actions/gradle
1
0
Fork 0
mirror of https://github.com/gradle/actions.git synced 2025-10-16 14:28:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade gradle/actions to v5

Browse Source
This commit is contained in:
Jerome Prinet 2025-10-01 12:23:40 +02:00
parent 4d9f0ba002
commit 6f229686ee
No known key found for this signature in database
GPG Key ID: 101BA71B2F530F0A
12 changed files with 47 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/ci-check-and-unit-test.yml vendored
View File

@ -26,7 +26,7 @@ jobs:
cache-dependency-path: sources/package-lock.json
- name: Setup Gradle
# Use a released version to avoid breakages
uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
env:
ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
with:

2
.github/workflows/ci-init-script-check.yml vendored
View File

@ -30,7 +30,7 @@ jobs:
java-version: 17
- name: Setup Gradle
# Use a released version to avoid breakages
uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
env:
ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
- name: Run integration tests

2
.github/workflows/ci-validate-wrappers.yml vendored
View File

@ -12,6 +12,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: gradle/actions/wrapper-validation@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
- uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
with:
allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

6
README.md
View File

@ -32,7 +32,7 @@ jobs:
distribution: 'temurin'
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
- name: Build with Gradle
run: ./gradlew build
```
@ -70,7 +70,7 @@ jobs:
distribution: 'temurin'
java-version: 17
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
```
See the [full action documentation](docs/dependency-submission.md) for more advanced usage scenarios.
@ -99,7 +99,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gradle/actions/wrapper-validation@v4
- uses: gradle/actions/wrapper-validation@v5
```
See the [full action documentation](docs/wrapper-validation.md) for more advanced usage scenarios.

8
RELEASING.md
View File

@ -11,16 +11,16 @@
- Note: The gradle actions follow the GitHub Actions convention of including a .0 patch number for the first release of a minor version, unlike the Gradle convention which omits the trailing .0.
## Release gradle/actions
- Create a tag for the release. The tag should have the format `v4.1.0`
- From CLI: `git tag -s -m "v4.1.0" v4.1.0 && git push --tags`
- Create a tag for the release. The tag should have the format `v5.0.0`
- From CLI: `git tag -s -m "v5.0.0" v5.0.0 && git push --tags`
- Note that we sign the tag and set the commit message for the tag to the newly released version.
- Go to https://github.com/gradle/actions/releases and "Draft new release"
- Use the newly created tag and copy the tag name exactly as the release title.
- Craft release notes content based on issues closed, PRs merged and commits
- Include a Full changelog link in the format https://github.com/gradle/actions/compare/v2.12.0...v3.0.0
- Publish the release.
- Force push the `v4` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
- From CLI: `git tag -f -s -a -m "v4.0.0" v4 v4.0.0 && git push -f --tags`
- Force push the `v5` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
- From CLI: `git tag -f -s -a -m "v5.0.0" v5 v5.0.0 && git push -f --tags`
- Note that we sign the tag and set the commit message for the tag to the newly released version.
## Post release steps

2
dependency-submission/README.md
View File

@ -29,7 +29,7 @@ jobs:
distribution: 'temurin'
java-version: 17
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
```
See the [full action documentation](../docs/dependency-submission.md) for more advanced usage scenarios.

