Bump the github-actions group across 2 directories with 2 updates (#763)

Bumps the github-actions group with 2 updates in the / directory:
[actions/setup-node](https://github.com/actions/setup-node) and
[github/codeql-action](https://github.com/github/codeql-action).
Bumps the github-actions group with 1 update in the
/.github/actions/build-dist directory:
[actions/setup-node](https://github.com/actions/setup-node).

Updates `actions/setup-node` from 5.0.0 to 6.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<p><strong>Breaking Changes</strong></p>
<ul>
<li>Limit automatic caching to npm, update workflows and documentation
by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1374">actions/setup-node#1374</a></li>
</ul>
<p><strong>Dependency Upgrades</strong></p>
<ul>
<li>Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes
in v5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1336">#1336</a></li>
<li>Upgrade prettier from 2.8.8 to 3.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1334">#1334</a></li>
<li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1362">#1362</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v5...v6.0.0">https://github.com/actions/setup-node/compare/v5...v6.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2028fbc5c2"><code>2028fbc</code></a>
Limit automatic caching to npm, update workflows and documentation (<a
href="https://redirect.github.com/actions/setup-node/issues/1374">#1374</a>)</li>
<li><a
href="13427813f7"><code>1342781</code></a>
Bump actions/publish-action from 0.3.0 to 0.4.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1362">#1362</a>)</li>
<li><a
href="89d709d423"><code>89d709d</code></a>
Bump prettier from 2.8.8 to 3.6.2 (<a
href="https://redirect.github.com/actions/setup-node/issues/1334">#1334</a>)</li>
<li><a
href="cd2651c462"><code>cd2651c</code></a>
Bump ts-jest from 29.1.2 to 29.4.1 (<a
href="https://redirect.github.com/actions/setup-node/issues/1336">#1336</a>)</li>
<li>See full diff in <a
href="a0853c2454...2028fbc5c2">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 4.30.8 to 4.30.9
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.30.9</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.30.9/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<h2>4.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="16140ae1a1"><code>16140ae</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3213">#3213</a>
from github/update-v4.30.9-70205d3d1</li>
<li><a
href="30db5fee08"><code>30db5fe</code></a>
Update changelog for v4.30.9</li>
<li><a
href="70205d3d12"><code>70205d3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3211">#3211</a>
from github/mbg/init/starting-partial-config</li>
<li><a
href="697c209bfc"><code>697c209</code></a>
Merge remote-tracking branch 'origin/main' into
mbg/init/starting-partial-config</li>
<li><a
href="1bd53ba38c"><code>1bd53ba</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3205">#3205</a>
from github/update-bundle/codeql-bundle-v2.23.3</li>
<li><a
href="cac4df0c79"><code>cac4df0</code></a>
Rebuild</li>
<li><a
href="77e5c0d0a2"><code>77e5c0d</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.23.3</li>
<li><a
href="97a4f751be"><code>97a4f75</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3204">#3204</a>
from github/mbg/setup-codeql</li>
<li><a
href="2d5512b361"><code>2d5512b</code></a>
Merge remote-tracking branch 'origin/main' into
mbg/init/starting-partial-config</li>
<li><a
href="fa7bdf0559"><code>fa7bdf0</code></a>
Call <code>getAnalysisKinds</code> a second time, and ignore exceptions
thrown during th...</li>
<li>Additional commits viewable in <a
href="f443b600d9...16140ae1a1">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/setup-node` from 5.0.0 to 6.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<p><strong>Breaking Changes</strong></p>
<ul>
<li>Limit automatic caching to npm, update workflows and documentation
by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1374">actions/setup-node#1374</a></li>
</ul>
<p><strong>Dependency Upgrades</strong></p>
<ul>
<li>Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes
in v5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1336">#1336</a></li>
<li>Upgrade prettier from 2.8.8 to 3.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1334">#1334</a></li>
<li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1362">#1362</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v5...v6.0.0">https://github.com/actions/setup-node/compare/v5...v6.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2028fbc5c2"><code>2028fbc</code></a>
Limit automatic caching to npm, update workflows and documentation (<a
href="https://redirect.github.com/actions/setup-node/issues/1374">#1374</a>)</li>
<li><a
href="13427813f7"><code>1342781</code></a>
Bump actions/publish-action from 0.3.0 to 0.4.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1362">#1362</a>)</li>
<li><a
href="89d709d423"><code>89d709d</code></a>
Bump prettier from 2.8.8 to 3.6.2 (<a
href="https://redirect.github.com/actions/setup-node/issues/1334">#1334</a>)</li>
<li><a
href="cd2651c462"><code>cd2651c</code></a>
Bump ts-jest from 29.1.2 to 29.4.1 (<a
href="https://redirect.github.com/actions/setup-node/issues/1336">#1336</a>)</li>
<li>See full diff in <a
href="a0853c2454...2028fbc5c2">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

.github/actions/build-dist/action.yml

@@ -3,9 +3,9 @@ name: 'Build and upload distribution'
 runs:
   using: "composite"
   steps: 
-    - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
+    - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
       with:
-        node-version: 20
+        node-version: 24
         cache: npm
         cache-dependency-path: sources/package-lock.json
     - name: Build distribution

.github/actions/init-integ-test/action.yml

@@ -1,13 +1,19 @@
 name: 'Initialize integ-test'
 
+inputs:
+  java-version:
+    description: 'Java version to use'
+    required: false
+    default: '17'
+
 runs:
   using: "composite"
   steps: 
     - name: Setup Java
-      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+      uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
       with:
         distribution: 'temurin'
-        java-version: 11
+        java-version: ${{ inputs.java-version }}
 
     - name: Configure environment
       shell: bash
@@ -17,7 +23,7 @@ runs:
     # Downloads a 'dist' directory artifact that was uploaded in an earlier 'build-dist' step
     - name: Download dist
       if: ${{ env.SKIP_DIST != 'true' && !env.ACT }}
-      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
       with:
         name: dist
         path: dist/

.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=20f1b1176237254a6fc204d8434196fa11a4cfb387567519c61556e8710aed78
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
+distributionSha256Sum=a17ddd85a26b6a7f5ddb71ff8b05fc5104c0202c6e64782429790c933686c806
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.1.0-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/gradle-plugin/gradlew

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -114,7 +114,6 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
 
 # Determine the Java command to use to start the JVM.
@@ -172,7 +171,6 @@ fi
 # For Cygwin or MSYS, switch paths to Windows format before running java
 if "$cygwin" || "$msys" ; then
     APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
 
     JAVACMD=$( cygpath --unix "$JAVACMD" )
 
@@ -212,8 +210,7 @@ DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 
 # Stop when "xargs" is not available.

.github/workflow-samples/gradle-plugin/gradlew.bat

@@ -70,11 +70,10 @@ goto fail
 :execute
 @rem Setup the command line
 
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell

.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=20f1b1176237254a6fc204d8434196fa11a4cfb387567519c61556e8710aed78
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
+distributionSha256Sum=a17ddd85a26b6a7f5ddb71ff8b05fc5104c0202c6e64782429790c933686c806
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.1.0-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/groovy-dsl/gradlew

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -114,7 +114,6 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
 
 # Determine the Java command to use to start the JVM.
@@ -172,7 +171,6 @@ fi
 # For Cygwin or MSYS, switch paths to Windows format before running java
 if "$cygwin" || "$msys" ; then
     APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
 
     JAVACMD=$( cygpath --unix "$JAVACMD" )
 
@@ -212,8 +210,7 @@ DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 
 # Stop when "xargs" is not available.

.github/workflow-samples/groovy-dsl/gradlew.bat

@@ -70,11 +70,10 @@ goto fail
 :execute
 @rem Setup the command line
 
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell

.github/workflow-samples/groovy-dsl/settings.gradle

@@ -1,6 +1,6 @@
 plugins {
-    id "com.gradle.develocity" version "3.19.2"
-    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.1"
+    id "com.gradle.develocity" version "4.2.2"
+    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.4.0"
 }
 
 develocity {

.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=20f1b1176237254a6fc204d8434196fa11a4cfb387567519c61556e8710aed78
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
+distributionSha256Sum=a17ddd85a26b6a7f5ddb71ff8b05fc5104c0202c6e64782429790c933686c806
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.1.0-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/java-toolchain/gradlew

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -114,7 +114,6 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
 
 # Determine the Java command to use to start the JVM.
@@ -172,7 +171,6 @@ fi
 # For Cygwin or MSYS, switch paths to Windows format before running java
 if "$cygwin" || "$msys" ; then
     APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
 
     JAVACMD=$( cygpath --unix "$JAVACMD" )
 
@@ -212,8 +210,7 @@ DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 
 # Stop when "xargs" is not available.

.github/workflow-samples/java-toolchain/gradlew.bat

@@ -70,11 +70,10 @@ goto fail
 :execute
 @rem Setup the command line
 
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell

.github/workflow-samples/java-toolchain/settings.gradle.kts

@@ -1,6 +1,6 @@
 plugins {
     // Apply the foojay-resolver plugin to allow automatic download of JDKs
-    id("org.gradle.toolchains.foojay-resolver-convention") version "0.9.0"
+    id("org.gradle.toolchains.foojay-resolver-convention") version "1.0.0"
 }
 
 rootProject.name = "java-toolchains"

.github/workflow-samples/kotlin-dsl/build.gradle.kts

@@ -8,7 +8,7 @@ repositories {
 
 dependencies {
     api("org.apache.commons:commons-math3:3.6.1")
-    implementation("com.google.guava:guava:33.4.6-jre")
+    implementation("com.google.guava:guava:33.5.0-jre")
 }
 
 testing {

.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=20f1b1176237254a6fc204d8434196fa11a4cfb387567519c61556e8710aed78
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
+distributionSha256Sum=a17ddd85a26b6a7f5ddb71ff8b05fc5104c0202c6e64782429790c933686c806
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.1.0-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/kotlin-dsl/gradlew

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -114,7 +114,6 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
 
 # Determine the Java command to use to start the JVM.
@@ -172,7 +171,6 @@ fi
 # For Cygwin or MSYS, switch paths to Windows format before running java
 if "$cygwin" || "$msys" ; then
     APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
 
     JAVACMD=$( cygpath --unix "$JAVACMD" )
 
@@ -212,8 +210,7 @@ DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 
 # Stop when "xargs" is not available.

