mirror of
https://hub.gitmirror.com/https://github.com/gradle/actions.git
synced 2025-10-27 16:09:59 +08:00
545 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
bot-githubaction
|
6f7188dbe1
|
Bump Gradle Wrapper from 8.14 to 8.14.1.
Release notes of Gradle 8.14.1 can be found here: https://docs.gradle.org/8.14.1/release-notes.html Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> |
||
|
dependabot[bot]
|
2e3238a664
|
Bump actions/download-artifact from 4.2.1 to 4.3.0 in /.github/actions/init-integ-test in the github-actions group across 1 directory (#633)
Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/download-artifact` from 4.2.1 to 4.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>feat: implement new <code>artifact-ids</code> input by <a href="https://github.com/GrantBirki"><code>@GrantBirki</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/401">actions/download-artifact#401</a></li> <li>Fix workflow example for downloading by artifact ID by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/402">actions/download-artifact#402</a></li> <li>Prep for v4.3.0 release by <a href="https://github.com/robherley"><code>@robherley</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/404">actions/download-artifact#404</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GrantBirki"><code>@GrantBirki</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/401">actions/download-artifact#401</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0">https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
daz
|
d0b9e7db8b
|
Use Gradle 8.14 everywhere | ||
|
dependabot[bot]
|
a5903a9454
|
Bump the github-actions group across 1 directory with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `github/codeql-action` from 3.28.15 to 3.28.16 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits]( |
||
|
bot-githubaction
|
e12df82938
|
Bump references to Develocity Gradle plugin from 4.0 to 4.0.1 | ||
|
dependabot[bot]
|
e174685172
|
Bump stefanzweifel/git-auto-commit-action
Bumps the github-actions group with 1 update in the / directory: [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action).
Updates `stefanzweifel/git-auto-commit-action` from 5.1.0 to 5.2.0
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](
|
||
|
bot-githubaction
|
b1b80d81cf
|
Bump Gradle Wrapper from 8.13 to 8.14.
Release notes of Gradle 8.14 can be found here: https://docs.gradle.org/8.14/release-notes.html Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> |
||
|
dependabot[bot]
|
42e0af31a2
|
Bump the github-actions group across 3 directories with 3 updates (#609)
Bumps the github-actions group with 3 updates in the / directory: [actions/setup-node](https://github.com/actions/setup-node), [tj-actions/changed-files](https://github.com/tj-actions/changed-files) and [actions/setup-java](https://github.com/actions/setup-java). Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/setup-node](https://github.com/actions/setup-node). Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/setup-java](https://github.com/actions/setup-java). Updates `actions/setup-node` from 4.3.0 to 4.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v4.4.0</h2> <h2>What's Changed</h2> <h3>Bug fixes:</h3> <ul> <li>Make eslint-compact matcher compatible with Stylelint by <a href="https://github.com/FloEdelmann"><code>@FloEdelmann</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/98">actions/setup-node#98</a></li> <li>Add support for indented eslint output by <a href="https://github.com/fregante"><code>@fregante</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1245">actions/setup-node#1245</a></li> </ul> <h3>Enhancement:</h3> <ul> <li>Support private mirrors by <a href="https://github.com/marco-ippolito"><code>@marco-ippolito</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1240">actions/setup-node#1240</a></li> </ul> <h3>Dependency update:</h3> <ul> <li>Upgrade <code>@action/cache</code> from 4.0.2 to 4.0.3 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1262">actions/setup-node#1262</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/FloEdelmann"><code>@FloEdelmann</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/98">actions/setup-node#98</a></li> <li><a href="https://github.com/fregante"><code>@fregante</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1245">actions/setup-node#1245</a></li> <li><a href="https://github.com/marco-ippolito"><code>@marco-ippolito</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1240">actions/setup-node#1240</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v4...v4.4.0">https://github.com/actions/setup-node/compare/v4...v4.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3a6b53a0d0
