Introduces type descriptor YAML files for GitHub
Actions in the repository, improving type safety and documentation for
action inputs and outputs. It also adds a new GitHub Actions workflow to
validate these typings automatically on pushes and pull requests. The
changes are grouped into the addition of type descriptor files for
various actions and the automation of their validation.
https://github.com/typesafegithub/github-actions-typing
**Type descriptor files for GitHub Actions:**
* Added `action-types.yml` files to `setup-gradle`,
`dependency-submission`, and `wrapper-validation` actions, specifying
input and output types for each action to improve type safety and
documentation.
[[1]](diffhunk://#diff-542de74831b6dc1954ff20a4c329b170053c82087ea7df742bd536156133f25bR1-R171)
[[2]](diffhunk://#diff-44708a3af3d0f3cfed1873f9b77d7e815c6c14e941fa3dd5ed08835a69d67855R1-R146)
[[3]](diffhunk://#diff-3fe1028d7aa5ee815c90fa580d4f62e646f0b9a4b7372f227fc131a56948ace0R1-R17)
**Automation and validation:**
* Introduced a new GitHub Actions workflow
`.github/workflows/ci-validate-typings.yml` to automatically validate
action typings on pushes to `main` and `release/**` branches, as well as
on pull requests. This uses the `github-actions-typing` action for
validation.
Introduces type descriptor YAML files for GitHub
Actions in the repository, improving type safety and documentation for
action inputs and outputs. It also adds a new GitHub Actions workflow to
validate these typings automatically on pushes and pull requests. The
changes are grouped into the addition of type descriptor files for
various actions and the automation of their validation.
https://github.com/typesafegithub/github-actions-typing
**Type descriptor files for GitHub Actions:**
* Added `action-types.yml` files to `setup-gradle`,
`dependency-submission`, and `wrapper-validation` actions, specifying
input and output types for each action to improve type safety and
documentation.
[[1]](diffhunk://#diff-542de74831b6dc1954ff20a4c329b170053c82087ea7df742bd536156133f25bR1-R171)
[[2]](diffhunk://#diff-44708a3af3d0f3cfed1873f9b77d7e815c6c14e941fa3dd5ed08835a69d67855R1-R146)
[[3]](diffhunk://#diff-3fe1028d7aa5ee815c90fa580d4f62e646f0b9a4b7372f227fc131a56948ace0R1-R17)
**Automation and validation:**
* Introduced a new GitHub Actions workflow
`.github/workflows/ci-validate-typings.yml` to automatically validate
action typings on pushes to `main` and `release/**` branches, as well as
on pull requests. This uses the `github-actions-typing` action for
validation.
With this change, the caching functionality of `setup-gradle` and
`dependency-submission` is now provided by `gradle-actions-caching`, a
closed-source library distributed under our [Terms of
Use](https://gradle.com/legal/terms-of-use/). The rest of the action
implementation remains open source.
Using `setup-gradle` or `dependency-submission` with caching enabled
involves loading and using the `gradle-actions-caching` component,
requiring acceptance of the [Terms of
Use](https://gradle.com/legal/terms-of-use/). There are no functional
changes to caching provided by these actions: all workflows will
continue to function as before.
The non-caching aspects of action implementation remain open source. By
running these actions with caching disabled they can be used without
ever loading `gradle-actions-caching` or accepting the license terms.
Supporting the caching infrastructure in this project requires a
substantial engineering investment by Gradle Technologies, which we can
sustain thanks to Develocity, our commercial offering. Caching
technologies are a core part of the Develocity offering, and the caching
in `setup-gradle` fits squarely in that space.
This licensing change lets us continue to build advanced capabilities
that go beyond what we would offer as open source. Proper
production-ready Configuration Cache support will be the first
capability. Improving build performance for self-hosted runners will
follow.
We may introduce functionality restrictions in future updates. However,
caching functionality will remain free for public repositories.
We have a long-standing commitment to open source, as maintainers of
Gradle Build Tool, and by [sponsoring the open source
community](https://gradle.com/oss-sponsored-by-develocity/) with free
Develocity licenses. Public repositories are primarily used by open
source projects, and we remain committed to supporting them.
- Implementation of caching logic to save and restore Gradle User Home
content has been removed, replaced by the `gradle-actions-caching`
component.
- The `@actions/caching` library is still used to cache Gradle
distributions that are downloaded and provisioned by `setup-gradle`.
This PR updates to the latest version of `@actions/caching`, and removes
the patch that is no longer required.
- License notices are now displayed in documentation, logs and the
generated Job Summary.