.github/workflow-samples/kotlin-dsl/gradlew.bat

@@ -70,11 +70,10 @@ goto fail
 :execute
 @rem Setup the command line
 
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell

.github/workflow-samples/kotlin-dsl/settings.gradle.kts

@@ -1,6 +1,6 @@
 plugins {
-    id("com.gradle.develocity") version "3.19.2"
-    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.1"
+    id("com.gradle.develocity") version "4.2.2"
+    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.4.0"
 }
 
 develocity {

.github/workflow-samples/no-wrapper-gradle-5/build.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.19.2" 
+    id "com.gradle.develocity" version "4.2.2" 
 }
 
 develocity {

.github/workflow-samples/no-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.19.2"
+    id "com.gradle.develocity" version "4.2.2"
 }
 
 develocity {

.github/workflow-samples/non-executable-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.19.2"
+    id "com.gradle.develocity" version "4.2.2"
 }
 
 develocity {

.github/workflows/ci-check-and-unit-test.yml

@@ -18,19 +18,19 @@ jobs:
 
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-    - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
       with:
         node-version: 20
         cache: npm
         cache-dependency-path: sources/package-lock.json
     - name: Setup Gradle
       # Use a released version to avoid breakages
-      uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0
+      uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
       env:
         ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
       with:
-        gradle-version: "8.13"
+        gradle-version: '8.14.2'
 
     - name: Install npm dependencies
       run: |
@@ -43,7 +43,7 @@ jobs:
         npm run compile
       working-directory: sources
       env:
-        NODE_OPTIONS: '-r @gradle/develocity-agent/preload'
+        NODE_OPTIONS: '-r @gradle-tech/develocity-agent/preload'
         DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
         DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'
 
@@ -52,6 +52,6 @@ jobs:
         npm test
       working-directory: sources
       env:
-        NODE_OPTIONS: '-r @gradle/develocity-agent/preload'
+        NODE_OPTIONS: '-r @gradle-tech/develocity-agent/preload'
         DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
         DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'

.github/workflows/ci-check-no-dist-update.yml

@@ -15,13 +15,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         fetch-depth: 0
 
     - name: Get changed files
       id: changed-files
-      uses: tj-actions/changed-files@823fcebdb31bb35fdf2229d9f769b400309430d0 # v46.0.3
+      uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
       with:
         files: |
           dist/**

.github/workflows/ci-codeql.yml

@@ -31,11 +31,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+      uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v3.29.5
       with:
         languages: ${{ matrix.language }}
         config: |
@@ -43,4 +43,4 @@ jobs:
           - sources/src
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+      uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v3.29.5

.github/workflows/ci-combine-bot-prs.yml

@@ -1,24 +0,0 @@
-name: Combine Bot PRs
-
-on:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  combine-wrapperbot-prs:
-    permissions:
-      contents: write
-      pull-requests: write
-      checks: read
-    if: github.repository == 'gradle/actions'
-    runs-on: ubuntu-latest
-    steps:
-      - name: combine-wrapperbot-prs
-        uses: github/combine-prs@2909f404763c3177a456e052bdb7f2e85d3a7cb3 # v5.2.0
-        with:
-          branch_prefix: wrapperbot
-          combine_branch_name: wrapperbot/combined-wrapper-updates
-          pr_title: 'Bump Gradle Wrappers'
-          ci_required: "false"

.github/workflows/ci-init-script-check.yml

@@ -22,15 +22,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Setup Java
-      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+      uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
       with:
         distribution: temurin
-        java-version: 11
+        java-version: 17
     - name: Setup Gradle
       # Use a released version to avoid breakages
-      uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0
+      uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
       env:
         ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
     - name: Run integration tests

.github/workflows/ci-integ-test.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Build and upload distribution
       if: ${{ needs.determine-suite.outputs.suite != 'full' }}
       uses: ./.github/actions/build-dist

.github/workflows/ci-ossf-scorecard.yml

@@ -21,13 +21,13 @@ jobs:
 
     steps:
       - name: 'Checkout code'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
           show-progress: false
 
       - name: 'Run analysis'
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -52,6 +52,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+        uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v3.29.5
         with:
           sarif_file: results.sarif

.github/workflows/ci-update-dist.yml

@@ -23,12 +23,12 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         token: ${{ secrets.BOT_GITHUB_TOKEN }}
 
     - name: Set up Node.js
-      uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
+      uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
       with:
         node-version: 20
         cache: npm
@@ -45,7 +45,7 @@ jobs:
         npm run compile
       working-directory: sources
       env:
-        NODE_OPTIONS: '-r @gradle/develocity-agent/preload'
+        NODE_OPTIONS: '-r @gradle-tech/develocity-agent/preload'
         DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
         DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'
 
@@ -53,12 +53,23 @@ jobs:
       run: |
         cp -r sources/dist .
 
+    - name: Import GPG key to sign commits
+      uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
+      with:
+        gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }}
+        passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}
+        git_user_signingkey: true
+        git_commit_gpgsign: true
+        git_config_global: true
+
     # Commit and push changes; has no effect if the files did not change
     # Important: The push event will not trigger any other workflows, see
     # https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
     - name: Commit & push changes
-      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
+      uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
       with:
-        commit_author: Bot Githubaction <bot-githubaction@gradle.com>
+        commit_author: bot-githubaction <bot-githubaction@gradle.com>
+        commit_user_name: bot-githubaction
+        commit_user_email: bot-githubaction@gradle.com
         commit_message: '[bot] Update dist directory'
         file_pattern: dist

.github/workflows/ci-validate-wrappers.yml

@@ -11,7 +11,7 @@ jobs:
   validation:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: gradle/actions/wrapper-validation@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
         with:
           allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

.github/workflows/demo-job-summary.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Build and upload distribution
       uses: ./.github/actions/build-dist
 
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -62,7 +62,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -82,7 +82,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -103,7 +103,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/demo-pr-build-scan-comment.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Build and upload distribution
       uses: ./.github/actions/build-dist
 
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -42,7 +42,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -62,7 +62,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-build-scan-publish.yml

@@ -25,14 +25,27 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
         os: ${{fromJSON(inputs.runner-os)}}
+        include:
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '7.6.2'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
+
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
+      with:
+        java-version: ${{ matrix.java-version }}
 
     - name: Setup Gradle
       id: setup-gradle
@@ -41,15 +54,15 @@ jobs:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
         gradle-version: ${{ matrix.gradle }}
         build-scan-publish: true
-        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
-        build-scan-terms-of-use-agree: "yes"
+        build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service'
+        build-scan-terms-of-use-agree: 'yes'
     - name: Run Gradle build
       id: gradle
       working-directory: .github/workflow-samples/no-ge
       run: gradle help
     - name: Check Build Scan url
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('No Build Scan detected')   

.github/workflows/integ-test-cache-cleanup.yml

@@ -31,7 +31,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -54,7 +54,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -77,7 +77,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-caching-config.yml

@@ -30,10 +30,11 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -61,7 +62,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -90,7 +91,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -104,7 +105,7 @@ jobs:
       run: ./gradlew help
     - name: Check Build Scan url is captured
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('No Build Scan detected')
@@ -114,7 +115,7 @@ jobs:
     runs-on: ubuntu-latest # This test only runs on Ubuntu
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -128,7 +129,7 @@ jobs:
       run: ./gradlew help
     - name: Check Build Scan url is captured
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('No Build Scan detected')
@@ -145,7 +146,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -169,7 +170,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-dependency-graph.yml

@@ -26,7 +26,7 @@ jobs:
     runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -45,7 +45,7 @@ jobs:
     runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -62,7 +62,7 @@ jobs:
     runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -80,7 +80,7 @@ jobs:
     runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -123,7 +123,7 @@ jobs:
     runs-on: ubuntu-latest # Test is not compatible with Windows
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -160,7 +160,7 @@ jobs:
     runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -178,7 +178,7 @@ jobs:
     runs-on: "ubuntu-latest"
     steps:
     - name: Download dependency-graph artifact
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
       with:
         path: downloaded-dependency-graphs
         pattern: dependency-graph_*dependency-graph-generate-submit-and-upload.json

.github/workflows/integ-test-dependency-submission-failures.yml

@@ -26,7 +26,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -55,7 +55,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -63,7 +63,7 @@ jobs:
       id: gradle-build
       uses: ./dependency-submission
       with:
-        gradle-version: 7.0.1
+        gradle-version: '7.0.1'
         build-root-directory: .github/workflow-samples/groovy-dsl
       continue-on-error: true
     - name: Check step failed
@@ -86,7 +86,7 @@ jobs:
       contents: read
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-dependency-submission.yml

@@ -33,7 +33,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -58,7 +58,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -82,7 +82,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -104,7 +104,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -124,7 +124,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -172,7 +172,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -193,7 +193,7 @@ jobs:
     runs-on: ubuntu-latest # Test is not compatible with Windows
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -231,19 +231,35 @@ jobs:
       fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
-        gradle: [8.0.2, 7.6.4, 7.1.1, 6.9.4, 6.0.1, 5.6.4, 5.2.1]
+        gradle: ['9.0.0', '8.14.3', '8.0.2', '7.6.4', '7.1.1', '6.9.4', '6.0.1', '5.6.4', '5.2.1']
         include:
-          - gradle: 5.6.4
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '8.0.2'
+            java-version: 11
+          - gradle: '7.6.4'
+            java-version: 11
+          - gradle: '7.1.1'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '6.0.1'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
             build-root-suffix: -gradle-5
-          - gradle: 5.2.1
+          - gradle: '5.2.1'
+            java-version: 11
             build-root-suffix: -gradle-5
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
-
+      with:
+        java-version: ${{ matrix.java-version }}
     - name: Generate and submit dependencies
       uses: ./dependency-submission
       with:
@@ -256,7 +272,7 @@ jobs:
     runs-on: ubuntu-latest # Test is not compatible with Windows
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -293,7 +309,7 @@ jobs:
     runs-on: ubuntu-latest # Test is not compatible with Windows
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -334,7 +350,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -366,7 +382,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -385,7 +401,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-detect-toolchains.yml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -46,7 +46,7 @@ jobs:
       shell: bash
       working-directory: .github/workflow-samples/groovy-dsl
       run: | 
-        grep -q 'Eclipse Temurin JDK 1.8' output.txt || (echo "::error::Did not detect preinstalled JDK 1.8" && exit 1)
+        grep -q 'Eclipse Temurin JDK 8' output.txt || (echo "::error::Did not detect preinstalled JDK 8" && exit 1)
         grep -q 'Eclipse Temurin JDK 11' output.txt || (echo "::error::Did not detect preinstalled JDK 11" && exit 1)
         grep -q 'Eclipse Temurin JDK 17' output.txt || (echo "::error::Did not detect preinstalled JDK 17" && exit 1)
         grep -q 'Eclipse Temurin JDK 21' output.txt || (echo "::error::Did not detect preinstalled JDK 21" && exit 1)
@@ -60,20 +60,20 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
-    - name: Setup Java 20
-      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
-      with:
-        distribution: 'temurin'
-        java-version: 20
     - name: Setup Java 16
-      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+      uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
       with:
         distribution: 'temurin'
         java-version: 16
+    - name: Setup Java 20
+      uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+      with:
+        distribution: 'temurin'
+        java-version: 20
     - name: Setup Gradle
       uses: ./setup-gradle
     - name: List detected toolchains
@@ -92,7 +92,7 @@ jobs:
       shell: bash
       working-directory: .github/workflow-samples/groovy-dsl
       run: | 
-        grep -q 'Eclipse Temurin JDK 1.8' output.txt || (echo "::error::Did not detect preinstalled JDK 1.8" && exit 1)
+        grep -q 'Eclipse Temurin JDK 8' output.txt || (echo "::error::Did not detect preinstalled JDK 8" && exit 1)
         grep -q 'Eclipse Temurin JDK 11' output.txt || (echo "::error::Did not detect preinstalled JDK 11" && exit 1)
         grep -q 'Eclipse Temurin JDK 17' output.txt || (echo "::error::Did not detect preinstalled JDK 17" && exit 1)
         grep -q 'Eclipse Temurin JDK 21' output.txt || (echo "::error::Did not detect preinstalled JDK 21" && exit 1)