|
Bump the gradle group across 2 directories with 2 updates (#608)
Bumps the gradle group with 1 update in the /.github/workflow-samples/java-toolchain directory: org.gradle.toolchains.foojay-resolver-convention. Bumps the gradle group with 1 update in the /.github/workflow-samples/kotlin-dsl directory: [com.google.guava:guava](https://github.com/google/guava). Updates `org.gradle.toolchains.foojay-resolver-convention` from 0.9.0 to 0.10.0 Updates `com.google.guava:guava` from 33.4.6-jre to 33.4.8-jre <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/guava/releases">com.google.guava:guava's releases</a>.</em></p> <blockquote> <h2>33.4.8</h2> <p>Guava 33.4.8 fixes a problem that we introduced while starting to migrate <code>guava-android</code> off <code>Unsafe</code> in <a href="https://github.com/google/guava/releases/tag/v33.4.7">33.4.7</a>.</p> <p>Even if you're not upgrading from Guava 33.4.0 or earlier, still read <a href="https://github.com/google/guava/releases/tag/v33.4.1">the release notes for Guava 33.4.1</a>. Those release notes contain information about the effects of Guava 33.4.5 and higher on the module system.</p> <h3>Maven</h3> <pre lang="xml"><code><dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> <version>33.4.8-jre</version> <!-- or, for Android: --> <version>33.4.8-android</version> </dependency> </code></pre> <h3>Jar files</h3> <ul> <li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/33.4.8-jre/guava-33.4.8-jre.jar">33.4.8-jre.jar</a></li> <li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/33.4.8-android/guava-33.4.8-android.jar">33.4.8-android.jar</a></li> </ul> <p>Guava requires <a href="https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies">one runtime dependency</a>, which you can download here:</p> <ul> <li><a href="https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.3/failureaccess-1.0.3.jar">failureaccess-1.0.3.jar</a></li> </ul> <h3>Javadoc</h3> <ul> <li><a href="https://guava.dev/releases/33.4.8-jre/api/docs/">33.4.8-jre</a></li> <li><a href="https://guava.dev/releases/33.4.8-android/api/docs/">33.4.8-android</a></li> </ul> <h3>JDiff</h3> <ul> <li><a href="https://guava.dev/releases/33.4.8-jre/api/diffs/">33.4.8-jre vs. 33.4.7-jre</a></li> <li><a href="https://guava.dev/releases/33.4.8-android/api/diffs/">33.4.8-android vs. 33.4.7-android</a></li> <li><a href="https://guava.dev/releases/33.4.8-android/api/androiddiffs/">33.4.8-android vs. 33.4.8-jre</a></li> </ul> <h3>Changelog</h3> <ul> <li><code>util.concurrent</code>: Removed our <code>VarHandle</code> code from <code>guava-android</code>. While the code was never used at runtime under Android, it was causing <a href="https://redirect.github.com/google/guava/issues/7769">problems under the Android Gradle Plugin</a> with a <code>minSdkVersion</code> below 26. To continue to avoid <code>sun.misc.Unsafe</code> under the JVM, <code>guava-android</code> will now always use <code>AtomicReferenceFieldUpdater</code> when run there. (75da92419a)</li> </ul> <h2>33.4.7</h2> <p><strong>Prefer to upgrade straight to <a href="https://github.com/google/guava/releases/tag/v33.4.8">33.4.8</a>:</strong> 33.4.7 <a href="https://redirect.github.com/google/guava/issues/7769">breaks the build of Android apps with a minSdkVersion below 26</a>. We will publish a fixed version soon. This problem is fixed in 33.4.8.</p> <p>Guava 33.4.7, like <a href="https://github.com/google/guava/releases/tag/v33.4.6">33.4.6</a>, fixes two problems that we introduced while modularizing Guava and migrating off <code>Unsafe</code> in <a href="https://github.com/google/guava/releases/tag/v33.4.5">33.4.5</a>.</p> <p>Even if you're not upgrading from Guava 33.4.0 or earlier, still read <a href="https://github.com/google/guava/releases/tag/v33.4.1">the release notes for Guava 33.4.1</a>. Those release notes contain information about the effects of Guava 33.4.5 and higher on the module system.</p> <h3>Maven</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/google/guava/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
StepSecurity Bot
|
edf5691417
|
[StepSecurity] ci: Harden GitHub Actions (#597)
