From 6f229686ee4375cc4a86b2514c89bac4930e82c4 Mon Sep 17 00:00:00 2001 From: Jerome Prinet Date: Wed, 1 Oct 2025 12:23:40 +0200 Subject: [PATCH] Upgrade gradle/actions to v5 --- .github/workflows/ci-check-and-unit-test.yml | 2 +- .github/workflows/ci-init-script-check.yml | 2 +- .github/workflows/ci-validate-wrappers.yml | 2 +- README.md | 6 ++-- RELEASING.md | 8 ++--- dependency-submission/README.md | 2 +- docs/dependency-submission.md | 18 +++++----- docs/deprecation-upgrade-guide.md | 8 ++--- docs/setup-gradle.md | 38 ++++++++++---------- docs/wrapper-validation.md | 4 +-- setup-gradle/README.md | 2 +- wrapper-validation/README.md | 2 +- 12 files changed, 47 insertions(+), 47 deletions(-) diff --git a/.github/workflows/ci-check-and-unit-test.yml b/.github/workflows/ci-check-and-unit-test.yml index 7ec4cefe..00d9aee4 100644 --- a/.github/workflows/ci-check-and-unit-test.yml +++ b/.github/workflows/ci-check-and-unit-test.yml @@ -26,7 +26,7 @@ jobs: cache-dependency-path: sources/package-lock.json - name: Setup Gradle # Use a released version to avoid breakages - uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4 + uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 env: ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing with: diff --git a/.github/workflows/ci-init-script-check.yml b/.github/workflows/ci-init-script-check.yml index e2b3228d..02c0af95 100644 --- a/.github/workflows/ci-init-script-check.yml +++ b/.github/workflows/ci-init-script-check.yml @@ -30,7 +30,7 @@ jobs: java-version: 17 - name: Setup Gradle # Use a released version to avoid breakages - uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4 + uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 env: ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing - name: Run integration tests diff --git a/.github/workflows/ci-validate-wrappers.yml b/.github/workflows/ci-validate-wrappers.yml index 61591e31..b397e1aa 100644 --- a/.github/workflows/ci-validate-wrappers.yml +++ b/.github/workflows/ci-validate-wrappers.yml @@ -12,6 +12,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: gradle/actions/wrapper-validation@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4 + - uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 with: allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 diff --git a/README.md b/README.md index 92fd0f80..cf81c6b2 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ jobs: distribution: 'temurin' java-version: 17 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 - name: Build with Gradle run: ./gradlew build ``` @@ -70,7 +70,7 @@ jobs: distribution: 'temurin' java-version: 17 - name: Generate and submit dependency graph - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 ``` See the [full action documentation](docs/dependency-submission.md) for more advanced usage scenarios. @@ -99,7 +99,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: gradle/actions/wrapper-validation@v4 + - uses: gradle/actions/wrapper-validation@v5 ``` See the [full action documentation](docs/wrapper-validation.md) for more advanced usage scenarios. diff --git a/RELEASING.md b/RELEASING.md index 56e0e96d..2ae99005 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -11,16 +11,16 @@ - Note: The gradle actions follow the GitHub Actions convention of including a .0 patch number for the first release of a minor version, unlike the Gradle convention which omits the trailing .0. ## Release gradle/actions -- Create a tag for the release. The tag should have the format `v4.1.0` - - From CLI: `git tag -s -m "v4.1.0" v4.1.0 && git push --tags` +- Create a tag for the release. The tag should have the format `v5.0.0` + - From CLI: `git tag -s -m "v5.0.0" v5.0.0 && git push --tags` - Note that we sign the tag and set the commit message for the tag to the newly released version. - Go to https://github.com/gradle/actions/releases and "Draft new release" - Use the newly created tag and copy the tag name exactly as the release title. - Craft release notes content based on issues closed, PRs merged and commits - Include a Full changelog link in the format https://github.com/gradle/actions/compare/v2.12.0...v3.0.0 - Publish the release. -- Force push the `v4` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag. - - From CLI: `git tag -f -s -a -m "v4.0.0" v4 v4.0.0 && git push -f --tags` +- Force push the `v5` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag. + - From CLI: `git tag -f -s -a -m "v5.0.0" v5 v5.0.0 && git push -f --tags` - Note that we sign the tag and set the commit message for the tag to the newly released version. ## Post release steps diff --git a/dependency-submission/README.md b/dependency-submission/README.md index 19fcf53c..8dd2c7c1 100644 --- a/dependency-submission/README.md +++ b/dependency-submission/README.md @@ -29,7 +29,7 @@ jobs: distribution: 'temurin' java-version: 17 - name: Generate and submit dependency graph - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 ``` See the [full action documentation](../docs/dependency-submission.md) for more advanced usage scenarios. diff --git a/docs/dependency-submission.md b/docs/dependency-submission.md index 042ef234..c6391d84 100644 --- a/docs/dependency-submission.md +++ b/docs/dependency-submission.md @@ -43,7 +43,7 @@ jobs: java-version: 17 - name: Generate and submit dependency graph - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 ``` ### Gradle execution @@ -68,7 +68,7 @@ Three input parameters are required, one to enable publishing and two more to ac ```yaml - name: Generate and submit dependency graph - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 with: build-scan-publish: true build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use" @@ -83,7 +83,7 @@ In some cases, the default action configuration will not be sufficient, and addi ```yaml - name: Generate and save dependency graph - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 with: # Use a particular Gradle version instead of the configured wrapper. gradle-version: '8.6' @@ -130,7 +130,7 @@ To reduce storage costs for these artifacts, you can: ```yaml - name: Generate dependency graph but only store workflow artifacts for 1 day - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 with: artifact-retention-days: 1 # Default is 30 days or as configured for repository ``` @@ -139,7 +139,7 @@ To reduce storage costs for these artifacts, you can: ```yaml - name: Generate and submit dependency graph but do not store as workflow artifact - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 with: dependency-graph: 'generate-and-submit' # Default value is 'generate-submit-and-upload' ``` @@ -299,7 +299,7 @@ For example, if you want to exclude dependencies resolved by the `buildSrc` proj ```yaml - name: Generate and submit dependency graph - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 with: # Exclude all dependencies that originate solely in the 'buildSrc' project dependency-graph-exclude-projects: ':buildSrc' @@ -350,7 +350,7 @@ jobs: java-version: 17 - name: Generate and submit dependency graph - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 ``` #### 2. Add a dedicated Dependency Review workflow @@ -412,7 +412,7 @@ jobs: java-version: 17 - name: Generate and save dependency graph - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 with: dependency-graph: generate-and-upload ``` @@ -435,7 +435,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download and submit dependency graph - uses: gradle/actions/dependency-submission@v4 + uses: gradle/actions/dependency-submission@v5 with: dependency-graph: download-and-submit # Download saved dependency-graph and submit ``` diff --git a/docs/deprecation-upgrade-guide.md b/docs/deprecation-upgrade-guide.md index c89ff37b..45fdcb25 100644 --- a/docs/deprecation-upgrade-guide.md +++ b/docs/deprecation-upgrade-guide.md @@ -20,7 +20,7 @@ To convert your workflows, simply replace: ``` with ``` - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 ``` ## The action `gradle/wrapper-validation-action` has been replaced by `gradle/actions/wrapper-validation` @@ -40,7 +40,7 @@ To convert your workflows, simply replace: ``` with ``` - uses: gradle/actions/wrapper-validation@v4 + uses: gradle/actions/wrapper-validation@v5 ``` ## Using the action to execute Gradle via the `arguments` parameter is deprecated @@ -82,7 +82,7 @@ The exact syntax depends on whether or not your project is configured with the [ ``` - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 - name: Assemble the project run: ./gradlew assemble @@ -99,7 +99,7 @@ The exact syntax depends on whether or not your project is configured with the [ ``` - name: Setup Gradle for a non-wrapper project - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: gradle-version: '8.11' diff --git a/docs/setup-gradle.md b/docs/setup-gradle.md index 1efaeeea..fc95af8c 100644 --- a/docs/setup-gradle.md +++ b/docs/setup-gradle.md @@ -45,7 +45,7 @@ jobs: java-version: 17 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 - name: Execute Gradle build run: ./gradlew build @@ -58,7 +58,7 @@ Downloaded Gradle versions are stored in the GitHub Actions cache, to avoid havi ```yaml - name: Setup Gradle 8.10 - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: gradle-version: '8.10' # Quotes required to prevent YAML converting to number - name: Build with Gradle 8.10 @@ -96,7 +96,7 @@ jobs: distribution: temurin java-version: 17 - - uses: gradle/actions/setup-gradle@v4 + - uses: gradle/actions/setup-gradle@v5 id: setup-gradle with: gradle-version: release-candidate @@ -218,7 +218,7 @@ jobs: distribution: temurin java-version: 17 - - uses: gradle/actions/setup-gradle@v4 + - uses: gradle/actions/setup-gradle@v5 with: gradle-version: '8.6' cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} @@ -472,7 +472,7 @@ jobs: java-version: 17 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: add-job-summary-as-pr-comment: 