.github/workflows/integ-test-inject-develocity.yml

@@ -25,31 +25,41 @@ permissions:
 
 jobs:
   inject-develocity:
-    env:
-      DEVELOCITY_INJECTION_ENABLED: true
-      DEVELOCITY_URL: https://ge.solutions-team.gradle.com
-      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
-      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.1'
-      ${{matrix.accessKeyEnv}}: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
     strategy:
       fail-fast: false
       matrix:
-        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.19.2]
+        plugin-version: ['3.16.2', '4.2.2']
         include:
-        - plugin-version: 3.16.2
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '7.6.2'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
+          - plugin-version: '3.16.2'
             accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
-        - plugin-version: 3.19.2
+          - plugin-version: '4.2.2'
             accessKeyEnv: DEVELOCITY_ACCESS_KEY
-
     runs-on: ${{ matrix.os }}
+    env:
+      DEVELOCITY_INJECTION_ENABLED: true
+      DEVELOCITY_INJECTION_URL: https://ge.solutions-team.gradle.com
+      DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.2.1'
+      ${{matrix.accessKeyEnv}}: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
-
+      with:
+        java-version: ${{ matrix.java-version }}
     - name: Setup Gradle
       id: setup-gradle
       uses: ./setup-gradle
@@ -62,7 +72,7 @@ jobs:
       run: gradle help
     - name: Check Build Scan url
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('No Build Scan detected')
@@ -74,21 +84,33 @@ jobs:
   inject-develocity-with-access-key:
     env:
       DEVELOCITY_INJECTION_ENABLED: true
-      DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
-      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
-      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.1'
+      DEVELOCITY_INJECTION_URL: 'https://ge.solutions-team.gradle.com'
+      DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.2.1'
     strategy:
       fail-fast: false
       matrix:
-        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.19.2]
+        plugin-version: ['3.16.2', '4.2.2']
+        include:
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '7.6.2'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout sources
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Initialize integ-test
         uses: ./.github/actions/init-integ-test
+        with:
+          java-version: ${{ matrix.java-version }}
       - name: Setup Gradle
         id: setup-gradle
         uses: ./setup-gradle
@@ -107,7 +129,7 @@ jobs:
         run: "[ ${#GRADLE_ENTERPRISE_ACCESS_KEY} -gt 500 ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY does not look like a short lived token'; exit 1)"
       - name: Check Build Scan url
         if: ${{ !steps.gradle.outputs.build-scan-url }}
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             core.setFailed('No Build Scan detected')
@@ -115,29 +137,41 @@ jobs:
   inject-develocity-short-lived-token-failed:
     env:
       DEVELOCITY_INJECTION_ENABLED: true
-      DEVELOCITY_URL: 'https://localhost:3333/'
-      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
-      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.1'
+      DEVELOCITY_INJECTION_URL: 'https://localhost:3333/'
+      DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.1'
       # Access key also set as an env var, we want to check it does not leak
       GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
     strategy:
       fail-fast: false
       matrix:
-        gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
+        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.19.2 ]
+        plugin-version: [ '3.16.2', '4.2.2' ]
+        include:
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '7.6.2'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Initialize integ-test
         uses: ./.github/actions/init-integ-test
-
+        with:
+          java-version: ${{ matrix.java-version }}
       - name: Setup Gradle
         id: setup-gradle
         uses: ./setup-gradle
         with:
+          gradle-version: ${{ matrix.gradle }}
           cache-read-only: false # For testing, allow writing cache entries on non-default branches
           develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       - name: Run Gradle build
@@ -155,15 +189,27 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
+        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [ 3.16.2, 3.19.2 ]
+        plugin-version: [ '3.16.2', '4.2.2' ]
+        include:
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '7.6.2'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout sources
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Initialize integ-test
         uses: ./.github/actions/init-integ-test
+        with:
+          java-version: ${{ matrix.java-version }}
       - name: Setup Gradle
         id: setup-gradle
         uses: ./setup-gradle
@@ -179,7 +225,7 @@ jobs:
         run: gradle help
       - name: Check Build Scan url
         if: ${{ !steps.gradle.outputs.build-scan-url }}
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             core.setFailed('No Build Scan detected')

.github/workflows/integ-test-provision-gradle-versions.yml

@@ -33,25 +33,33 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
+      with:
+        java-version: '11'
 
     - name: Setup Gradle with v6.9
       uses: ./setup-gradle
       with:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        gradle-version: 6.9
+        gradle-version: '6.9'
     - name: Test uses Gradle v6.9
       working-directory: .github/workflow-samples/no-wrapper
       run: gradle help "-DgradleVersionCheck=6.9"
     - name: Setup Gradle with v7.1.1
       uses: ./setup-gradle
       with:
-        gradle-version: 7.1.1
+        gradle-version: '7.1.1'
     - name: Test uses Gradle v7.1.1
       working-directory: .github/workflow-samples/no-wrapper
       run: gradle help "-DgradleVersionCheck=7.1.1"
+    # Configure JDK 17 for Gradle 9 and later
+    - name: Setup Java
+      uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+      with:
+        distribution: temurin
+        java-version: 17
     - name: Setup Gradle with release-candidate
       uses: ./setup-gradle
       with:
@@ -68,8 +76,8 @@ jobs:
       working-directory: .github/workflow-samples/no-wrapper
       run: gradle help
     - name: Check current version output parameter
-      if: ${{ !startsWith(steps.gradle-current.outputs.gradle-version , '8.') }}
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      if: ${{ !startsWith(steps.gradle-current.outputs.gradle-version , '9.') }}
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.gradle-current.outputs.gradle-version }}"')    
@@ -78,29 +86,31 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        gradle: ["8.13", "8.12", "8.12-rc-1", 8.9, 8.1, 7.6.4, 6.9.4, 5.6.4, 4.10.3, 3.5.1]
+        gradle: ['9.0.0', '8.14.2', '8.12', '8.12-rc-1', '8.9', '8.1', '7.6.4', '6.9.4', '5.6.4', '4.10.3', '3.5.1']
         os: ${{fromJSON(inputs.runner-os)}}
         include:
           - java-version: 11
-          - gradle: 5.6.4
+          - gradle: '9.0.0'
+            java-version: 17
+          - gradle: '5.6.4'
             build-root-suffix: -gradle-5
-          - gradle: 4.10.3
+          - gradle: '4.10.3'
             build-root-suffix: -gradle-4
-          - gradle: 3.5.1
+          - gradle: '3.5.1'
             build-root-suffix: -gradle-4
             java-version: 8
         exclude:
           - os: macos-latest # Java 8 is not supported on macos-latest, so we cannot test Gradle 3.5.1
-            gradle: 3.5.1
+            gradle: '3.5.1'
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
     - name: Setup Java
-      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+      uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
       with:
         distribution: temurin
         java-version: ${{ matrix.java-version }}
@@ -112,7 +122,7 @@ jobs:
         gradle-version: ${{ matrix.gradle }}
     - name: Check output parameter
       if: ${{ steps.setup-gradle.outputs.gradle-version != matrix.gradle }}
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.setup-gradle.outputs.gradle-version }}"')    
@@ -122,7 +132,7 @@ jobs:
       run: gradle help "-DgradleVersionCheck=${{matrix.gradle}}"
     - name: Check Build Scan url
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('No Build Scan detected')    

.github/workflows/integ-test-restore-configuration-cache.yml

@@ -35,7 +35,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -62,7 +62,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -98,7 +98,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -133,7 +133,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -159,7 +159,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -186,7 +186,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -213,7 +213,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-restore-containerized-gradle-home.yml

@@ -23,7 +23,7 @@ jobs:
     container: fedora:latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -42,7 +42,7 @@ jobs:
     container: fedora:latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-restore-custom-gradle-home.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -44,7 +44,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -66,7 +66,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-restore-gradle-home.yml

@@ -31,7 +31,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -54,7 +54,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -77,7 +77,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -100,7 +100,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -125,7 +125,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-restore-java-toolchain.yml

@@ -30,9 +30,11 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
+      with:
+        java-version: '17'
 
     - name: Setup Gradle
       uses: ./setup-gradle
@@ -53,9 +55,11 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
+      with:
+        java-version: '17'
 
     - name: Setup Gradle
       uses: ./setup-gradle

.github/workflows/integ-test-sample-gradle-plugin.yml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -52,7 +52,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-sample-kotlin-dsl.yml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -52,7 +52,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 

.github/workflows/integ-test-wrapper-validation.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -48,7 +48,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -77,7 +77,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -110,7 +110,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize integ-test
       uses: ./.github/actions/init-integ-test
 
@@ -140,7 +140,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Checkout the repository with no wrappers
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.2.2 # Checkout the repository with no wrappers
       with:
         sparse-checkout: |
           .github/actions

.github/workflows/update-checksums-file.js

@@ -7,7 +7,7 @@
 
 // @ts-check
 
-const httpm = require('../../sources/node_modules/typed-rest-client/HttpClient')
+const httpm = require('../../sources/node_modules/@actions/http-client')
 
 const path = require('path')
 const fs = require('fs')

.github/workflows/update-checksums-file.yml

@@ -19,10 +19,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Node.js
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
           node-version: 20
           cache: npm
@@ -37,12 +37,22 @@ jobs:
         run: node ../.github/workflows/update-checksums-file.js
         working-directory: sources
 
+      - name: Import GPG key to sign commits
+        uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
+        with:
+          gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_config_global: true
+
       # If there are no changes, this action will not create a pull request
       - name: Create or update pull request
         uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
         with:
           branch: bot/wrapper-checksums-update
-          author: Bot Githubaction <bot-githubaction@gradle.com>
+          author: bot-githubaction <bot-githubaction@gradle.com>
+          committer: bot-githubaction <bot-githubaction@gradle.com>
           commit-message: Update known wrapper checksums
           title: Update known wrapper checksums
           # Note: Unfortunately this action cannot trigger the regular workflows for the PR automatically, see

README.md

@@ -32,7 +32,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
     - name: Build with Gradle
       run: ./gradlew build
 ```
@@ -70,7 +70,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
 ```
 