## Summary This pull request is created by [StepSecurity](https://app.stepsecurity.io/securerepo) at the request of @bigdaz. Please merge the Pull Request to incorporate the requested changes. Please tag @bigdaz on your message if you have any questions related to the PR. ## Security Fixes ### Pinned Dependencies GitHub Action tags and Docker tags are mutable. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ## Feedback For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> |
||
|
Bot Githubaction
|
e63ba6843c
|
Bump references to Develocity Gradle plugin from 3.19.2 to 4.0 (#596)
This PR bumps references to Develocity Gradle plugin from 3.19.2 to 4.0. --------- Co-authored-by: daz <daz@gradle.com> |
||
|
dependabot[bot]
|
db76f3a125
|
Bump the github-actions group across 1 directory with 2 updates (#594)
Bumps the github-actions group with 2 updates in the / directory: [tj-actions/changed-files](https://github.com/tj-actions/changed-files) and [github/codeql-action](https://github.com/github/codeql-action). Updates `tj-actions/changed-files` from 46.0.3 to 46.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/releases">tj-actions/changed-files's releases</a>.</em></p> <blockquote> <h2>v46.0.4</h2> <h2>What's Changed</h2> <ul> <li>Upgraded to v46.0.3 by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2506">tj-actions/changed-files#2506</a></li> <li>docs: update readme by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2508">tj-actions/changed-files#2508</a></li> <li>fix: bug modified_keys and changed_key outputs not set when no changes detected by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2509">tj-actions/changed-files#2509</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v46...v46.0.4">https://github.com/tj-actions/changed-files/compare/v46...v46.0.4</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1><a href="https://github.com/tj-actions/changed-files/compare/v46.0.3...v46.0.4">46.0.4</a> - (2025-04-03)</h1> <h2><!-- raw HTML omitted -->🐛 Bug Fixes</h2> <ul> <li>Bug modified_keys and changed_key outputs not set when no changes detected (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2509">#2509</a>) (<a href=" |
||
|
Bot Githubaction
|
572d36861a
|
Update develocity-injection init script to v2.0 (#593)
Updates the develocity-injection init script to the latest reference script content from https://github.com/gradle/develocity-ci-injection. --------- Co-authored-by: daz <daz@gradle.com> |
||
|
Daz DeBoer
|
dc4f141bca
|
Bump the gradle group across 3 directories with 2 updates (#588)
Bumps the gradle group with 1 update in the /.github/workflow-samples/groovy-dsl directory: com.gradle.common-custom-user-data-gradle-plugin. Bumps the gradle group with 1 update in the /.github/workflow-samples/kotlin-dsl directory: com.gradle.common-custom-user-data-gradle-plugin. Bumps the gradle group with 2 updates in the /sources/test/init-scripts directory: com.gradle.common-custom-user-data-gradle-plugin and [com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary). Updates `com.gradle.common-custom-user-data-gradle-plugin` from 2.1 to 2.2.1 Updates `com.gradle.common-custom-user-data-gradle-plugin` from 2.1 to 2.2.1 Updates `com.gradle.common-custom-user-data-gradle-plugin` from 2.1 to 2.2.1 Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-smile` from 2.18.2 to 2.18.3 <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Daz DeBoer
|
fdc7db9f7f
|
Bump the github-actions group across 2 directories with 2 updates (#587)
Bumps the github-actions group with 1 update in the / directory: [gradle/actions](https://github.com/gradle/actions). Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/download-artifact](https://github.com/actions/download-artifact). Updates `gradle/actions` from 4.3.0 to 4.3.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v4.3.1</h2> <p>This release fixes a couple of minor issues, as well as keeping dependencies up to date.