plugin.version')
+    def ccudPluginVersion = getInputParam(gradle, 'develocity-injection.ccud-plugin.version')
+    def logLevel = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.debug')) ? LogLevel.LIFECYCLE : LogLevel.INFO

    def atLeastGradle5 = GradleVersion.current() >= GradleVersion.version('5.0')
    def atLeastGradle4 = GradleVersion.current() >= GradleVersion.version('4.0')

    if (develocityPluginVersion || ccudPluginVersion && atLeastGradle4) {
        pluginRepositoryUrl = pluginRepositoryUrl ?: 'https://plugins.gradle.org/m2'
-        logger.lifecycle("Develocity plugins resolution: $pluginRepositoryUrl")
+        logger.log(logLevel, "Develocity plugins resolution: $pluginRepositoryUrl")

        repositories {
            maven {
-                url pluginRepositoryUrl
+                url = pluginRepositoryUrl
                if (pluginRepositoryUsername && pluginRepositoryPassword) {
-                    logger.lifecycle("Using credentials for plugin repository")
+                    logger.log(logLevel, "Using credentials for plugin repository")
                    credentials {
-                        username(pluginRepositoryUsername)
-                        password(pluginRepositoryPassword)
+                        username = pluginRepositoryUsername
+                        password = pluginRepositoryPassword
                    }
                    authentication {
                        basic(BasicAuthentication)
@@ -79,10 +80,10 @@ initscript {
    }
 }

-static getInputParam(String name) {
+static getInputParam(Gradle gradle, String name) {
    def ENV_VAR_PREFIX = ''
    def envVarName = ENV_VAR_PREFIX + name.toUpperCase().replace('.', '_').replace('-', '_')
-    return System.getProperty(name) ?: System.getenv(envVarName)
+    return gradle.startParameter.systemPropertiesArgs[name] ?: System.getProperty(name) ?: System.getenv(envVarName)
 }

 def isTopLevelBuild = !gradle.parent
@@ -90,15 +91,15 @@ if (!isTopLevelBuild) {
    return
 }

-def requestedInitScriptName = getInputParam('develocity.injection.init-script-name')
+def requestedInitScriptName = getInputParam(gradle, 'develocity-injection.init-script-name')
 def initScriptName = buildscript.sourceFile.name
-if (requestedInitScriptName != initScriptName) {
-    logger.quiet("Ignoring init script '${initScriptName}' as requested name '${requestedInitScriptName}' does not match")
-    return
-}

-def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam("develocity.injection-enabled"))
+def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam(gradle, "develocity-injection.enabled"))
 if (develocityInjectionEnabled) {
+    if (requestedInitScriptName != initScriptName) {
+        logger.log(LogLevel.WARN, "Develocity injection not enabled because requested init script name was '${requestedInitScriptName}', but '${initScriptName}' was expected")
+        return
+    }
    enableDevelocityInjection()
 }

@@ -106,11 +107,14 @@ if (develocityInjectionEnabled) {
 def buildScanCollector = new BuildScanCollector()
 def buildScanCaptureEnabled = buildScanCollector.metaClass.respondsTo(buildScanCollector, 'captureBuildScanLink', String)
 if (buildScanCaptureEnabled) {
+    if (requestedInitScriptName != initScriptName) {
+        logger.log(LogLevel.WARN, "Build Scan capture not enabled because requested init script name was '${requestedInitScriptName}', but '${initScriptName}' was expected")
+        return
+    }
    enableBuildScanLinkCapture(buildScanCollector)
 }

 void enableDevelocityInjection() {
-    def BUILD_SCAN_PLUGIN_ID = 'com.gradle.build-scan'
    def BUILD_SCAN_PLUGIN_CLASS = 'com.gradle.scan.plugin.BuildScanPlugin'

    def GRADLE_ENTERPRISE_PLUGIN_ID = 'com.gradle.enterprise'
@@ -123,16 +127,17 @@ void enableDevelocityInjection() {
    def CCUD_PLUGIN_ID = 'com.gradle.common-custom-user-data-gradle-plugin'
    def CCUD_PLUGIN_CLASS = 'com.gradle.CommonCustomUserDataGradlePlugin'