 See the [full action documentation](docs/dependency-submission.md) for more advanced usage scenarios.
@@ -99,7 +99,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v4
+      - uses: gradle/actions/wrapper-validation@v5
 ```
 
 See the [full action documentation](docs/wrapper-validation.md) for more advanced usage scenarios.

RELEASING.md

@@ -11,16 +11,17 @@
   - Note: The gradle actions follow the GitHub Actions convention of including a .0 patch number for the first release of a minor version, unlike the Gradle convention which omits the trailing .0.
 
 ## Release gradle/actions
-- Create a tag for the release. The tag should have the format `v4.1.0`
-  - From CLI: `git tag v4.1.0 && git push --tags`
+- Create a tag for the release. The tag should have the format `v5.0.0`
+  - From CLI: `git tag -s -m "v5.0.0" v5.0.0 && git push --tags`
+  - Note that we sign the tag and set the commit message for the tag to the newly released version.
 - Go to https://github.com/gradle/actions/releases and "Draft new release"
   - Use the newly created tag and copy the tag name exactly as the release title.
   - Craft release notes content based on issues closed, PRs merged and commits
   - Include a Full changelog link in the format https://github.com/gradle/actions/compare/v2.12.0...v3.0.0
 - Publish the release.
-- Force push the `v4` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
-  - From CLI: `git tag -f -a -m "v4.0.0" v4 v4.0.0 && git push -f --tags`
-  - Note that we set the commit message for the tag to the newly released version.
+- Force push the `v5` tag (or current major version) to point to the new release. It is conventional for users to bind to a major release version using this tag.
+  - From CLI: `git tag -f -s -a -m "v5.0.0" v5 v5.0.0 && git push -f --tags`
+  - Note that we sign the tag and set the commit message for the tag to the newly released version.
 
 ## Post release steps
 

build

@@ -3,7 +3,7 @@
 cd sources
 
 if [[ -f ~/.gradle/develocity/keys.properties ]]; then
-    export NODE_OPTIONS='-r @gradle/develocity-agent/preload'
+    export NODE_OPTIONS='-r @gradle-tech/develocity-agent/preload'
     export DEVELOCITY_URL=https://ge.solutions-team.gradle.com
     export DEVELOCITY_ACCESS_KEY=$(paste -sd ';' ~/.gradle/develocity/keys.properties)
 fi

dependency-submission/README.md

@@ -29,7 +29,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
 ```
 
 See the [full action documentation](../docs/dependency-submission.md) for more advanced usage scenarios.

dependency-submission/action.yml

@@ -222,7 +222,7 @@ outputs:
     description: Version of Gradle that was setup by the action
 
 runs:
-  using: 'node20'
+  using: 'node24'
   main: '../dist/dependency-submission/main/index.js'
   post: '../dist/dependency-submission/post/index.js'
 

docs/dependency-submission.md

@@ -43,7 +43,7 @@ jobs:
         java-version: 17
 
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
 ```
 
 ### Gradle execution
@@ -68,7 +68,7 @@ Three input parameters are required, one to enable publishing and two more to ac
 
 ```yaml
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
       with:
         build-scan-publish: true
         build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
@@ -83,10 +83,10 @@ In some cases, the default action configuration will not be sufficient, and addi
 
 ```yaml
     - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
       with:
         # Use a particular Gradle version instead of the configured wrapper.
-        gradle-version: 8.6
+        gradle-version: '8.6'
 
         # The gradle project is not in the root of the repository.
         build-root-directory: my-gradle-project
@@ -130,7 +130,7 @@ To reduce storage costs for these artifacts, you can:
 
 ```yaml
     - name: Generate dependency graph but only store workflow artifacts for 1 day
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
       with:
         artifact-retention-days: 1 # Default is 30 days or as configured for repository
 ```
@@ -139,7 +139,7 @@ To reduce storage costs for these artifacts, you can:
 
 ```yaml
     - name: Generate and submit dependency graph but do not store as workflow artifact
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
       with:
         dependency-graph: 'generate-and-submit' # Default value is 'generate-submit-and-upload'
 ```
@@ -299,7 +299,7 @@ For example, if you want to exclude dependencies resolved by the `buildSrc` proj
 
 ```yaml
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
       with:
         # Exclude all dependencies that originate solely in the 'buildSrc' project
         dependency-graph-exclude-projects: ':buildSrc'
@@ -350,7 +350,7 @@ jobs:
         java-version: 17
 
     - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
 ```
 
 #### 2. Add a dedicated Dependency Review workflow
@@ -412,7 +412,7 @@ jobs:
         java-version: 17
 
     - name: Generate and save dependency graph
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
       with:
         dependency-graph: generate-and-upload
 ```
@@ -435,7 +435,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Download and submit dependency graph
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
       with:
         dependency-graph: download-and-submit # Download saved dependency-graph and submit
 ```

docs/deprecation-upgrade-guide.md

@@ -20,7 +20,7 @@ To convert your workflows, simply replace:
 ```
 with
 ```
-    uses: gradle/actions/setup-gradle@v4
+    uses: gradle/actions/setup-gradle@v5
 ```
 
 ## The action `gradle/wrapper-validation-action` has been replaced by `gradle/actions/wrapper-validation`
@@ -40,7 +40,7 @@ To convert your workflows, simply replace:
 ```
 with
 ```
-    uses: gradle/actions/wrapper-validation@v4
+    uses: gradle/actions/wrapper-validation@v5
 ```
 
 ## Using the action to execute Gradle via the `arguments` parameter is deprecated
@@ -82,7 +82,7 @@ The exact syntax depends on whether or not your project is configured with the [
 
 ```
 - name: Setup Gradle
-  uses: gradle/actions/setup-gradle@v4
+  uses: gradle/actions/setup-gradle@v5
 
 - name: Assemble the project
   run: ./gradlew assemble
@@ -99,9 +99,9 @@ The exact syntax depends on whether or not your project is configured with the [
 
 ```
 - name: Setup Gradle for a non-wrapper project
-  uses: gradle/actions/setup-gradle@v4
+  uses: gradle/actions/setup-gradle@v5
   with:
-    gradle-version: "8.11"
+    gradle-version: '8.11'
 
 - name: Assemble the project
   run: gradle assemble

docs/setup-gradle.md

@@ -45,7 +45,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
 
     - name: Execute Gradle build
       run: ./gradlew build
@@ -58,9 +58,9 @@ Downloaded Gradle versions are stored in the GitHub Actions cache, to avoid havi
 
 ```yaml
  - name: Setup Gradle 8.10
-   uses: gradle/actions/setup-gradle@v4
+   uses: gradle/actions/setup-gradle@v5
    with:
-     gradle-version: "8.10" # Quotes required to prevent YAML converting to number
+     gradle-version: '8.10' # Quotes required to prevent YAML converting to number
   - name: Build with Gradle 8.10
     run: gradle build
 ```
@@ -96,7 +96,7 @@ jobs:
         distribution: temurin
         java-version: 17
 
-    - uses: gradle/actions/setup-gradle@v4
+    - uses: gradle/actions/setup-gradle@v5
       id: setup-gradle
       with:
         gradle-version: release-candidate
@@ -218,9 +218,9 @@ jobs:
         distribution: temurin
         java-version: 17
 
-    - uses: gradle/actions/setup-gradle@v4
+    - uses: gradle/actions/setup-gradle@v5
       with:
-        gradle-version: 8.6
+        gradle-version: '8.6'
         cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
     - run: gradle build --configuration-cache
 ```
@@ -472,9 +472,9 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
-        add-job-summary-as-pr-comment: on-failure # Valid values are 'never' (default), 'always', and 'on-failure'
+        add-job-summary-as-pr-comment: 'on-failure' # Valid values are 'never' (default), 'always', and 'on-failure'
 
     - run: ./gradlew build --scan
 ```
@@ -509,7 +509,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
 
     - name: Run build with Gradle wrapper
       run: ./gradlew build --scan
@@ -540,7 +540,7 @@ If you do not want wrapper-validation to occur automatically, you can disable it
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
         validate-wrappers: false
 ```
@@ -552,7 +552,7 @@ These are not allowed by default.
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
         validate-wrappers: true
         allow-snapshot-wrappers: true
@@ -617,7 +617,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
         dependency-graph: generate-and-submit
     - name: Run the usual CI build (dependency-graph will be generated and submitted post-job)
@@ -644,7 +644,7 @@ graph cannot be generated or submitted. You can enable this behavior with the `d
 
 ```yaml
 # Ensure that the workflow Job will fail if the dependency graph cannot be submitted
-- uses: gradle/actions/setup-gradle@v4
+- uses: gradle/actions/setup-gradle@v5
   with:
     dependency-graph: generate-and-submit
     dependency-graph-continue-on-failure: false
@@ -669,13 +669,13 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
         dependency-graph: generate-and-submit
     - name: Run a build, resolving the 'dependency-graph' plugin from the plugin portal proxy
       run: ./gradlew build
       env:
-        GRADLE_PLUGIN_REPOSITORY_URL: "https://gradle-plugins-proxy.mycorp.com"
+        GRADLE_PLUGIN_REPOSITORY_URL: 'https://gradle-plugins-proxy.mycorp.com'
 
         # Set the following variables if your custom plugin repository requires authentication
         # GRADLE_PLUGIN_REPOSITORY_USERNAME: "username"
@@ -699,7 +699,7 @@ jobs:
         java-version: 17
 
     - name: Setup Gradle to generate and submit dependency graphs
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
         dependency-graph: generate-and-submit
     - name: Build the app, generating a graph of dependencies required
@@ -743,16 +743,19 @@ To publish to https://scans.gradle.com, you must specify in your workflow that y
 
 ```yaml
     - name: Setup Gradle to publish build scans
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
         build-scan-publish: true
-        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
-        build-scan-terms-of-use-agree: "yes"
+        build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service'
+        build-scan-terms-of-use-agree: 'yes'
 
     - name: Run a Gradle build - a build scan will be published automatically
       run: ./gradlew build
 ```
 
+If your build is configured to [publish on demand](https://docs.gradle.com/develocity/gradle-plugin/current/#publishing_on_demand) 
+using `onlyIf { false }`, setting `build-scan-publish: true` will not force a scan to be published.
+
 ## Managing Develocity access keys
 
 Develocity access keys are long-lived, creating risks if they are leaked. To mitigate this risk this, 
@@ -762,7 +765,7 @@ The short-lived access token will then be used wherever a Develocity access key
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
         develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }} # Long-lived access key, visiblility is restricted to this step.
 
@@ -780,10 +783,10 @@ To avoid this, use the `develocity-token-expiry` parameter to specify a differen
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
         develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
-        develocity-token-expiry: 8 # The number of hours that the access token should remain valid (max 24).
+        develocity-token-expiry: '8' # The number of hours that the access token should remain valid (max 24).
 ```
 
 ### Develocity access key supplied as environment variable
@@ -802,7 +805,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
 
     # The build will automatically use a short-lived access token to authenticate with Develocity
     - name: Run a Gradle build that is configured to publish to Develocity.
@@ -834,33 +837,33 @@ Here's a minimal example:
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
         develocity-injection-enabled: true
-        develocity-url: https://develocity.your-server.com
-        develocity-plugin-version: 3.17.5
+        develocity-url: 'https://develocity.your-server.com'
+        develocity-plugin-version: '4.0'
 
     - name: Run a Gradle build with Develocity injection enabled
       run: ./gradlew build
 ```
 
-This configuration will automatically apply `v3.19.2` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
+This configuration will automatically apply `v4.2.2` of the [Develocity Gradle plugin](https://docs.gradle.com/develocity/gradle-plugin/), and publish build scans to https://develocity.your-server.com.
 
 This example assumes that the `develocity.your-server.com` server allows anonymous publishing of build scans.
 In the likely scenario that your Develocity server requires authentication, you will also need to pass a valid [Develocity access key](https://docs.gradle.com/develocity/gradle-plugin/#via_environment_variable) taken from a secret:
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
       with:
         develocity-access-key: ${{ secrets.MY_DEVELOCITY_ACCESS_KEY }}
 
     - name: Run a Gradle build with Develocity injection enabled
       run: ./gradlew build
-      env:
-        DEVELOCITY_INJECTION_ENABLED: true
-        DEVELOCITY_URL: https://develocity.your-server.com
-        DEVELOCITY_PLUGIN_VERSION: 3.17
+      with:
+        develocity-injection-enabled: true
+        develocity-url: 'https://develocity.your-server.com'
+        develocity-plugin-version: '4.0'
 ```
 