</p> <h2>Fixed issues</h2> <ul> <li>The develocity-allow-untrusted-server parameter should be honoured when fetching short-lived access tokens <a href="https://redirect.github.com/gradle/actions/issues/583">#583</a></li> <li>Build summary may incorrectly report build success <a href="https://redirect.github.com/gradle/actions/issues/415">#415</a></li> </ul> <h2>What's Changed</h2> <ul> <li>Update develocity-injection init script to v1.1.1 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/545">gradle/actions#545</a></li> <li>Bump the github-actions group across 2 directories with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/547">gradle/actions#547</a></li> <li>Bump the npm-dependencies group in /sources with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/548">gradle/actions#548</a></li> <li>Update develocity-injection init script to v1.2 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/550">gradle/actions#550</a></li> <li>Bump the github-actions group across 1 directory with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/552">gradle/actions#552</a></li> <li>Bump the npm-dependencies group across 1 directory with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/558">gradle/actions#558</a></li> <li>Update known wrapper checksums by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/560">gradle/actions#560</a></li> <li>Bump references to Develocity Gradle plugin from 3.19.1 to 3.19.2 by <a href="https://github.com/bot-githubaction"><code>@bot-githubaction</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/561">gradle/actions#561</a></li> <li>Catch more build failures in job summary by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/571">gradle/actions#571</a></li> <li>Scope captured build failures by <a href="https://github.com/erichaagdev"><code>@erichaagdev</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/574">gradle/actions#574</a></li> <li>Ignore SSL certificate validation when fetching Develocity short-lived access token if <code>develocity-allow-untrusted-server</code> is enabled by <a href="https://github.com/remcomokveld"><code>@remcomokveld</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/575">gradle/actions#575</a></li> <li>Dependency updates by <a href="https://github.com/bigdaz"><code>@bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/579">gradle/actions#579</a></li> <li>Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/580">gradle/actions#580</a></li> <li>Bump the github-actions group across 2 directories with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/582">gradle/actions#582</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/erichaagdev"><code>@erichaagdev</code></a> made their first contribution in <a href="https://redirect.github.com/gradle/actions/pull/574">gradle/actions#574</a></li> <li><a href="https://github.com/remcomokveld"><code>@remcomokveld</code></a> made their first contribution in <a href="https://redirect.github.com/gradle/actions/pull/575">gradle/actions#575</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v4.3.0...v4.3.1">https://github.com/gradle/actions/compare/v4.3.0...v4.3.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
daz
|
af84fa9a5b
|
Sign commits in generated PR | ||
|
Daz DeBoer
|
777b8de880
|
Sign bot-generated commits | ||
|
dependabot[bot]
|
5044d2f9c3
|
Bump the gradle group across 3 directories with 2 updates
Bumps the gradle group with 1 update in the /.github/workflow-samples/groovy-dsl directory: com.gradle.common-custom-user-data-gradle-plugin. Bumps the gradle group with 1 update in the /.github/workflow-samples/kotlin-dsl directory: com.gradle.common-custom-user-data-gradle-plugin. Bumps the gradle group with 2 updates in the /sources/test/init-scripts directory: com.gradle.common-custom-user-data-gradle-plugin and [com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary). Updates `com.gradle.common-custom-user-data-gradle-plugin` from 2.1 to 2.2.1 Updates `com.gradle.common-custom-user-data-gradle-plugin` from 2.1 to 2.2.1 Updates `com.gradle.common-custom-user-data-gradle-plugin` from 2.1 to 2.2.1 Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-smile` from 2.18.2 to 2.18.3 - [Commits](https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.18.2...jackson-dataformats-binary-2.18.3) --- updated-dependencies: - dependency-name: com.gradle.common-custom-user-data-gradle-plugin dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle - dependency-name: com.gradle.common-custom-user-data-gradle-plugin dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle - dependency-name: com.gradle.common-custom-user-data-gradle-plugin dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle - dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-smile dependency-version: 2.18.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
dependabot[bot]
|
831a86f0ed
|
Bump the github-actions group across 2 directories with 2 updates