Removes support for configuration-cache extraction and restore from the
caching workflow and related source code. Configuration-cache support
only worked for a limited set of projects (gradle/actions#21), and we
plan to reimplement this properly as part of the
`gradle-actions-caching` project.
The main impact is simplification of the caching logic, focusing only on
common Gradle artifacts. The `ConfigurationCacheEntryExtractor` class
and related logic were deleted from
`sources/src/caching/gradle-home-extry-extractor.ts`.
Automatically generated pull request to update the known wrapper
checksums.
In case of conflicts, manually run the workflow from the [Actions
tab](https://github.com/gradle/actions/actions/workflows/update-checksums-file.yml),
the changes will then be force-pushed onto this pull request branch.
Do not manually update the pull request branch; those changes might get
overwritten.
> [!IMPORTANT]
> GitHub workflows have not been executed for this pull request yet.
Before merging, close and then directly reopen this pull request to
trigger the workflows.
Bumps the npm-dependencies group in /sources with 2 updates:
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
and [eslint](https://github.com/eslint/eslint).
Updates `@types/node` from 25.3.0 to 25.3.2
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
Updates `eslint` from 10.0.1 to 10.0.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/eslint/eslint/releases">eslint's
releases</a>.</em></p>
<blockquote>
<h2>v10.0.2</h2>
<h2>Bug Fixes</h2>
<ul>
<li><a
href="2b723616a4"><code>2b72361</code></a>
fix: update <code>ajv</code> to <code>6.14.0</code> to address security
vulnerabilities (<a
href="https://redirect.github.com/eslint/eslint/issues/20537">#20537</a>)
(루밀LuMir)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li><a
href="13eeedbbd1"><code>13eeedb</code></a>
docs: link rule type explanation to CLI option --fix-type (<a
href="https://redirect.github.com/eslint/eslint/issues/20548">#20548</a>)
(Mike McCready)</li>
<li><a
href="98cbf6ba53"><code>98cbf6b</code></a>
docs: update migration guide per Program range change (<a
href="https://redirect.github.com/eslint/eslint/issues/20534">#20534</a>)
(Huáng Jùnliàng)</li>
<li><a
href="61a2405441"><code>61a2405</code></a>
docs: add missing semicolon in vars-on-top rule example (<a
href="https://redirect.github.com/eslint/eslint/issues/20533">#20533</a>)
(Abilash)</li>
</ul>
<h2>Chores</h2>
<ul>
<li><a
href="951223b296"><code>951223b</code></a>
chore: update dependency <code>@eslint/eslintrc</code> to ^3.3.4 (<a
href="https://redirect.github.com/eslint/eslint/issues/20553">#20553</a>)
(renovate[bot])</li>
<li><a
href="6aa1afe669"><code>6aa1afe</code></a>
chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (<a
href="https://redirect.github.com/eslint/eslint/issues/20536">#20536</a>)
(Milos Djermanovic)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="55122d6f97"><code>55122d6</code></a>
10.0.2</li>
<li><a
href="80f1e29ec8"><code>80f1e29</code></a>
Build: changelog update for 10.0.2</li>
<li><a
href="951223b296"><code>951223b</code></a>
chore: update dependency <code>@eslint/eslintrc</code> to ^3.3.4 (<a
href="https://redirect.github.com/eslint/eslint/issues/20553">#20553</a>)</li>
<li><a
href="13eeedbbd1"><code>13eeedb</code></a>
docs: link rule type explanation to CLI option --fix-type (<a
href="https://redirect.github.com/eslint/eslint/issues/20548">#20548</a>)</li>
<li><a
href="6aa1afe669"><code>6aa1afe</code></a>
chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (<a
href="https://redirect.github.com/eslint/eslint/issues/20536">#20536</a>)</li>
<li><a
href="2b723616a4"><code>2b72361</code></a>
fix: update <code>ajv</code> to <code>6.14.0</code> to address security
vulnerabilities (<a
href="https://redirect.github.com/eslint/eslint/issues/20537">#20537</a>)</li>
<li><a
href="98cbf6ba53"><code>98cbf6b</code></a>
docs: update migration guide per Program range change (<a
href="https://redirect.github.com/eslint/eslint/issues/20534">#20534</a>)</li>
<li><a
href="61a2405441"><code>61a2405</code></a>
docs: add missing semicolon in vars-on-top rule example (<a
href="https://redirect.github.com/eslint/eslint/issues/20533">#20533</a>)</li>
<li>See full diff in <a
href="https://github.com/eslint/eslint/compare/v10.0.1...v10.0.2">compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| @types/node | [>= 22.a, < 23] |
</details>
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