18
docs/dependency-submission.md
View File

@ -43,7 +43,7 @@ jobs:
java-version: 17
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
```
### Gradle execution
@ -68,7 +68,7 @@ Three input parameters are required, one to enable publishing and two more to ac
```yaml
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
with:
build-scan-publish: true
build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
@ -83,7 +83,7 @@ In some cases, the default action configuration will not be sufficient, and addi
```yaml
- name: Generate and save dependency graph
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
with:
# Use a particular Gradle version instead of the configured wrapper.
gradle-version: '8.6'
@ -130,7 +130,7 @@ To reduce storage costs for these artifacts, you can:
```yaml
- name: Generate dependency graph but only store workflow artifacts for 1 day
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
with:
artifact-retention-days: 1 # Default is 30 days or as configured for repository
```
@ -139,7 +139,7 @@ To reduce storage costs for these artifacts, you can:
```yaml
- name: Generate and submit dependency graph but do not store as workflow artifact
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
with:
dependency-graph: 'generate-and-submit' # Default value is 'generate-submit-and-upload'
```
@ -299,7 +299,7 @@ For example, if you want to exclude dependencies resolved by the `buildSrc` proj
```yaml
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
with:
# Exclude all dependencies that originate solely in the 'buildSrc' project
dependency-graph-exclude-projects: ':buildSrc'
@ -350,7 +350,7 @@ jobs:
java-version: 17
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
```
#### 2. Add a dedicated Dependency Review workflow
@ -412,7 +412,7 @@ jobs:
java-version: 17
- name: Generate and save dependency graph
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
with:
dependency-graph: generate-and-upload
```
@ -435,7 +435,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Download and submit dependency graph
uses: gradle/actions/dependency-submission@v4
uses: gradle/actions/dependency-submission@v5
with:
dependency-graph: download-and-submit # Download saved dependency-graph and submit
```

8
docs/deprecation-upgrade-guide.md
View File

@ -20,7 +20,7 @@ To convert your workflows, simply replace:
```
with
```
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
```
## The action `gradle/wrapper-validation-action` has been replaced by `gradle/actions/wrapper-validation`
@ -40,7 +40,7 @@ To convert your workflows, simply replace:
```
with
```
uses: gradle/actions/wrapper-validation@v4
uses: gradle/actions/wrapper-validation@v5
```
## Using the action to execute Gradle via the `arguments` parameter is deprecated
@ -82,7 +82,7 @@ The exact syntax depends on whether or not your project is configured with the [
```
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
- name: Assemble the project
run: ./gradlew assemble
@ -99,7 +99,7 @@ The exact syntax depends on whether or not your project is configured with the [
```
- name: Setup Gradle for a non-wrapper project
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
gradle-version: '8.11'

38
docs/setup-gradle.md
View File

@ -45,7 +45,7 @@ jobs:
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
- name: Execute Gradle build
run: ./gradlew build
@ -58,7 +58,7 @@ Downloaded Gradle versions are stored in the GitHub Actions cache, to avoid havi
```yaml
- name: Setup Gradle 8.10
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
gradle-version: '8.10' # Quotes required to prevent YAML converting to number
- name: Build with Gradle 8.10
@ -96,7 +96,7 @@ jobs:
distribution: temurin
java-version: 17
- uses: gradle/actions/setup-gradle@v4
- uses: gradle/actions/setup-gradle@v5
id: setup-gradle
with:
gradle-version: release-candidate
@ -218,7 +218,7 @@ jobs:
distribution: temurin
java-version: 17
- uses: gradle/actions/setup-gradle@v4
- uses: gradle/actions/setup-gradle@v5
with:
gradle-version: '8.6'
cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
@ -472,7 +472,7 @@ jobs:
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
add-job-summary-as-pr-comment: 'on-failure' # Valid values are 'never' (default), 'always', and 'on-failure'
@ -509,7 +509,7 @@ jobs:
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
- name: Run build with Gradle wrapper
run: ./gradlew build --scan
@ -540,7 +540,7 @@ If you do not want wrapper-validation to occur automatically, you can disable it
```yaml
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
validate-wrappers: false
```
@ -552,7 +552,7 @@ These are not allowed by default.
```yaml
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
validate-wrappers: true
allow-snapshot-wrappers: true
@ -617,7 +617,7 @@ jobs:
java-version: 17
- name: Setup Gradle to generate and submit dependency graphs
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
dependency-graph: generate-and-submit
- name: Run the usual CI build (dependency-graph will be generated and submitted post-job)
@ -644,7 +644,7 @@ graph cannot be generated or submitted. You can enable this behavior with the `d
```yaml
# Ensure that the workflow Job will fail if the dependency graph cannot be submitted
- uses: gradle/actions/setup-gradle@v4
- uses: gradle/actions/setup-gradle@v5
with:
dependency-graph: generate-and-submit
dependency-graph-continue-on-failure: false
@ -669,7 +669,7 @@ jobs:
java-version: 17
- name: Setup Gradle to generate and submit dependency graphs
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
dependency-graph: generate-and-submit
- name: Run a build, resolving the 'dependency-graph' plugin from the plugin portal proxy
@ -699,7 +699,7 @@ jobs:
java-version: 17
- name: Setup Gradle to generate and submit dependency graphs
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
dependency-graph: generate-and-submit
- name: Build the app, generating a graph of dependencies required
@ -743,7 +743,7 @@ To publish to https://scans.gradle.com, you must specify in your workflow that y
```yaml
- name: Setup Gradle to publish build scans
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
build-scan-publish: true
build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service'
@ -765,7 +765,7 @@ The short-lived access token will then be used wherever a Develocity access key
```yaml
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }} # Long-lived access key, visiblility is restricted to this step.
@ -783,7 +783,7 @@ To avoid this, use the `develocity-token-expiry` parameter to specify a differen
```yaml
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
develocity-token-expiry: '8' # The number of hours that the access token should remain valid (max 24).
@ -805,7 +805,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
# The build will automatically use a short-lived access token to authenticate with Develocity
- name: Run a Gradle build that is configured to publish to Develocity.
@ -837,7 +837,7 @@ Here's a minimal example:
```yaml
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
develocity-injection-enabled: true
develocity-url: 'https://develocity.your-server.com'
@ -854,7 +854,7 @@ In the likely scenario that your Develocity server requires authentication, you
```yaml
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
with:
develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
@ -905,7 +905,7 @@ Here's an example using the env vars:
```yaml
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
- name: Run a Gradle build with Develocity injection enabled with environment variables
run: ./gradlew build

4
docs/wrapper-validation.md
View File

@ -50,7 +50,7 @@ We created an example [Homoglyph attack PR here](https://github.com/JLLeitschuh/
Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build:
```yaml
uses: gradle/actions/wrapper-validation@v4
uses: gradle/actions/wrapper-validation@v5
```
This action step should precede any step using `gradle/gradle-build-action` or `gradle/actions/setup-gradle`.
@ -73,7 +73,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gradle/actions/wrapper-validation@v4
- uses: gradle/actions/wrapper-validation@v5
```
## Contributing to an external GitHub Repository

2
setup-gradle/README.md
View File

@ -26,7 +26,7 @@ jobs:
distribution: 'temurin'
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@v5
- name: Build with Gradle
run: ./gradlew build
```

2
wrapper-validation/README.md
View File

@ -25,7 +25,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gradle/actions/wrapper-validation@v4
- uses: gradle/actions/wrapper-validation@v5
```
See the [full action documentation](../docs/wrapper-validation.md) for more advanced usage scenarios.