Bumps the github-actions group with 1 update in the / directory: [gradle/actions](https://github.com/gradle/actions). Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/download-artifact](https://github.com/actions/download-artifact). Updates `gradle/actions` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/gradle/actions/releases) - [Commits]( |
||
|
dependabot[bot]
|
06832c7b30 |
Bump the github-actions group across 2 directories with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `github/codeql-action` from 3.28.11 to 3.28.13 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits]( |
||
|
dependabot[bot]
|
b7b029e5c4
|
Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory (#580)
Bumps the gradle group with 1 update in the /.github/workflow-samples/kotlin-dsl directory: [com.google.guava:guava](https://github.com/google/guava). Updates `com.google.guava:guava` from 33.4.5-jre to 33.4.6-jre <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/guava/releases">com.google.guava:guava's releases</a>.</em></p> <blockquote> <h2>33.4.6</h2> <p>Guava 33.4.6 fixes two problems that we introduced while modularizing Guava in <a href="https://github.com/google/guava/releases/tag/v33.4.5">33.4.5</a>.</p> <p>Even if you're not upgrading from Guava 33.4.0 or earlier, still read <a href="https://github.com/google/guava/releases/tag/v33.4.1">the release notes for Guava 33.4.1</a>. Those release notes contain information about Guava 33.4.5 and 33.4.6's effect on the module system.</p> <h3>Maven</h3> <pre lang="xml"><code><dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> <version>33.4.6-jre</version> <!-- or, for Android: --> <version>33.4.6-android</version> </dependency> </code></pre> <h3>Jar files</h3> <ul> <li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/33.4.6-jre/guava-33.4.6-jre.jar">33.4.6-jre.jar</a></li> <li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/33.4.6-android/guava-33.4.6-android.jar">33.4.6-android.jar</a></li> </ul> <p>Guava requires <a href="https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies">one runtime dependency</a>, which you can download here:</p> <ul> <li><a href="https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.3/failureaccess-1.0.3.jar">failureaccess-1.0.3.jar</a></li> </ul> <h3>Javadoc</h3> <ul> <li><a href="https://guava.dev/releases/33.4.6-jre/api/docs/">33.4.6-jre</a></li> <li><a href="https://guava.dev/releases/33.4.6-android/api/docs/">33.4.6-android</a></li> </ul> <h3>JDiff</h3> <ul> <li><a href="https://guava.dev/releases/33.4.6-jre/api/diffs/">33.4.6-jre vs. 33.4.5-jre</a></li> <li><a href="https://guava.dev/releases/33.4.6-android/api/diffs/">33.4.6-android vs. 33.4.5-android</a></li> <li><a href="https://guava.dev/releases/33.4.6-android/api/androiddiffs/">33.4.6-android vs. 33.4.6-jre</a></li> </ul> <h3>Changelog</h3> <ul> <li>Removed the extra copy of each class from the Guava jar. The extra copies were an accidental addition from the modularization work in <a href="https://github.com/google/guava/releases/tag/v33.4.5">Guava 33.4.5</a>. (40485b93ce)</li> <li>Fixed annotation-related warnings when using Guava in modular builds. The most common such warning is <code>Cannot find annotation method 'value()' in type 'DoNotMock': ...</code>. (7e15ab3566)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/google/guava/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
daz
|
a581639303
|
Update DSL samples to use test suites | ||
|
daz
|
acd2925667
|
Update java-toolchain sample to use Kotlin DSL | ||
|
daz
|
aa88309fbd
|
Update gradle-plugin sample to use Kotlin DSL | ||
|
daz
|
203ed600ea
|
Bump tj-actions/changed-files to 46.0.3 | ||
|
dependabot[bot]
|
d2985e6cc7
|
Bump the github-actions group across 2 directories with 6 updates
Bumps the github-actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-node](https://github.com/actions/setup-node) | `4.2.0` | `4.3.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `dcc7a0cba800f454d79fff4b993e8c3555bcc0a8` | `0fee5fb278312d962ff465bb38dc4cae9f446de2` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.9` | `3.28.11` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.0` | `4.6.1` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.6` | `7.0.8` | Bumps the github-actions group with 2 updates in the /.github/actions/build-dist directory: [actions/setup-node](https://github.com/actions/setup-node) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/setup-node` from 4.2.0 to 4.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits]( |