 This access key will be used during the action execution to get a short-lived token and set it to the DEVELOCITY_ACCESS_KEY environment variable.
@@ -870,7 +873,7 @@ This access key will be used during the action execution to get a short-lived to
 The `init-script` supports several additional configuration parameters that you may find useful. All configuration options (required and optional) are detailed below:
 
 | Variable                             | Required | Description                                                                                                                                                             |
-|--------------------------------------| --- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|--------------------------------------| :---: |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | develocity-injection-enabled         | :white_check_mark: | enables Develocity injection                                                                                                                                            |
 | develocity-url                       | :white_check_mark: | the URL of the Develocity server                                                                                                                                        |
 | develocity-allow-untrusted-server    | | allow communication with an untrusted server; set to _true_ if your Develocity instance is using a self-signed certificate                                              |
@@ -885,33 +888,33 @@ The `init-script` supports several additional configuration parameters that you
 The input parameters can be expressed as environment variables following the relationships outlined in the table below:
 
 | Input                                | Environment Variable                           |
-|--------------------------------------|--------------------------------------|
+|--------------------------------------|------------------------------------------------|
 | develocity-injection-enabled         | DEVELOCITY_INJECTION_ENABLED                   |
-| develocity-url                       | DEVELOCITY_URL                       |
-| develocity-allow-untrusted-server    | DEVELOCITY_ALLOW_UNTRUSTED_SERVER    |
-| develocity-capture-file-fingerprints | DEVELOCITY_CAPTURE_FILE_FINGERPRINTS |
-| develocity-enforce-url               | DEVELOCITY_ENFORCE_URL               |
-| develocity-plugin-version            | DEVELOCITY_PLUGIN_VERSION            |
-| develocity-ccud-plugin-version       | DEVELOCITY_CCUD_PLUGIN_VERSION       |
-| gradle-plugin-repository-url         | GRADLE_PLUGIN_REPOSITORY_URL         |
-| gradle-plugin-repository-username    | GRADLE_PLUGIN_REPOSITORY_USERNAME    |
-| gradle-plugin-repository-password    | GRADLE_PLUGIN_REPOSITORY_PASSWORD    |
+| develocity-url                       | DEVELOCITY_INJECTION_URL                       |
+| develocity-enforce-url               | DEVELOCITY_INJECTION_ENFORCE_URL               |
+| develocity-allow-untrusted-server    | DEVELOCITY_INJECTION_ALLOW_UNTRUSTED_SERVER    |
+| develocity-capture-file-fingerprints | DEVELOCITY_INJECTION_CAPTURE_FILE_FINGERPRINTS |
+| develocity-plugin-version            | DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION |
+| develocity-ccud-plugin-version       | DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION       |
+| gradle-plugin-repository-url         | DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_URL     |
+| gradle-plugin-repository-username    | DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_USERNAME|
+| gradle-plugin-repository-password    | DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_PASSWORD|
 
 
 Here's an example using the env vars:
 
 ```yaml
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
 
     - name: Run a Gradle build with Develocity injection enabled with environment variables
       run: ./gradlew build
       env:
         DEVELOCITY_INJECTION_ENABLED: true
-        DEVELOCITY_URL: https://develocity.your-server.com
-        DEVELOCITY_ENFORCE_URL: true
-        DEVELOCITY_PLUGIN_VERSION: "3.19"
-        DEVELOCITY_CCUD_PLUGIN_VERSION: "2.1"
+        DEVELOCITY_INJECTION_URL: https://develocity.your-server.com
+        DEVELOCITY_INJECTION_ENFORCE_URL: true
+        DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: '4.0'
+        DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.2.1'
 ```
 
 # Dependency verification

docs/wrapper-validation.md

@@ -50,7 +50,7 @@ We created an example [Homoglyph attack PR here](https://github.com/JLLeitschuh/
 Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build:
 
 ```yaml
-uses: gradle/actions/wrapper-validation@v4
+uses: gradle/actions/wrapper-validation@v5
 ```
 
 This action step should precede any step using `gradle/gradle-build-action` or `gradle/actions/setup-gradle`.
@@ -73,7 +73,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: gradle/actions/wrapper-validation@v4
+      - uses: gradle/actions/wrapper-validation@v5
 ```
 
 ## Contributing to an external GitHub Repository

setup-gradle/README.md

@@ -26,7 +26,7 @@ jobs:
         distribution: 'temurin'
         java-version: 17
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@v5
     - name: Build with Gradle
       run: ./gradlew build
 ```

setup-gradle/action.yml

@@ -239,9 +239,10 @@ outputs:
     description: Version of Gradle that was setup by the action
 
 runs:
-  using: 'node20'
+  using: 'node24'
   main: '../dist/setup-gradle/main/index.js'
   post: '../dist/setup-gradle/post/index.js'
+  post-if: '!cancelled()'
 
 branding:
   icon: 'box'

sources/.eslintignore

@@ -1,3 +0,0 @@
-dist/
-lib/
-node_modules/

sources/.eslintrc.json

@@ -1,57 +0,0 @@
-{
-    "plugins": ["jest", "@typescript-eslint"],
-    "extends": ["plugin:github/recommended"],
-    "parser": "@typescript-eslint/parser",
-    "parserOptions": {
-      "ecmaVersion": 9,
-      "sourceType": "module",
-      "project": "./tsconfig.json"
-    },
-    "rules": {
-      "eslint-comments/no-use": "off",
-      "import/no-namespace": "off",
-      "i18n-text/no-en": "off",
-      "no-unused-vars": "off",
-      "no-shadow": "off",
-      "sort-imports": "off",
-      "github/array-foreach": "off",
-      "@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }],
-      "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
-      "@typescript-eslint/no-require-imports": "error",
-      "@typescript-eslint/array-type": "error",
-      "@typescript-eslint/await-thenable": "error",
-      "camelcase": "off",
-      "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
-      "@typescript-eslint/func-call-spacing": ["error", "never"],
-      "@typescript-eslint/no-array-constructor": "error",
-      "@typescript-eslint/no-empty-interface": "error",
-      "@typescript-eslint/no-explicit-any": "error",
-      "@typescript-eslint/no-extraneous-class": "error",
-      "@typescript-eslint/no-for-in-array": "error",
-      "@typescript-eslint/no-inferrable-types": "error",
-      "@typescript-eslint/no-misused-new": "error",
-      "@typescript-eslint/no-namespace": "error", 
-      "@typescript-eslint/no-non-null-assertion": "off",
-      "@typescript-eslint/no-shadow": "error",
-      "@typescript-eslint/no-unnecessary-qualifier": "error",
-      "@typescript-eslint/no-unnecessary-type-assertion": "error",
-      "@typescript-eslint/no-useless-constructor": "error",
-      "@typescript-eslint/no-var-requires": "error",
-      "@typescript-eslint/prefer-for-of": "warn",
-      "@typescript-eslint/prefer-function-type": "warn",
-      "@typescript-eslint/prefer-includes": "error",
-      "@typescript-eslint/prefer-string-starts-ends-with": "error",
-      "@typescript-eslint/promise-function-async": "error",
-      "@typescript-eslint/require-array-sort-compare": ["error", {"ignoreStringArrays":  true}],
-      "@typescript-eslint/restrict-plus-operands": "error",
-      "semi": "off",
-      "@typescript-eslint/semi": ["error", "never"],
-      "@typescript-eslint/type-annotation-spacing": "error",
-      "@typescript-eslint/unbound-method": "error"
-    },
-    "env": {
-      "node": true,
-      "es6": true,
-      "jest/globals": true
-    }
-  }

sources/.tool-versions

@@ -1,3 +1,3 @@
 # Configuration file for asdf version manager
-nodejs 20.10.0
-gradle 8.13
+nodejs 24.3.0
+gradle 8.14.2

sources/eslint.config.mjs

@@ -0,0 +1,70 @@
+import globals from "globals";
+import typescriptParser from "@typescript-eslint/parser";
+import typescriptPlugin from "@typescript-eslint/eslint-plugin";
+
+export default {
+
+    plugins: {
+        "@typescript-eslint": typescriptPlugin,
+    },
+
+    languageOptions: {
+        globals: {
+            ...globals.node,
+        },
+
+        ecmaVersion: 9,
+        sourceType: "module",
+
+        parser: typescriptParser,
+        parserOptions: {
+            project: "./tsconfig.json",
+        },
+    },
+
+    files: ['**/*.ts', '**/*.tsx'],
+
+    rules: {
+        camelcase: "off",
+        semi: "off",
+
+        "@typescript-eslint/explicit-member-accessibility": ["error", {
+            accessibility: "no-public",
+        }],
+
+        "@typescript-eslint/no-require-imports": "error",
+        "@typescript-eslint/array-type": "error",
+        "@typescript-eslint/await-thenable": "error",
+
+        "@typescript-eslint/explicit-function-return-type": ["error", {
+            allowExpressions: true,
+        }],
+
+        "@typescript-eslint/no-array-constructor": "error",
+        "@typescript-eslint/no-empty-interface": "error",
+        "@typescript-eslint/no-explicit-any": "error",
+        "@typescript-eslint/no-extraneous-class": "error",
+        "@typescript-eslint/no-for-in-array": "error",
+        "@typescript-eslint/no-inferrable-types": "error",
+        "@typescript-eslint/no-misused-new": "error",
+        "@typescript-eslint/no-namespace": "error",
+        "@typescript-eslint/no-non-null-assertion": "off",
+        "@typescript-eslint/no-shadow": "error",
+        "@typescript-eslint/no-unnecessary-qualifier": "error",
+        "@typescript-eslint/no-unnecessary-type-assertion": "error",
+        "@typescript-eslint/no-useless-constructor": "error",
+        "@typescript-eslint/no-var-requires": "error",
+        "@typescript-eslint/prefer-for-of": "warn",
+        "@typescript-eslint/prefer-function-type": "warn",
+        "@typescript-eslint/prefer-includes": "error",
+        "@typescript-eslint/prefer-string-starts-ends-with": "error",
+        "@typescript-eslint/promise-function-async": "error",
+
+        "@typescript-eslint/require-array-sort-compare": ["error", {
+            ignoreStringArrays: true,
+        }],
+
+        "@typescript-eslint/restrict-plus-operands": "error",
+        "@typescript-eslint/unbound-method": "error",
+    },
+};

sources/jest.config.js

@@ -6,5 +6,9 @@ module.exports = {
   transform: {
     '^.+\\.ts$': 'ts-jest'
   },
+  reporters: [
+      'default',
+      '@gradle-tech/develocity-agent/jest-reporter',
+  ],
   verbose: true
 }

