## Summary
- Reorganized setup-gradle caching docs into three clear sections:
general (shared options), Enhanced Caching, and Basic Caching
- Added new documentation for `cache-encryption-key`,
`gradle-home-cache-strict-match`, and the full Basic Caching section
(key strategy, stored content, limitations)
- Moved enhanced-only options (`cache-write-only`,
`cache-overwrite-existing`, `cache-cleanup`, includes/excludes, strict
matching) into the Enhanced Caching section
- Preserved all existing anchor links used by source code and other docs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary
- **New `basic` cache provider**: Adds an open-source (MIT-licensed)
caching implementation built on `@actions/cache` as an alternative to
the proprietary Enhanced Caching. Users can opt in with `cache-provider:
basic` on both `setup-gradle` and `dependency-submission` actions.
- **Revamped licensing & distribution docs**: Replaces the verbose
licensing notice block (previously shown in README, docs, and logs) with
a friendlier callout and a new dedicated
[DISTRIBUTION.md](./DISTRIBUTION.md) covering component licensing, usage
tiers, data privacy ("Safe Harbor"), and opt-out instructions.
- **Improved messaging**: Enhanced Caching and Basic Caching each
display concise, informative log messages and job summary notes instead
of the previous wall-of-text license warning.
- **New integration tests**: Adds `integ-test-basic-cache-provider.yml`
workflow that seeds and verifies the basic cache provider across
platforms, plus unit tests for `BasicCacheService` and `getCacheService`
selection logic.
- **CI workflow reorganization**: Dependency-submission integration
tests extracted into their own reusable suite
(`suite-integ-test-dependency-submission.yml`); sample project tests
moved into the caching suite.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This pull request includes dependency updates, a minor bug fix, and a
workflow update. The most significant changes are grouped below:
Dependency Updates:
* Updated several development dependencies in `sources/package.json`,
including `@typescript-eslint/eslint-plugin` to 8.58.0, `esbuild` to
0.28.0, and `ts-jest` to 29.4.9, to keep the project up to date with the
latest features and bug fixes.
Bug Fix:
* Fixed a typo in the import statement for `deprecation-collector` in
`sources/src/configuration.ts`, correcting the import from `de cator` to
`deprecator`.
CI/CD Workflow Update:
* Updated the commit hashes for the `github/codeql-action/init` and
`github/codeql-action/analyze` steps in
`.github/workflows/ci-codeql.yml` to use a newer commit, ensuring the
workflow uses the latest patches for these actions.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This pull request primarily updates dependencies to ensure compatibility
and benefit from the latest features and fixes. The most significant
changes include upgrading the Develocity Gradle plugin and related
workflow/test matrix versions, as well as updating several
JavaScript/TypeScript development dependencies.
**Gradle and Develocity plugin updates:**
* Updated the `com.gradle.develocity` plugin version from `4.3.2` to
`4.4.0` across all workflow sample Gradle files and documentation. This
ensures the latest features and fixes are used in all example and test
projects.
[[1]](diffhunk://#diff-76298366dd6b8dd6f26592596c333884930a893c9553247c720b151c4e2ca314L2-R2)
[[2]](diffhunk://#diff-d4c2e31d274e47ae44389c511a1ba7fb24275335d155de5d013bcfa1631da3f4L2-R2)
[[3]](diffhunk://#diff-8ccb433ca9eee93c137fed07a97f755e10aae3a5989fbcd9eae427383a8c2243L2-R2)
[[4]](diffhunk://#diff-f71438b1f838b2006cbff9be742ce918a0a53dfa51ab838f480517f63da54e55L2-R2)
[[5]](diffhunk://#diff-f7ae8d202a355a0d67ecbaf0d3b18c5bc0ef3d94a546724ff776b20517d4318cL867-R867)
* Changed the Develocity plugin version in the integration test matrix
and related access key logic from `4.3.2` to `4.4.0` in the GitHub
Actions workflow configuration.
[[1]](diffhunk://#diff-670fc94ebca0a47e5491678ac19b6eeb5c06bbe5fb1786748f38b3a983564543L33-R33)
[[2]](diffhunk://#diff-670fc94ebca0a47e5491678ac19b6eeb5c06bbe5fb1786748f38b3a983564543L46-R46)
[[3]](diffhunk://#diff-670fc94ebca0a47e5491678ac19b6eeb5c06bbe5fb1786748f38b3a983564543L95-R95)
[[4]](diffhunk://#diff-670fc94ebca0a47e5491678ac19b6eeb5c06bbe5fb1786748f38b3a983564543L151-R151)
[[5]](diffhunk://#diff-670fc94ebca0a47e5491678ac19b6eeb5c06bbe5fb1786748f38b3a983564543L194-R194)
**GitHub Actions workflow updates:**
* Upgraded the `gradle/actions/setup-gradle` and
`gradle/actions/wrapper-validation` actions from v5.0.2 to v6.0.1 in all
relevant workflows, ensuring compatibility with the latest Gradle and
GitHub Actions features.
[[1]](diffhunk://#diff-67e3ccddaa5be01f56241af95a472ecc7b4eea0f6c71adb38e109207ea643af2L29-R29)
[[2]](diffhunk://#diff-20def8dd090267382644676ff63075fd8c64a9c8a9eeae936fc2451b10c063ccL33-R33)
[[3]](diffhunk://#diff-97df74640aaaa8bf2c853ceb34bc83eda56f6a670a91ef5a27e5c9ffcf1c9378L15-R15)
* Updated the `github/codeql-action/init` and
`github/codeql-action/analyze` actions to a new commit SHA, maintaining
up-to-date security scanning.