||
|
dependabot[bot]
|
3d9adb8ecd
|
Bump the gradle group across 1 directory with 2 updates
Bumps the gradle group with 2 updates in the /.github/workflow-samples/kotlin-dsl directory: [com.google.guava:guava](https://github.com/google/guava) and [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5). Updates `com.google.guava:guava` from 33.4.0-jre to 33.4.5-jre - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) Updates `org.junit.jupiter:junit-jupiter` from 5.11.4 to 5.12.1 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.11.4...r5.12.1) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle - dependency-name: org.junit.jupiter:junit-jupiter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
bot-githubaction
|
29f0d0a78a
|
Update to use Gradle 8.13
Release notes of Gradle 8.13 can be found here: https://docs.gradle.org/8.13/release-notes.html |
||
|
bot-githubaction
|
bd8a9b1582
|
Bump references to Develocity Gradle plugin from 3.19.1 to 3.19.2 | ||
|
daz
|
7b5af35d9a
|
Set author to bot for generated commits | ||
|
dependabot[bot]
|
7f0ccac579 |
Bump the github-actions group across 1 directory with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [tj-actions/changed-files](https://github.com/tj-actions/changed-files) and [github/codeql-action](https://github.com/github/codeql-action). Updates `tj-actions/changed-files` from 45.0.6 to 45.0.7 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits]( |
||
|
dependabot[bot]
|
70f4302913 |
Bump the github-actions group across 2 directories with 3 updates
Bumps the github-actions group with 3 updates in the / directory: [gradle/actions](https://github.com/gradle/actions), [github/codeql-action](https://github.com/github/codeql-action) and [actions/setup-java](https://github.com/actions/setup-java). Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/setup-java](https://github.com/actions/setup-java). Updates `gradle/actions` from 4.2.2 to 4.3.0 - [Release notes](https://github.com/gradle/actions/releases) - [Commits]( |
||
|
daz
|
6f10c21ec5
|
Make it easier to produce 'prerelease' versions | ||
|
dependabot[bot]
|
7560c304a6 |
Bump the github-actions group across 2 directories with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [actions/setup-node](https://github.com/actions/setup-node) and [github/codeql-action](https://github.com/github/codeql-action). Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/setup-node](https://github.com/actions/setup-node). Updates `actions/setup-node` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits]( |
||
|
daz
|
dcf3ce7005
|
Bump to Gradle 8.12.1 | ||
|
github-actions[bot]
|
31f6205373
|
Bump Gradle Wrappers (#535)
# Combined PRs ➡️📦⬅️ ✅ The following pull requests have been successfully combined on this PR: - Closes #534 Bump Gradle Wrapper from 8.12 to 8.12.1 in /.github/workflow-samples/kotlin-dsl - Closes #533 Bump Gradle Wrapper from 8.12 to 8.12.1 in /.github/workflow-samples/java-toolchain - Closes #532 Bump Gradle Wrapper from 8.12 to 8.12.1 in /.github/workflow-samples/groovy-dsl - Closes #531 Bump Gradle Wrapper from 8.12 to 8.12.1 in /.github/workflow-samples/gradle-plugin - Closes #530 Bump Gradle Wrapper from 8.12 to 8.12.1 in /sources/test/init-scripts > This PR was created by the [`github/combine-prs`](https://github.com/github/combine-prs) action --------- Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> Co-authored-by: bot-githubaction <bot-githubaction@gradle.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> |
||
|
Daz DeBoer
|
d068148857
|
Choose best Gradle version to use for cache cleanup (#526)
The cache-cleanup operation works by executing Gradle on a dummy project and a custom init-script. The init-script requires at least Gradle 8.11 to work. Ideally, the version of Gradle used for cleanup should be no older than the newest one that wrote entries to Gradle User Home. If an older Gradle version is used for cache-cleanup, it will not remove entries written specifically for newer versions. With this change, we now attempt to ensure that cache-cleanup is run with the best Gradle version available. We inspect the Gradle version on PATH to see if it is new enough, otherwise we will provision a Gradle version equal to the newest one that ran in the Job. The logic is: - Determine the newest version of Gradle that was executed during the Job. This is the 'minimum version' for cache cleanup. - Inspect the Gradle version on PATH (if any) to see if it is equal to or newer than the 'minimum version'. - If the version Gradle on PATH is new enough, use that version for cache-cleanup. - If not, attempt to provision Gradle with the 'minimum version'. Fixes #436 |