sources/package.json

@@ -31,42 +31,50 @@
     "gradle"
   ],
   "license": "MIT",
+  "engines": {
+    "node": ">=24.0.0"
+  },
   "dependencies": {
     "@actions/artifact": "2.3.2",
-    "@actions/cache": "4.0.3",
+    "@actions/cache": "4.0.5",
     "@actions/core": "1.11.1",
     "@actions/exec": "1.1.1",
-    "@actions/github": "6.0.0",
+    "@actions/github": "6.0.1",
     "@actions/glob": "0.5.0",
     "@actions/http-client": "2.2.3",
     "@actions/tool-cache": "2.0.2",
-    "@octokit/rest": "21.1.1",
     "@octokit/webhooks-types": "7.6.1",
-    "cheerio": "^1.0.0",
-    "semver": "7.7.1",
+    "cheerio": "1.1.2",
+    "semver": "7.7.2",
     "string-argv": "0.3.2",
-    "typed-rest-client": "2.1.0",
     "unhomoglyph": "1.0.6",
     "which": "5.0.0"
   },
   "devDependencies": {
-    "@gradle/develocity-agent": "https://develocity-npm-pkgs.gradle.com/gradle-develocity-agent-0.9.0.tgz",
-    "@types/jest": "29.5.14",
-    "@types/node": "20.17.27",
+    "@gradle-tech/develocity-agent": "2.0.2",
+    "@jest/globals": "30.1.2",
+    "@types/jest": "30.0.0",
+    "@types/node": "24.5.2",
+    "@types/semver": "7.7.1",
     "@types/unzipper": "0.10.11",
     "@types/which": "3.0.4",
-    "@typescript-eslint/parser": "7.18.0",
-    "@vercel/ncc": "0.38.3",
-    "eslint": "8.57.1",
-    "eslint-plugin-github": "5.1.8",
-    "eslint-plugin-jest": "28.11.0",
-    "jest": "29.7.0",
-    "js-yaml": "4.1.0",
+    "@typescript-eslint/eslint-plugin": "8.44.1",
+    "@vercel/ncc": "0.38.4",
+    "dedent": "1.7.0",
+    "eslint": "9.24.0",
+    "globals": "16.4.0",
+    "jest": "30.1.3",
     "nock": "13.5.6",
     "npm-run-all": "4.1.5",
     "patch-package": "8.0.0",
-    "prettier": "3.5.3",
-    "ts-jest": "29.3.0",
-    "typescript": "5.8.2"
+    "prettier": "3.6.2",
+    "ts-jest": "29.4.4",
+    "typescript": "5.9.2"
+  },
+  "overrides": {
+    "@azure/logger": "1.1.4",
+    "@octokit/request": "8.4.1",
+    "@octokit/request-error": "5.1.1",
+    "@octokit/plugin-paginate-rest": "9.2.2"
   }
 }

sources/patches/@actions+cache+4.0.3.patch

@@ -1,183 +0,0 @@
-diff --git a/node_modules/@actions/cache/lib/cache.d.ts b/node_modules/@actions/cache/lib/cache.d.ts
-index ef0928b..4e2f570 100644
---- a/node_modules/@actions/cache/lib/cache.d.ts
-+++ b/node_modules/@actions/cache/lib/cache.d.ts
-@@ -21,7 +21,7 @@ export declare function isFeatureAvailable(): boolean;
-  * @param enableCrossOsArchive an optional boolean enabled to restore on windows any cache created on any platform
-  * @returns string returns the key for the cache hit, otherwise returns undefined
-  */
--export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<string | undefined>;
-+export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry | undefined>;
- /**
-  * Saves a list of files with the specified key
-  *
-@@ -31,4 +31,12 @@ export declare function restoreCache(paths: string[], primaryKey: string, restor
-  * @param options cache upload options
-  * @returns number returns cacheId if the cache was saved successfully and throws an error if save fails
-  */
--export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<number>;
-+export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry>;
-+
-+// PATCHED: Add `CacheEntry` as return type for save/restore functions
-+// This allows us to track and report on cache entry sizes.
-+export declare class CacheEntry {
-+    key: string;
-+    size?: number;
-+    constructor(key: string, size?: number);
-+}
-\ No newline at end of file
-diff --git a/node_modules/@actions/cache/lib/cache.js b/node_modules/@actions/cache/lib/cache.js
-index e9e45c9..336733b 100644
---- a/node_modules/@actions/cache/lib/cache.js
-+++ b/node_modules/@actions/cache/lib/cache.js
-@@ -154,18 +154,21 @@ function restoreCacheV1(paths, primaryKey, restoreKeys, options, enableCrossOsAr
-             core.info(`Cache Size: ~${Math.round(archiveFileSize / (1024 * 1024))} MB (${archiveFileSize} B)`);
-             yield (0, tar_1.extractTar)(archivePath, compressionMethod);
-             core.info('Cache restored successfully');
--            return cacheEntry.cacheKey;
--        }
--        catch (error) {
--            const typedError = error;
--            if (typedError.name === ValidationError.name) {
--                throw error;
--            }
--            else {
--                // Supress all non-validation cache related errors because caching should be optional
--                core.warning(`Failed to restore: ${error.message}`);
--            }
-+
-+            // PATCHED - Include size of restored entry
-+            return new CacheEntry(cacheEntry.cacheKey, archiveFileSize);;
-         }
-+            // PATCHED - propagate errors
-+            // catch (error) {
-+            //     const typedError = error;
-+            //     if (typedError.name === ValidationError.name) {
-+            //         throw error;
-+            //     }
-+            //     else {
-+            //         // Supress all non-validation cache related errors because caching should be optional
-+            //         core.warning(`Failed to restore: ${error.message}`);
-+            //     }
-+            // }
-         finally {
-             // Try to delete the archive to save space
-             try {
-@@ -232,18 +235,21 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
-             }
-             yield (0, tar_1.extractTar)(archivePath, compressionMethod);
-             core.info('Cache restored successfully');
--            return response.matchedKey;
--        }
--        catch (error) {
--            const typedError = error;
--            if (typedError.name === ValidationError.name) {
--                throw error;
--            }
--            else {
--                // Supress all non-validation cache related errors because caching should be optional
--                core.warning(`Failed to restore: ${error.message}`);
--            }
-+
-+            // PATCHED - Include size of restored entry
-+            return new CacheEntry(response.matchedKey, archiveFileSize);;
-         }
-+            // PATCHED - propagate errors
-+            // catch (error) {
-+            //     const typedError = error;
-+            //     if (typedError.name === ValidationError.name) {
-+            //         throw error;
-+            //     }
-+            //     else {
-+            //         // Supress all non-validation cache related errors because caching should be optional
-+            //         core.warning(`Failed to restore: ${error.message}`);
-+            //     }
-+            // }
-         finally {
-             try {
-                 if (archivePath) {
-@@ -334,19 +340,23 @@ function saveCacheV1(paths, key, options, enableCrossOsArchive = false) {
-             }
-             core.debug(`Saving Cache (ID: ${cacheId})`);
-             yield cacheHttpClient.saveCache(cacheId, archivePath, '', options);
-+
-+            // PATCHED - Include size of saved entry
-+            return new CacheEntry(key, archiveFileSize);
-         }
--        catch (error) {
--            const typedError = error;
--            if (typedError.name === ValidationError.name) {
--                throw error;
--            }
--            else if (typedError.name === ReserveCacheError.name) {
--                core.info(`Failed to save: ${typedError.message}`);
--            }
--            else {
--                core.warning(`Failed to save: ${typedError.message}`);
--            }
--        }
-+            // PATCHED - propagate errors
-+            // catch (error) {
-+            //     const typedError = error;
-+            //     if (typedError.name === ValidationError.name) {
-+            //         throw error;
-+            //     }
-+            //     else if (typedError.name === ReserveCacheError.name) {
-+            //         core.info(`Failed to save: ${typedError.message}`);
-+            //     }
-+            //     else {
-+            //         core.warning(`Failed to save: ${typedError.message}`);
-+            //     }
-+            // }
-         finally {
-             // Try to delete the archive to save space
-             try {
-@@ -430,19 +440,23 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
-                 throw new Error(`Unable to finalize cache with key ${key}, another job may be finalizing this cache.`);
-             }
-             cacheId = parseInt(finalizeResponse.entryId);
-+
-+            // PATCHED - Include size of saved entry
-+            return new CacheEntry(key, archiveFileSize);
-         }
--        catch (error) {
--            const typedError = error;
--            if (typedError.name === ValidationError.name) {
--                throw error;
--            }
--            else if (typedError.name === ReserveCacheError.name) {
--                core.info(`Failed to save: ${typedError.message}`);
--            }
--            else {
--                core.warning(`Failed to save: ${typedError.message}`);
--            }
--        }
-+            // PATCHED - propagate errors
-+            // catch (error) {
-+            //     const typedError = error;
-+            //     if (typedError.name === ValidationError.name) {
-+            //         throw error;
-+            //     }
-+            //     else if (typedError.name === ReserveCacheError.name) {
-+            //         core.info(`Failed to save: ${typedError.message}`);
-+            //     }
-+            //     else {
-+            //         core.warning(`Failed to save: ${typedError.message}`);
-+            //     }
-+            // }
-         finally {
-             // Try to delete the archive to save space
-             try {
-@@ -455,4 +469,11 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
-         return cacheId;
-     });
- }
-+// PATCHED - CacheEntry class
-+class CacheEntry {
-+    constructor(key, size) {
-+        this.key = key;
-+        this.size = size;
-+    }
-+}
- //# sourceMappingURL=cache.js.map
-\ No newline at end of file