-    def develocityUrl = getInputParam('develocity.url')
-    def develocityAllowUntrustedServer = Boolean.parseBoolean(getInputParam('develocity.allow-untrusted-server'))
-    def develocityEnforceUrl = Boolean.parseBoolean(getInputParam('develocity.enforce-url'))
-    def buildScanUploadInBackground = Boolean.parseBoolean(getInputParam('develocity.build-scan.upload-in-background'))
-    def develocityCaptureFileFingerprints = getInputParam('develocity.capture-file-fingerprints') ? Boolean.parseBoolean(getInputParam('develocity.capture-file-fingerprints')) : true
-    def develocityPluginVersion = getInputParam('develocity.plugin.version')
-    def ccudPluginVersion = getInputParam('develocity.ccud-plugin.version')
-    def buildScanTermsOfUseUrl = getInputParam('develocity.terms-of-use.url')
-    def buildScanTermsOfUseAgree = getInputParam('develocity.terms-of-use.agree')
-    def ciAutoInjectionCustomValueValue = getInputParam('develocity.auto-injection.custom-value')
+    def develocityUrl = getInputParam(gradle, 'develocity-injection.url')
+    def develocityAllowUntrustedServer = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.allow-untrusted-server'))
+    def develocityEnforceUrl = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.enforce-url'))
+    def buildScanUploadInBackground = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.upload-in-background'))
+    def develocityCaptureFileFingerprints = getInputParam(gradle, 'develocity-injection.capture-file-fingerprints') ? Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.capture-file-fingerprints')) : true
+    def develocityPluginVersion = getInputParam(gradle, 'develocity-injection.develocity-plugin.version')
+    def ccudPluginVersion = getInputParam(gradle, 'develocity-injection.ccud-plugin.version')
+    def buildScanTermsOfUseUrl = getInputParam(gradle, 'develocity-injection.terms-of-use.url')
+    def buildScanTermsOfUseAgree = getInputParam(gradle, 'develocity-injection.terms-of-use.agree')
+    def ciAutoInjectionCustomValueValue = getInputParam(gradle, 'develocity-injection.custom-value')
+    def logLevel = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.debug')) ? LogLevel.LIFECYCLE : LogLevel.INFO

    def atLeastGradle5 = GradleVersion.current() >= GradleVersion.version('5.0')
    def atLeastGradle4 = GradleVersion.current() >= GradleVersion.version('4.0')
@@ -145,9 +150,23 @@ void enableDevelocityInjection() {
        return geValue instanceof Closure<?> ? geValue() : geValue
    }

+    def printEnforcingDevelocityUrl = {
+        logger.log(logLevel, "Enforcing Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer")
+    }
+
+    def printAcceptingGradleTermsOfUse = {
+        logger.log(logLevel, "Accepting Gradle Terms of Use: $buildScanTermsOfUseUrl")
+    }
+
+    // finish early if DV plugin version is unsupported (v3.6.4 is the minimum version tested and supports back to DV 2021.1)
+    if (develocityPluginVersion && isNotAtLeast(develocityPluginVersion, '3.6.4')) {
+        logger.log(LogLevel.WARN, "Develocity Gradle plugin must be at least 3.6.4. Configured version is $develocityPluginVersion.")
+        return
+    }
+
    // finish early if configuration parameters passed in via system properties are not valid/supported
    if (ccudPluginVersion && isNotAtLeast(ccudPluginVersion, '1.7')) {
-        logger.warn("Common Custom User Data Gradle plugin must be at least 1.7. Configured version is $ccudPluginVersion.")
+        logger.log(LogLevel.WARN, "Common Custom User Data Gradle plugin must be at least 1.7. Configured version is $ccudPluginVersion.")
        return
    }