||
|
bot-githubaction
|
b426ffebae | Bump references to Develocity Gradle plugin from 3.19 to 3.19.1 | ||
|
daz
|
ec4681f7f5
|
Test provision of rc and milestone versions | ||
|
Daz DeBoer
|
3bfa1140fc
|
Update to CCUDGP 2.1 (#524)
This change primarily impacts test projects and documentation. The only material impact is that CCUD 2.1 will now be auto-applied when publishing Build Scans automatically with `build-scan-publish: true`. (Develocity injection does not hard-code any CCUD version) |
||
|
daz
|
245c8a24de |
Save dependency-graph file as workflow artifact
Diagnosing unexpected dependencies in the GitHub Dependency Graph can be difficult. In order to aid with diagnosis, the `dependency-submission` action will now save each dependency-graph file as a workflow artifact. If this is undesirable, the prior behaviour can be restored by explicitly setting `dependency-graph: generate-and-submit`. Fixes #519 |
||
|
daz
|
74628b9f13
|
Fix npm for update-dist | ||
|
daz
|
e6f332ecb1
|
Publish build scans for CI builds | ||
|
dependabot[bot]
|
bccddaec22 |
Bump the github-actions group across 3 directories with 7 updates
Bumps the github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [gradle/actions](https://github.com/gradle/actions) | `4.2.1` | `4.2.2` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `45.0.5` | `45.0.6` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.9` | `3.28.1` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.5.0` | `4.6.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.6.0` | | [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) | `5.0.1` | `5.1.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.5` | `7.0.6` | Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/upload-artifact](https://github.com/actions/upload-artifact). Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/setup-java](https://github.com/actions/setup-java). Updates `gradle/actions` from 4.2.1 to 4.2.2 - [Release notes](https://github.com/gradle/actions/releases) - [Commits]( |
||
|
github-actions[bot]
|
04f1562da5
|
Bump Gradle Wrappers (#499)
# Combined PRs ➡️📦⬅️ ✅ The following pull requests have been successfully combined on this PR: - Closes #498 Bump Gradle Wrapper from 8.11.1 to 8.12 in /.github/workflow-samples/kotlin-dsl - Closes #497 Bump Gradle Wrapper from 8.11.1 to 8.12 in /.github/workflow-samples/java-toolchain - Closes #496 Bump Gradle Wrapper from 8.11.1 to 8.12 in /.github/workflow-samples/groovy-dsl - Closes #495 Bump Gradle Wrapper from 8.11.1 to 8.12 in /.github/workflow-samples/gradle-plugin - Closes #494 Bump Gradle Wrapper from 8.11.1 to 8.12 in /sources/test/init-scripts > This PR was created by the [`github/combine-prs`](https://github.com/github/combine-prs) action --------- Signed-off-by: bot-githubaction <bot-githubaction@gradle.com> Co-authored-by: bot-githubaction <bot-githubaction@gradle.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: daz <daz@gradle.com> |
||
|
Daz DeBoer
|
0bdd871935
|
Pin version in ci-combine-bot-prs.yml | ||
|
dependabot[bot]
|
bc78598590 |
Bump github/codeql-action in the github-actions group across 1 directory
Bumps the github-actions group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action).
Updates `github/codeql-action` from 3.27.7 to 3.27.9
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](
|
||
|
dependabot[bot]
|
9934046c6d |
Bump the gradle group across 1 directory with 2 updates
Bumps the gradle group with 2 updates in the /.github/workflow-samples/kotlin-dsl directory: [com.google.guava:guava](https://github.com/google/guava) and [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5). Updates `com.google.guava:guava` from 33.3.1-jre to 33.4.0-jre - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) Updates `org.junit.jupiter:junit-jupiter` from 5.11.3 to 5.11.4 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.11.3...r5.11.4) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle - dependency-name: org.junit.jupiter:junit-jupiter dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|
bot-githubaction
|
eda5a3331f | Bump references to Develocity Gradle plugin from 3.18.2 to 3.19 | ||
|
daz
|
69215f1c52
|
Restrict permissions for combine-prs job |