sources/patches/@actions+cache+4.0.5.patch

@@ -0,0 +1,248 @@
+diff --git a/node_modules/@actions/cache/lib/cache.d.ts b/node_modules/@actions/cache/lib/cache.d.ts
+index ef0928b..d06e675 100644
+--- a/node_modules/@actions/cache/lib/cache.d.ts
++++ b/node_modules/@actions/cache/lib/cache.d.ts
+@@ -21,7 +21,8 @@ export declare function isFeatureAvailable(): boolean;
+  * @param enableCrossOsArchive an optional boolean enabled to restore on windows any cache created on any platform
+  * @returns string returns the key for the cache hit, otherwise returns undefined
+  */
+-export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<string | undefined>;
++export declare function restoreCache(paths: string[], primaryKey: string, restoreKeys?: string[], options?: DownloadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry | undefined>;
++
+ /**
+  * Saves a list of files with the specified key
+  *
+@@ -31,4 +32,12 @@ export declare function restoreCache(paths: string[], primaryKey: string, restor
+  * @param options cache upload options
+  * @returns number returns cacheId if the cache was saved successfully and throws an error if save fails
+  */
+-export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<number>;
++export declare function saveCache(paths: string[], key: string, options?: UploadOptions, enableCrossOsArchive?: boolean): Promise<CacheEntry>;
++
++// PATCHED: Add `CacheEntry` as return type for save/restore functions
++// This allows us to track and report on cache entry sizes.
++export declare class CacheEntry {
++    key: string;
++    size?: number;
++    constructor(key: string, size?: number);
++}
+diff --git a/node_modules/@actions/cache/lib/cache.js b/node_modules/@actions/cache/lib/cache.js
+index 41f2a37..2fe1600 100644
+--- a/node_modules/@actions/cache/lib/cache.js
++++ b/node_modules/@actions/cache/lib/cache.js
+@@ -165,26 +165,29 @@ function restoreCacheV1(paths, primaryKey, restoreKeys, options, enableCrossOsAr
+             core.info(`Cache Size: ~${Math.round(archiveFileSize / (1024 * 1024))} MB (${archiveFileSize} B)`);
+             yield (0, tar_1.extractTar)(archivePath, compressionMethod);
+             core.info('Cache restored successfully');
+-            return cacheEntry.cacheKey;
+-        }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else {
+-                // warn on cache restore failure and continue build
+-                // Log server errors (5xx) as errors, all other errors as warnings
+-                if (typedError instanceof http_client_1.HttpClientError &&
+-                    typeof typedError.statusCode === 'number' &&
+-                    typedError.statusCode >= 500) {
+-                    core.error(`Failed to restore: ${error.message}`);
+-                }
+-                else {
+-                    core.warning(`Failed to restore: ${error.message}`);
+-                }
+-            }
++
++            // PATCHED - Include size of restored entry
++            return new CacheEntry(cacheEntry.cacheKey, archiveFileSize);
+         }
++        // PATCHED - propagate errors
++        // catch (error) {
++        //    const typedError = error;
++        //    if (typedError.name === ValidationError.name) {
++        //        throw error;
++        //    }
++        //    else {
++        //        // warn on cache restore failure and continue build
++        //        // Log server errors (5xx) as errors, all other errors as warnings
++        //        if (typedError instanceof http_client_1.HttpClientError &&
++        //            typeof typedError.statusCode === 'number' &&
++        //            typedError.statusCode >= 500) {
++        //            core.error(`Failed to restore: ${error.message}`);
++        //        }
++        //        else {
++        //            core.warning(`Failed to restore: ${error.message}`);
++        //        }
++        //    }
++        //}
+         finally {
+             // Try to delete the archive to save space
+             try {
+@@ -257,26 +260,29 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
+             }
+             yield (0, tar_1.extractTar)(archivePath, compressionMethod);
+             core.info('Cache restored successfully');
+-            return response.matchedKey;
+-        }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else {
+-                // Supress all non-validation cache related errors because caching should be optional
+-                // Log server errors (5xx) as errors, all other errors as warnings
+-                if (typedError instanceof http_client_1.HttpClientError &&
+-                    typeof typedError.statusCode === 'number' &&
+-                    typedError.statusCode >= 500) {
+-                    core.error(`Failed to restore: ${error.message}`);
+-                }
+-                else {
+-                    core.warning(`Failed to restore: ${error.message}`);
+-                }
+-            }
++
++            // PATCHED - Include size of restored entry
++            return new CacheEntry(response.matchedKey, archiveFileSize);
+         }
++        // PATCHED - propagate errors
++        // catch (error) {
++        //    const typedError = error;
++        //    if (typedError.name === ValidationError.name) {
++        //        throw error;
++        //    }
++        //    else {
++        //        // Supress all non-validation cache related errors because caching should be optional
++        //        // Log server errors (5xx) as errors, all other errors as warnings
++        //        if (typedError instanceof http_client_1.HttpClientError &&
++        //            typeof typedError.statusCode === 'number' &&
++        //            typedError.statusCode >= 500) {
++        //            core.error(`Failed to restore: ${error.message}`);
++        //        }
++        //        else {
++        //            core.warning(`Failed to restore: ${error.message}`);
++        //        }
++        //    }
++        //}
+         finally {
+             try {
+                 if (archivePath) {
+@@ -367,27 +373,31 @@ function saveCacheV1(paths, key, options, enableCrossOsArchive = false) {
+             }
+             core.debug(`Saving Cache (ID: ${cacheId})`);
+             yield cacheHttpClient.saveCache(cacheId, archivePath, '', options);
++
++            // PATCHED - Include size of saved entry
++            return new CacheEntry(key, archiveFileSize);
+         }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else if (typedError.name === ReserveCacheError.name) {
+-                core.info(`Failed to save: ${typedError.message}`);
+-            }
+-            else {
+-                // Log server errors (5xx) as errors, all other errors as warnings
+-                if (typedError instanceof http_client_1.HttpClientError &&
+-                    typeof typedError.statusCode === 'number' &&
+-                    typedError.statusCode >= 500) {
+-                    core.error(`Failed to save: ${typedError.message}`);
+-                }
+-                else {
+-                    core.warning(`Failed to save: ${typedError.message}`);
+-                }
+-            }
+-        }
++        // PATCHED - propagate errors
++        //catch (error) {
++        //    const typedError = error;
++        //    if (typedError.name === ValidationError.name) {
++        //        throw error;
++        //    }
++        //    else if (typedError.name === ReserveCacheError.name) {
++        //        core.info(`Failed to save: ${typedError.message}`);
++        //    }
++        //    else {
++        //        // Log server errors (5xx) as errors, all other errors as warnings
++        //        if (typedError instanceof http_client_1.HttpClientError &&
++        //            typeof typedError.statusCode === 'number' &&
++        //            typedError.statusCode >= 500) {
++        //            core.error(`Failed to save: ${typedError.message}`);
++        //        }
++        //        else {
++        //            core.warning(`Failed to save: ${typedError.message}`);
++        //        }
++        //    }
++        //}
+         finally {
+             // Try to delete the archive to save space
+             try {
+@@ -471,27 +481,31 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
+                 throw new Error(`Unable to finalize cache with key ${key}, another job may be finalizing this cache.`);
+             }
+             cacheId = parseInt(finalizeResponse.entryId);
++
++            // PATCHED - Include size of saved entry
++            return new CacheEntry(key, archiveFileSize);
+         }
+-        catch (error) {
+-            const typedError = error;
+-            if (typedError.name === ValidationError.name) {
+-                throw error;
+-            }
+-            else if (typedError.name === ReserveCacheError.name) {
+-                core.info(`Failed to save: ${typedError.message}`);
+-            }
+-            else {
+-                // Log server errors (5xx) as errors, all other errors as warnings
+-                if (typedError instanceof http_client_1.HttpClientError &&
+-                    typeof typedError.statusCode === 'number' &&
+-                    typedError.statusCode >= 500) {
+-                    core.error(`Failed to save: ${typedError.message}`);
+-                }
+-                else {
+-                    core.warning(`Failed to save: ${typedError.message}`);
+-                }
+-            }
+-        }
++        // PATCHED - propagate errors
++        //catch (error) {
++        //    const typedError = error;
++        //    if (typedError.name === ValidationError.name) {
++        //        throw error;
++        //    }
++        //    else if (typedError.name === ReserveCacheError.name) {
++        //        core.info(`Failed to save: ${typedError.message}`);
++        //    }
++        //    else {
++        //        // Log server errors (5xx) as errors, all other errors as warnings
++        //        if (typedError instanceof http_client_1.HttpClientError &&
++        //            typeof typedError.statusCode === 'number' &&
++        //            typedError.statusCode >= 500) {
++        //            core.error(`Failed to save: ${typedError.message}`);
++        //        }
++        //        else {
++        //            core.warning(`Failed to save: ${typedError.message}`);
++        //        }
++        //    }
++        //}
+         finally {
+             // Try to delete the archive to save space
+             try {
+@@ -504,4 +518,12 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
+         return cacheId;
+     });
+ }
++// PATCHED - CacheEntry class
++class CacheEntry {
++    constructor(key, size) {
++        this.key = key;
++        this.size = size;
++    }
++}
++
+ //# sourceMappingURL=cache.js.map
+\ No newline at end of file

sources/patches/@azure+logger+1.0.4.patch

@@ -1,48 +0,0 @@
-diff --git a/node_modules/@azure/logger/dist-esm/src/debug.js b/node_modules/@azure/logger/dist-esm/src/debug.js
-index d202779..30e8313 100644
---- a/node_modules/@azure/logger/dist-esm/src/debug.js
-+++ b/node_modules/@azure/logger/dist-esm/src/debug.js
-@@ -7,7 +7,7 @@ let enabledNamespaces = [];
- let skippedNamespaces = [];
- const debuggers = [];
- if (debugEnvVariable) {
--    enable(debugEnvVariable);
-+    // enable(debugEnvVariable);
- }
- const debugObj = Object.assign((namespace) => {
-     return createDebugger(namespace);
-diff --git a/node_modules/@azure/logger/dist-esm/src/index.js b/node_modules/@azure/logger/dist-esm/src/index.js
-index cc25720..2925db5 100644
---- a/node_modules/@azure/logger/dist-esm/src/index.js
-+++ b/node_modules/@azure/logger/dist-esm/src/index.js
-@@ -20,7 +20,7 @@ if (logLevelFromEnv) {
-         setLogLevel(logLevelFromEnv);
-     }
-     else {
--        console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
-+        console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
-     }
- }
- /**
-diff --git a/node_modules/@azure/logger/dist/index.js b/node_modules/@azure/logger/dist/index.js
-index 81e97c3..a415e2f 100644
---- a/node_modules/@azure/logger/dist/index.js
-+++ b/node_modules/@azure/logger/dist/index.js
-@@ -21,7 +21,7 @@ let enabledNamespaces = [];
- let skippedNamespaces = [];
- const debuggers = [];
- if (debugEnvVariable) {
--    enable(debugEnvVariable);
-+    // enable(debugEnvVariable);
- }
- const debugObj = Object.assign((namespace) => {
-     return createDebugger(namespace);
-@@ -125,7 +125,7 @@ if (logLevelFromEnv) {
-         setLogLevel(logLevelFromEnv);
-     }
-     else {
--        console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
-+        console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
-     }
- }
- /**

sources/src/caching/cache-cleaner.ts

@@ -44,7 +44,7 @@ export class CacheCleaner {
                     .filter(Boolean) as string[]
 
                 return await provisioner.provisionGradleWithVersionAtLeast(preferredVersion, wrapperScripts)
-            } catch (e) {
+            } catch (_) {
                 // Ignore the case where the preferred version cannot be located in https://services.gradle.org/versions/all.
                 // This can happen for snapshot Gradle versions.
                 core.info(

sources/src/configuration.ts

@@ -71,6 +71,10 @@ export class DependencyGraphConfig {
         return getOptionalInput('dependency-graph-include-configurations')
     }
 
+    getPluginRepository(): PluginRepositoryConfig {
+        return new PluginRepositoryConfig()
+    }
+
     static constructJobCorrelator(workflow: string, jobId: string, matrixJson: string): string {
         const matrixString = this.describeMatrix(matrixJson)
         const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`
@@ -301,16 +305,8 @@ export class BuildScanConfig {
         return core.getInput('develocity-ccud-plugin-version')
     }
 
-    getGradlePluginRepositoryUrl(): string {
-        return core.getInput('gradle-plugin-repository-url')
-    }
-
-    getGradlePluginRepositoryUsername(): string {
-        return core.getInput('gradle-plugin-repository-username')
-    }
-
-    getGradlePluginRepositoryPassword(): string {
-        return core.getInput('gradle-plugin-repository-password')
+    getPluginRepository(): PluginRepositoryConfig {
+        return new PluginRepositoryConfig()
     }
 
     private verifyTermsOfUseAgreement(): boolean {
@@ -328,6 +324,20 @@ export class BuildScanConfig {
     }
 }
 