@@ -163,8 +182,8 @@ void enableDevelocityInjection() {
                    }
                    if (!scanPluginComponent) {
                        def pluginClass = dvOrGe(DEVELOCITY_PLUGIN_CLASS, BUILD_SCAN_PLUGIN_CLASS)
-                        logger.lifecycle("Applying $pluginClass via init script")
-                        applyPluginExternally(pluginManager, pluginClass)
+                        def pluginVersion = atLeastGradle5 ? develocityPluginVersion : "1.16"
+                        applyPluginExternally(pluginManager, pluginClass, pluginVersion)
                        def rootExtension = dvOrGe(
                            { develocity },
                            { buildScan }
@@ -174,7 +193,7 @@ void enableDevelocityInjection() {
                            { rootExtension }
                        )
                        if (develocityUrl) {
-                            logger.lifecycle("Connection to Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
+                            logger.log(logLevel, "Connection to Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
                            rootExtension.server = develocityUrl
                            rootExtension.allowUntrustedServer = develocityAllowUntrustedServer
                        }
@@ -182,11 +201,9 @@ void enableDevelocityInjection() {
                            // Develocity plugin publishes scans by default
                            buildScanExtension.publishAlways()
                        }
-                        // uploadInBackground not available for build-scan-plugin 1.16
-                        if (buildScanExtension.metaClass.respondsTo(buildScanExtension, 'setUploadInBackground', Boolean)) buildScanExtension.uploadInBackground = buildScanUploadInBackground
                        buildScanExtension.value CI_AUTO_INJECTION_CUSTOM_VALUE_NAME, ciAutoInjectionCustomValueValue
                        if (isAtLeast(develocityPluginVersion, '2.1') && atLeastGradle5) {
-                            logger.lifecycle("Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
+                            logger.log(logLevel, "Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
                            if (isAtLeast(develocityPluginVersion, '3.17')) {
                                buildScanExtension.capture.fileFingerprints.set(develocityCaptureFileFingerprints)
                            } else if (isAtLeast(develocityPluginVersion, '3.7')) {
@@ -196,48 +213,61 @@ void enableDevelocityInjection() {
                            }
                        }
                    }
+                }

-                    if (develocityUrl && develocityEnforceUrl) {
-                        logger.lifecycle("Enforcing Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
-                    }
-
-                    pluginManager.withPlugin(BUILD_SCAN_PLUGIN_ID) {
-                        // Only execute if develocity plugin isn't applied.
-                        if (gradle.rootProject.extensions.findByName("develocity")) return
-                        afterEvaluate {
-                            if (develocityUrl && develocityEnforceUrl) {
-                                buildScan.server = develocityUrl
-                                buildScan.allowUntrustedServer = develocityAllowUntrustedServer
-                            }
-                        }
-
-                        if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
-                            buildScan.termsOfServiceUrl = buildScanTermsOfUseUrl
-                            buildScan.termsOfServiceAgree = buildScanTermsOfUseAgree
-                        }
-                    }
-
-                    pluginManager.withPlugin(DEVELOCITY_PLUGIN_ID) {
+                eachDevelocityProjectExtension(project,
+                    { develocity ->
                        afterEvaluate {
                            if (develocityUrl && develocityEnforceUrl) {
+                                printEnforcingDevelocityUrl()
                                develocity.server = develocityUrl
                                develocity.allowUntrustedServer = develocityAllowUntrustedServer
                            }
                        }

                        if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
+                            printAcceptingGradleTermsOfUse()
                            develocity.buildScan.termsOfUseUrl = buildScanTermsOfUseUrl
                            develocity.buildScan.termsOfUseAgree = buildScanTermsOfUseAgree
                        }
+
+                        logger.log(logLevel, "Setting uploadInBackground: $buildScanUploadInBackground")
+                        develocity.buildScan.uploadInBackground = buildScanUploadInBackground
+                    },
+                    { buildScan ->
+                        afterEvaluate {
+                            if (develocityUrl && develocityEnforceUrl) {
+                                printEnforcingDevelocityUrl()
+                                buildScan.server = develocityUrl
+                                buildScan.allowUntrustedServer = develocityAllowUntrustedServer
+                            }
+                        }
+
+                        if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
+                            printAcceptingGradleTermsOfUse()
+                            if (buildScan.metaClass.respondsTo(buildScan, 'setTermsOfServiceUrl', String)) {
+                                buildScan.termsOfServiceUrl = buildScanTermsOfUseUrl
+                                buildScan.termsOfServiceAgree = buildScanTermsOfUseAgree
+                            } else {
+                                buildScan.licenseAgreementUrl = buildScanTermsOfUseUrl
+                                buildScan.licenseAgree = buildScanTermsOfUseAgree
+                            }
+                        }
+
+                        // uploadInBackground available for build-scan-plugin 3.3.4 and later only
+                        if (buildScan.metaClass.respondsTo(buildScan, 'setUploadInBackground', Boolean)) {
+                            logger.log(logLevel, "Setting uploadInBackground: $buildScanUploadInBackground")
+                            buildScan.uploadInBackground = buildScanUploadInBackground
+                        }
                    }
-                }
+                )