**JavaScript/TypeScript dependency updates:**
* Upgraded `@typescript-eslint/eslint-plugin` from `8.57.1` to `8.57.2`,
`eslint` from `10.0.3` to `10.1.0`, and `typescript` from `5.9.3` to
`6.0.2` in `sources/package-lock.json`, along with related dependency
tree updates for improved linting and TypeScript support.
[[1]](diffhunk://#diff-7e4a393257b8b2f1b2d998903badbc3175139afc4f7959f1a80f3a2fac68ecebL34-R44)
[[2]](diffhunk://#diff-7e4a393257b8b2f1b2d998903badbc3175139afc4f7959f1a80f3a2fac68ecebL1679-R1685)
[[3]](diffhunk://#diff-7e4a393257b8b2f1b2d998903badbc3175139afc4f7959f1a80f3a2fac68ecebL2857-R2867)
[[4]](diffhunk://#diff-7e4a393257b8b2f1b2d998903badbc3175139afc4f7959f1a80f3a2fac68ecebL2880-R2925)
[[5]](diffhunk://#diff-7e4a393257b8b2f1b2d998903badbc3175139afc4f7959f1a80f3a2fac68ecebL2917-R2946)
[[6]](diffhunk://#diff-7e4a393257b8b2f1b2d998903badbc3175139afc4f7959f1a80f3a2fac68ecebL2943-R2988)
[[7]](diffhunk://#diff-7e4a393257b8b2f1b2d998903badbc3175139afc4f7959f1a80f3a2fac68ecebR2997-R3015)
This is necessary to avoid loading a cache entry from a different test,
where the allowed wrapper checksums might have been cached, causing the
wrapper validation to unexpectedly succeed.
Bumps the gradle group with 1 update in the /sources/test/init-scripts
directory:
[com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary).
Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-smile` from
2.21.1 to 2.21.2
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4abc5dc04a"><code>4abc5dc</code></a>
[maven-release-plugin] prepare release
jackson-dataformats-binary-2.21.2</li>
<li><a
href="c139eb76ca"><code>c139eb7</code></a>
Prep for 2.21.2 release</li>
<li><a
href="4a3327708a"><code>4a33277</code></a>
Merge branch '2.20' into 2.21</li>
<li><a
href="816df57981"><code>816df57</code></a>
Merge branch '2.19' into 2.20</li>
<li><a
href="3ae1b3102e"><code>3ae1b31</code></a>
Update release notes</li>
<li><a
href="c5f237894b"><code>c5f2378</code></a>
Post-release dep version bump</li>
<li><a
href="182a13afde"><code>182a13a</code></a>
[maven-release-plugin] prepare for next development iteration</li>
<li>See full diff in <a
href="https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.21.1...jackson-dataformats-binary-2.21.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
With licensing changes in v6, a license warning was added to the logs
and job summary. Now, accepting the Build Scan Terms of Use or providing
a Develocity Access Key will mute this warning.
Introduces type descriptor YAML files for GitHub
Actions in the repository, improving type safety and documentation for
action inputs and outputs. It also adds a new GitHub Actions workflow to
validate these typings automatically on pushes and pull requests. The
changes are grouped into the addition of type descriptor files for
various actions and the automation of their validation.
https://github.com/typesafegithub/github-actions-typing
**Type descriptor files for GitHub Actions:**
* Added `action-types.yml` files to `setup-gradle`,
`dependency-submission`, and `wrapper-validation` actions, specifying
input and output types for each action to improve type safety and
documentation.
[[1]](diffhunk://#diff-542de74831b6dc1954ff20a4c329b170053c82087ea7df742bd536156133f25bR1-R171)
[[2]](diffhunk://#diff-44708a3af3d0f3cfed1873f9b77d7e815c6c14e941fa3dd5ed08835a69d67855R1-R146)
[[3]](diffhunk://#diff-3fe1028d7aa5ee815c90fa580d4f62e646f0b9a4b7372f227fc131a56948ace0R1-R17)
**Automation and validation:**
* Introduced a new GitHub Actions workflow
`.github/workflows/ci-validate-typings.yml` to automatically validate
action typings on pushes to `main` and `release/**` branches, as well as
on pull requests. This uses the `github-actions-typing` action for
validation.
Introduces type descriptor YAML files for GitHub
Actions in the repository, improving type safety and documentation for
action inputs and outputs. It also adds a new GitHub Actions workflow to
validate these typings automatically on pushes and pull requests. The
changes are grouped into the addition of type descriptor files for
various actions and the automation of their validation.
https://github.com/typesafegithub/github-actions-typing
**Type descriptor files for GitHub Actions:**
* Added `action-types.yml` files to `setup-gradle`,
`dependency-submission`, and `wrapper-validation` actions, specifying
input and output types for each action to improve type safety and
documentation.
[[1]](diffhunk://#diff-542de74831b6dc1954ff20a4c329b170053c82087ea7df742bd536156133f25bR1-R171)
[[2]](diffhunk://#diff-44708a3af3d0f3cfed1873f9b77d7e815c6c14e941fa3dd5ed08835a69d67855R1-R146)
[[3]](diffhunk://#diff-3fe1028d7aa5ee815c90fa580d4f62e646f0b9a4b7372f227fc131a56948ace0R1-R17)
**Automation and validation:**
* Introduced a new GitHub Actions workflow
`.github/workflows/ci-validate-typings.yml` to automatically validate
action typings on pushes to `main` and `release/**` branches, as well as
on pull requests. This uses the `github-actions-typing` action for
validation.