'on-failure' # Valid values are 'never' (default), 'always', and 'on-failure' @@ -509,7 +509,7 @@ jobs: java-version: 17 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 - name: Run build with Gradle wrapper run: ./gradlew build --scan @@ -540,7 +540,7 @@ If you do not want wrapper-validation to occur automatically, you can disable it ```yaml - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: validate-wrappers: false ``` @@ -552,7 +552,7 @@ These are not allowed by default. ```yaml - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: validate-wrappers: true allow-snapshot-wrappers: true @@ -617,7 +617,7 @@ jobs: java-version: 17 - name: Setup Gradle to generate and submit dependency graphs - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: dependency-graph: generate-and-submit - name: Run the usual CI build (dependency-graph will be generated and submitted post-job) @@ -644,7 +644,7 @@ graph cannot be generated or submitted. You can enable this behavior with the `d ```yaml # Ensure that the workflow Job will fail if the dependency graph cannot be submitted -- uses: gradle/actions/setup-gradle@v4 +- uses: gradle/actions/setup-gradle@v5 with: dependency-graph: generate-and-submit dependency-graph-continue-on-failure: false @@ -669,7 +669,7 @@ jobs: java-version: 17 - name: Setup Gradle to generate and submit dependency graphs - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: dependency-graph: generate-and-submit - name: Run a build, resolving the 'dependency-graph' plugin from the plugin portal proxy @@ -699,7 +699,7 @@ jobs: java-version: 17 - name: Setup Gradle to generate and submit dependency graphs - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: dependency-graph: generate-and-submit - name: Build the app, generating a graph of dependencies required @@ -743,7 +743,7 @@ To publish to https://scans.gradle.com, you must specify in your workflow that y ```yaml - name: Setup Gradle to publish build scans - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: build-scan-publish: true build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service' @@ -765,7 +765,7 @@ The short-lived access token will then be used wherever a Develocity access key ```yaml - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }} # Long-lived access key, visiblility is restricted to this step. @@ -783,7 +783,7 @@ To avoid this, use the `develocity-token-expiry` parameter to specify a differen ```yaml - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }} develocity-token-expiry: '8' # The number of hours that the access token should remain valid (max 24). @@ -805,7 +805,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 # The build will automatically use a short-lived access token to authenticate with Develocity - name: Run a Gradle build that is configured to publish to Develocity. @@ -837,7 +837,7 @@ Here's a minimal example: ```yaml - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: develocity-injection-enabled: true develocity-url: 'https://develocity.your-server.com' @@ -854,7 +854,7 @@ In the likely scenario that your Develocity server requires authentication, you ```yaml - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 with: develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }} @@ -905,7 +905,7 @@ Here's an example using the env vars: ```yaml - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 - name: Run a Gradle build with Develocity injection enabled with environment variables run: ./gradlew build diff --git a/docs/wrapper-validation.md b/docs/wrapper-validation.md index cf98efa2..1778c039 100644 --- a/docs/wrapper-validation.md +++ b/docs/wrapper-validation.md @@ -50,7 +50,7 @@ We created an example [Homoglyph attack PR here](https://github.com/JLLeitschuh/ Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build: ```yaml -uses: gradle/actions/wrapper-validation@v4 +uses: gradle/actions/wrapper-validation@v5 ``` This action step should precede any step using `gradle/gradle-build-action` or `gradle/actions/setup-gradle`. @@ -73,7 +73,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: gradle/actions/wrapper-validation@v4 + - uses: gradle/actions/wrapper-validation@v5 ``` ## Contributing to an external GitHub Repository diff --git a/setup-gradle/README.md b/setup-gradle/README.md index bd101442..fb7c9791 100644 --- a/setup-gradle/README.md +++ b/setup-gradle/README.md @@ -26,7 +26,7 @@ jobs: distribution: 'temurin' java-version: 17 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v5 - name: Build with Gradle run: ./gradlew build ``` diff --git a/wrapper-validation/README.md b/wrapper-validation/README.md index 3748c474..07b37939 100644 --- a/wrapper-validation/README.md +++ b/wrapper-validation/README.md @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: gradle/actions/wrapper-validation@v4 + - uses: gradle/actions/wrapper-validation@v5 ``` See the [full action documentation](../docs/wrapper-validation.md) for more advanced usage scenarios.