                if (ccudPluginVersion && atLeastGradle4) {
                    def ccudPluginComponent = resolutionResult.allComponents.find {
                        it.moduleVersion.with { group == "com.gradle" && name == "common-custom-user-data-gradle-plugin" }
                    }
                    if (!ccudPluginComponent) {
-                        logger.lifecycle("Applying $CCUD_PLUGIN_CLASS via init script")
+                        logger.log(logLevel, "Applying $CCUD_PLUGIN_CLASS with version $ccudPluginVersion via init script")
                        pluginManager.apply(initscript.classLoader.loadClass(CCUD_PLUGIN_CLASS))
                    }
                }
@@ -248,30 +278,34 @@ void enableDevelocityInjection() {
            if (develocityPluginVersion) {
                if (!settings.pluginManager.hasPlugin(GRADLE_ENTERPRISE_PLUGIN_ID) && !settings.pluginManager.hasPlugin(DEVELOCITY_PLUGIN_ID)) {
                    def pluginClass = dvOrGe(DEVELOCITY_PLUGIN_CLASS, GRADLE_ENTERPRISE_PLUGIN_CLASS)
-                    logger.lifecycle("Applying $pluginClass via init script")
-                    applyPluginExternally(settings.pluginManager, pluginClass)
+                    applyPluginExternally(settings.pluginManager, pluginClass, develocityPluginVersion)
                    if (develocityUrl) {
-                        logger.lifecycle("Connection to Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
+                        logger.log(logLevel, "Connection to Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
                        eachDevelocitySettingsExtension(settings) { ext ->
-                            ext.server = develocityUrl
-                            ext.allowUntrustedServer = develocityAllowUntrustedServer
+                            // server and allowUntrustedServer must be configured via buildScan extension for gradle-enterprise-plugin 3.1.1 and earlier
+                            if (ext.metaClass.respondsTo(ext, 'getServer')) {
+                                ext.server = develocityUrl
+                                ext.allowUntrustedServer = develocityAllowUntrustedServer
+                            } else {
+                                ext.buildScan.server = develocityUrl
+                                ext.buildScan.allowUntrustedServer = develocityAllowUntrustedServer
+                            }
                        }
                    }

                    eachDevelocitySettingsExtension(settings) { ext ->
-                        ext.buildScan.uploadInBackground = buildScanUploadInBackground
                        ext.buildScan.value CI_AUTO_INJECTION_CUSTOM_VALUE_NAME, ciAutoInjectionCustomValueValue
                    }

                    eachDevelocitySettingsExtension(settings,
                        { develocity ->
-                            logger.lifecycle("Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
+                            logger.log(logLevel, "Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
                            develocity.buildScan.capture.fileFingerprints = develocityCaptureFileFingerprints
                        },
                        { gradleEnterprise ->
                            gradleEnterprise.buildScan.publishAlways()
                            if (isAtLeast(develocityPluginVersion, '2.1')) {
-                                logger.lifecycle("Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
+                                logger.log(logLevel, "Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
                                if (isAtLeast(develocityPluginVersion, '3.7')) {
                                    gradleEnterprise.buildScan.capture.taskInputFiles = develocityCaptureFileFingerprints
                                } else {
@@ -281,40 +315,55 @@ void enableDevelocityInjection() {
                        }
                    )
                }
+            }

-                if (develocityUrl && develocityEnforceUrl) {
-                    logger.lifecycle("Enforcing Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
-                }
+            eachDevelocitySettingsExtension(settings,
+                { develocity ->
+                    if (develocityUrl && develocityEnforceUrl) {
+                        printEnforcingDevelocityUrl()
+                        develocity.server = develocityUrl
+                        develocity.allowUntrustedServer = develocityAllowUntrustedServer
+                    }

-                eachDevelocitySettingsExtension(settings,
-                    { develocity ->
-                        if (develocityUrl && develocityEnforceUrl) {
-                            develocity.server = develocityUrl
-                            develocity.allowUntrustedServer = develocityAllowUntrustedServer
-                        }
+                    if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
+                        printAcceptingGradleTermsOfUse()
+                        develocity.buildScan.termsOfUseUrl = buildScanTermsOfUseUrl
+                        develocity.buildScan.termsOfUseAgree = buildScanTermsOfUseAgree
+                    }

-                        if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
-                            develocity.buildScan.termsOfUseUrl = buildScanTermsOfUseUrl
-                            develocity.buildScan.termsOfUseAgree = buildScanTermsOfUseAgree
-                        }
-                    },
-                    { gradleEnterprise ->
-                        if (develocityUrl && develocityEnforceUrl) {
+                    logger.log(logLevel, "Setting uploadInBackground: $buildScanUploadInBackground")
+                    develocity.buildScan.uploadInBackground = buildScanUploadInBackground
+                },
+                { gradleEnterprise ->
+                    if (develocityUrl && develocityEnforceUrl) {
+                        printEnforcingDevelocityUrl()
+                        // server and allowUntrustedServer must be configured via buildScan extension for gradle-enterprise-plugin 3.1.1 and earlier
+                        if (gradleEnterprise.metaClass.respondsTo(gradleEnterprise, 'getServer')) {
                            gradleEnterprise.server = develocityUrl
                            gradleEnterprise.allowUntrustedServer = develocityAllowUntrustedServer
-                        }
-
-                        if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
-                            gradleEnterprise.buildScan.termsOfServiceUrl = buildScanTermsOfUseUrl
-                            gradleEnterprise.buildScan.termsOfServiceAgree = buildScanTermsOfUseAgree
+                        } else {
+                            gradleEnterprise.buildScan.server = develocityUrl
+                            gradleEnterprise.buildScan.allowUntrustedServer = develocityAllowUntrustedServer
                        }
                    }
-                )
-            }
+
+                    if (buildScanTermsOfUseUrl && buildScanTermsOfUseAgree) {
+                        printAcceptingGradleTermsOfUse()
+                        gradleEnterprise.buildScan.termsOfServiceUrl = buildScanTermsOfUseUrl
+                        gradleEnterprise.buildScan.termsOfServiceAgree = buildScanTermsOfUseAgree
+                    }
+
+                    // uploadInBackground available for gradle-enterprise-plugin 3.3.4 and later only
+                    if (gradleEnterprise.buildScan.metaClass.respondsTo(gradleEnterprise.buildScan, 'setUploadInBackground', Boolean)) {
+                        logger.log(logLevel, "Setting uploadInBackground: $buildScanUploadInBackground")
+                        gradleEnterprise.buildScan.uploadInBackground = buildScanUploadInBackground
+                    }
+                }
+            )

            if (ccudPluginVersion) {
                if (!settings.pluginManager.hasPlugin(CCUD_PLUGIN_ID)) {
-                    logger.lifecycle("Applying $CCUD_PLUGIN_CLASS via init script")
+                    logger.log(logLevel, "Applying $CCUD_PLUGIN_CLASS with version $ccudPluginVersion via init script")
                    settings.pluginManager.apply(initscript.classLoader.loadClass(CCUD_PLUGIN_CLASS))
                }
            }
@@ -322,7 +371,10 @@ void enableDevelocityInjection() {
    }
 }

-void applyPluginExternally(def pluginManager, String pluginClassName) {
+void applyPluginExternally(def pluginManager, String pluginClassName, String pluginVersion) {
+    def logLevel = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.debug')) ? LogLevel.LIFECYCLE : LogLevel.INFO
+    logger.log(logLevel, "Applying $pluginClassName with version $pluginVersion via init script")
+
    def externallyApplied = 'develocity.externally-applied'
    def externallyAppliedDeprecated = 'gradle.enterprise.externally-applied'
    def oldValue = System.getProperty(externallyApplied)
@@ -367,6 +419,32 @@ static def eachDevelocitySettingsExtension(def settings, def dvAction, def geAct
    }
 }

+/**
+ * Apply the `dvAction` to the 'develocity' extension.
+ * If no 'develocity' extension is found, apply the `bsAction` to the 'buildScan' extension.
+ * (The develocity plugin creates both extensions, and we want to prefer configuring 'develocity').
+ */
+static def eachDevelocityProjectExtension(def project, def dvAction, def bsAction = dvAction) {
+    def BUILD_SCAN_PLUGIN_ID = 'com.gradle.build-scan'
+    def DEVELOCITY_PLUGIN_ID = 'com.gradle.develocity'
+
+    def configureDvOrBsExtension = {
+        if (project.extensions.findByName("develocity")) {
+            dvAction(project.develocity)
+        } else {
+            bsAction(project.buildScan)
+        }
+    }
+
+    project.pluginManager.withPlugin(BUILD_SCAN_PLUGIN_ID, configureDvOrBsExtension)
+
+    project.pluginManager.withPlugin(DEVELOCITY_PLUGIN_ID) {
+        // Proper extension will be configured by the build-scan callback.
+        if (project.pluginManager.hasPlugin(BUILD_SCAN_PLUGIN_ID)) return
+        configureDvOrBsExtension()
+    }
+}
+
 static boolean isAtLeast(String versionUnderTest, String referenceVersion) {
    GradleVersion.version(versionUnderTest) >= GradleVersion.version(referenceVersion)
 }
@@ -376,21 +454,13 @@ static boolean isNotAtLeast(String versionUnderTest, String referenceVersion) {
 }

 void enableBuildScanLinkCapture(BuildScanCollector collector) {
-    def BUILD_SCAN_PLUGIN_ID = 'com.gradle.build-scan'
-    def DEVELOCITY_PLUGIN_ID = 'com.gradle.develocity'
-
    // Conditionally apply and configure the Develocity plugin
    if (GradleVersion.current() < GradleVersion.version('6.0')) {
        rootProject {
-            pluginManager.withPlugin(BUILD_SCAN_PLUGIN_ID) {
-                // Only execute if develocity plugin isn't applied.
-                if (gradle.rootProject.extensions.findByName("develocity")) return
-                buildScanPublishedAction(buildScan, collector)
-            }
-
-            pluginManager.withPlugin(DEVELOCITY_PLUGIN_ID) {
-                buildScanPublishedAction(develocity.buildScan, collector)
-            }
+            eachDevelocityProjectExtension(project,
+                { develocity -> buildScanPublishedAction(develocity.buildScan, collector) },
+                { buildScan  -> buildScanPublishedAction(buildScan, collector) }
+            )
        }
    } else {
        gradle.settingsEvaluated { settings ->
--- a/sources/src/wrapper-validation/checksums.ts
+++ b/sources/src/wrapper-validation/checksums.ts
@@ -1,5 +1,6 @@
-import * as httpm from 'typed-rest-client/HttpClient'
 import * as cheerio from 'cheerio'
+import * as core from '@actions/core'
+import * as httpm from '@actions/http-client'

 import fileWrapperChecksums from './wrapper-checksums.json'

@@ -59,12 +60,7 @@ export async function fetchUnknownChecksums(
    }

    const wrapperChecksums = new WrapperChecksums()
-    await Promise.all(
-        checksumUrls.map(async ([version, url]) => {
-            const checksum = await httpGetText(url)
-            wrapperChecksums.add(version, checksum)
-        })
-    )
+    await fetchAndStoreChecksums(checksumUrls, wrapperChecksums)
    return wrapperChecksums
 }

@@ -73,8 +69,20 @@ async function httpGetJsonArray(url: string): Promise<unknown[]> {
 }

 async function httpGetText(url: string): Promise<string> {
-    const response = await httpc.get(url)
-    return await response.readBody()
+    const maxAttempts = 4
+    let attempts = 0
+    while (attempts < maxAttempts) {
+        try {
+            const response = await httpc.get(url)
+            return await response.readBody()
+        } catch (error) {
+            attempts++
+            if (attempts === maxAttempts) {
+                return new Promise((_resolve, reject) => reject(error))
+            }
+        }
+    }
+    return new Promise((_resolve, reject) => reject(new Error('Illegal state')))
 }

 async function addDistributionSnapshotChecksumUrls(checksumUrls: [string, string][]): Promise<void> {
@@ -84,7 +92,7 @@ async function addDistributionSnapshotChecksumUrls(checksumUrls: [string, string

    // // Find all links ending with '-wrapper.jar.sha256'
    const wrapperChecksumLinks = $('a[href$="-wrapper.jar.sha256"]')
-    wrapperChecksumLinks.each((index, element) => {
+    wrapperChecksumLinks.each((_index, element) => {
        const url = $(element).attr('href')!

        // Extract the version from the url
@@ -94,3 +102,20 @@ async function addDistributionSnapshotChecksumUrls(checksumUrls: [string, string
        }
    })
 }
+
+async function fetchAndStoreChecksums(
+    checksumUrls: [string, string][],
+    wrapperChecksums: WrapperChecksums
+): Promise<void> {
+    const batchSize = 10
+    for (let i = 0; i < checksumUrls.length; i += batchSize) {
+        const batch = checksumUrls.slice(i, i + batchSize)
+        await Promise.all(
+            batch.map(async ([version, url]) => {
+                const checksum = await httpGetText(url)
+                wrapperChecksums.add(version, checksum)
+            })
+        )
+        core.info(`Fetched ${i + batch.length} of ${checksumUrls.length} checksums`)
+    }
+}
--- a/Show More
+++ b/Show More