+export class PluginRepositoryConfig {
+    getUrl(): string | undefined {
+        return getOptionalInput('gradle-plugin-repository-url')
+    }
+
+    getUsername(): string | undefined {
+        return getOptionalInput('gradle-plugin-repository-username')
+    }
+
+    getPassword(): string | undefined {
+        return getOptionalInput('gradle-plugin-repository-password')
+    }
+}
+
 export class GradleExecutionConfig {
     getGradleVersion(): string {
         return core.getInput('gradle-version')

sources/src/dependency-graph.ts

@@ -3,7 +3,6 @@ import * as github from '@actions/github'
 import * as glob from '@actions/glob'
 import {DefaultArtifactClient} from '@actions/artifact'
 import {GitHub} from '@actions/github/lib/utils'
-import {RequestError} from '@octokit/request-error'
 import type {PullRequestEvent} from '@octokit/webhooks-types'
 
 import * as path from 'path'
@@ -41,6 +40,10 @@ export async function setup(config: DependencyGraphConfig): Promise<void> {
     maybeExportVariable('DEPENDENCY_GRAPH_INCLUDE_PROJECTS', config.getIncludeProjects())
     maybeExportVariable('DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS', config.getExcludeConfigurations())
     maybeExportVariable('DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS', config.getIncludeConfigurations())
+
+    maybeExportVariable('GRADLE_PLUGIN_REPOSITORY_URL', config.getPluginRepository().getUrl())
+    maybeExportVariable('GRADLE_PLUGIN_REPOSITORY_USERNAME', config.getPluginRepository().getUsername())
+    maybeExportVariable('GRADLE_PLUGIN_REPOSITORY_PASSWORD', config.getPluginRepository().getPassword())
 }
 
 function maybeExportVariable(variableName: string, value: string | boolean | undefined): void {
@@ -191,7 +194,7 @@ async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<v
         try {
             await submitDependencyGraphFile(dependencyGraphFile)
         } catch (error) {
-            if (error instanceof RequestError) {
+            if (error instanceof Error && error.name === 'HttpError') {
                 error.message = translateErrorMessage(dependencyGraphFile, error)
             }
             throw error
@@ -199,7 +202,7 @@ async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<v
     }
 }
 
-function translateErrorMessage(jsonFile: string, error: RequestError): string {
+function translateErrorMessage(jsonFile: string, error: Error): string {
     const relativeJsonFile = getRelativePathFromWorkspace(jsonFile)
     const mainWarning = `Dependency submission failed for ${relativeJsonFile}.\n${error.message}`
     if (error.message === 'Resource not accessible by integration') {

sources/src/develocity/build-scan.ts

@@ -4,28 +4,40 @@ import {setupToken} from './short-lived-token'
 
 export async function setup(config: BuildScanConfig): Promise<void> {
     maybeExportVariable('DEVELOCITY_INJECTION_INIT_SCRIPT_NAME', 'gradle-actions.inject-develocity.init.gradle')
-    maybeExportVariable('DEVELOCITY_AUTO_INJECTION_CUSTOM_VALUE', 'gradle-actions')
+    maybeExportVariable('DEVELOCITY_INJECTION_CUSTOM_VALUE', 'gradle-actions')
 
     maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_ENABLED', config.getDevelocityInjectionEnabled())
-    maybeExportVariableNotEmpty('DEVELOCITY_URL', config.getDevelocityUrl())
-    maybeExportVariableNotEmpty('DEVELOCITY_ALLOW_UNTRUSTED_SERVER', config.getDevelocityAllowUntrustedServer())
-    maybeExportVariableNotEmpty('DEVELOCITY_CAPTURE_FILE_FINGERPRINTS', config.getDevelocityCaptureFileFingerprints())
-    maybeExportVariableNotEmpty('DEVELOCITY_ENFORCE_URL', config.getDevelocityEnforceUrl())
-    maybeExportVariableNotEmpty('DEVELOCITY_PLUGIN_VERSION', config.getDevelocityPluginVersion())
-    maybeExportVariableNotEmpty('DEVELOCITY_CCUD_PLUGIN_VERSION', config.getDevelocityCcudPluginVersion())
-    maybeExportVariableNotEmpty('GRADLE_PLUGIN_REPOSITORY_URL', config.getGradlePluginRepositoryUrl())
-    maybeExportVariableNotEmpty('GRADLE_PLUGIN_REPOSITORY_USERNAME', config.getGradlePluginRepositoryUsername())
-    maybeExportVariableNotEmpty('GRADLE_PLUGIN_REPOSITORY_PASSWORD', config.getGradlePluginRepositoryPassword())
+    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_URL', config.getDevelocityUrl())
+    maybeExportVariableNotEmpty(
+        'DEVELOCITY_INJECTION_ALLOW_UNTRUSTED_SERVER',
+        config.getDevelocityAllowUntrustedServer()
+    )
+    maybeExportVariableNotEmpty(
+        'DEVELOCITY_INJECTION_CAPTURE_FILE_FINGERPRINTS',
+        config.getDevelocityCaptureFileFingerprints()
+    )
+    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_ENFORCE_URL', config.getDevelocityEnforceUrl())
+    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION', config.getDevelocityPluginVersion())
+    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION', config.getDevelocityCcudPluginVersion())
+    maybeExportVariableNotEmpty('DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_URL', config.getPluginRepository().getUrl())
+    maybeExportVariableNotEmpty(
+        'DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_USERNAME',
+        config.getPluginRepository().getUsername()
+    )
+    maybeExportVariableNotEmpty(
+        'DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_PASSWORD',
+        config.getPluginRepository().getPassword()
+    )
 
     // If build-scan-publish is enabled, ensure the environment variables are set
     // The DEVELOCITY_PLUGIN_VERSION and DEVELOCITY_CCUD_PLUGIN_VERSION are set to the latest versions
     // except if they are defined in the configuration
     if (config.getBuildScanPublishEnabled()) {
         maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
-        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.19.2')
-        maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '2.1')
-        maybeExportVariable('DEVELOCITY_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
-        maybeExportVariable('DEVELOCITY_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())
+        maybeExportVariable('DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION', '4.2.2')
+        maybeExportVariable('DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION', '2.1')
+        maybeExportVariable('DEVELOCITY_INJECTION_TERMS_OF_USE_URL', config.getBuildScanTermsOfUseUrl())
+        maybeExportVariable('DEVELOCITY_INJECTION_TERMS_OF_USE_AGREE', config.getBuildScanTermsOfUseAgree())
     }
 
     return setupToken(

sources/src/develocity/short-lived-token.ts

@@ -1,5 +1,5 @@
-import * as httpm from 'typed-rest-client/HttpClient'
 import * as core from '@actions/core'
+import * as httpm from '@actions/http-client'
 import {BuildScanConfig} from '../configuration'
 import {recordDeprecation} from '../deprecation-collector'
 
@@ -106,7 +106,7 @@ class ShortLivedTokenClient {
                 // This should be only 404
                 attempts++
                 if (attempts === this.maxRetries) {
-                    return new Promise((resolve, reject) =>
+                    return new Promise((_resolve, reject) =>
                         reject(
                             new Error(
                                 `Develocity short lived token request failed ${serverUrl} with status code ${response.message.statusCode}`
@@ -117,12 +117,12 @@ class ShortLivedTokenClient {
             } catch (error) {
                 attempts++
                 if (attempts === this.maxRetries) {
-                    return new Promise((resolve, reject) => reject(error))
+                    return new Promise((_resolve, reject) => reject(error))
                 }
             }
             await new Promise(resolve => setTimeout(resolve, this.retryInterval))
         }
-        return new Promise((resolve, reject) => reject(new Error('Illegal state')))
+        return new Promise((_resolve, reject) => reject(new Error('Illegal state')))
     }
 }
 

sources/src/errors.ts

@@ -41,7 +41,7 @@ export function handlePostActionError(error: unknown): void {
             core.info(error.stack)
         }
     } else {
-        core.warning(`Unhandled error in Gradle post-action - job will continue: ${error}`)
+        core.warning(`Unhandled error in Gradle post-action. Job will continue: ${error}`)
         if (error instanceof Error && error.stack) {
             core.info(error.stack)
         }

sources/src/job-summary.ts

@@ -1,6 +1,5 @@
 import * as core from '@actions/core'
 import * as github from '@actions/github'
-import {RequestError} from '@octokit/request-error'
 
 import {BuildResults, BuildResult} from './build-results'
 import {SummaryConfig, getActionId, getGithubToken} from './configuration'
@@ -66,7 +65,7 @@ ${jobSummary}`
             body: prComment
         })
     } catch (error) {
-        if (error instanceof RequestError) {
+        if (error instanceof Error && error.name === 'HttpError') {
             core.warning(buildWarningMessage(error))
         } else {
             throw error
@@ -74,7 +73,7 @@ ${jobSummary}`
     }
 }
 
-function buildWarningMessage(error: RequestError): string {
+function buildWarningMessage(error: Error): string {
     const mainWarning = `Failed to generate PR comment.\n${String(error)}`
     if (error.message === 'Resource not accessible by integration') {
         return `${mainWarning}

sources/src/resources/init-scripts/gradle-actions.github-dependency-graph-gradle-plugin-apply.groovy

@@ -6,7 +6,7 @@ buildscript {
   def pluginRepositoryUrl = getInputParam('gradle.plugin-repository.url') ?: 'https://plugins.gradle.org/m2'
   def pluginRepositoryUsername = getInputParam('gradle.plugin-repository.username')
   def pluginRepositoryPassword = getInputParam('gradle.plugin-repository.password')
-  def dependencyGraphPluginVersion = getInputParam('dependency-graph-plugin.version') ?: '1.3.2'
+  def dependencyGraphPluginVersion = getInputParam('dependency-graph-plugin.version') ?: '1.4.0'
 
   logger.lifecycle("Resolving dependency graph plugin ${dependencyGraphPluginVersion} from plugin repository: ${pluginRepositoryUrl}")
   repositories {

sources/src/resources/init-scripts/gradle-actions.inject-develocity.init.gradle

@@ -1,6 +1,6 @@
 /*
  * Initscript for injection of Develocity into Gradle builds.
- * Version: 1.2
+ * Version: 2.0
  */
 
 import org.gradle.util.GradleVersion
@@ -18,36 +18,37 @@ initscript {
         return gradle.startParameter.systemPropertiesArgs[name] ?: System.getProperty(name) ?: System.getenv(envVarName)
     }
 
-    def requestedInitScriptName = getInputParam(gradle, 'develocity.injection.init-script-name')
+    def requestedInitScriptName = getInputParam(gradle, 'develocity-injection.init-script-name')
     def initScriptName = buildscript.sourceFile.name
     if (requestedInitScriptName != initScriptName) {
         return
     }
 
     // Plugin loading is only required for Develocity injection. Abort early if not enabled.
-    def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam(gradle, "develocity.injection-enabled"))
+    def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam(gradle, "develocity-injection.enabled"))
     if (!develocityInjectionEnabled) {
         return
     }
 
-    def pluginRepositoryUrl = getInputParam(gradle, 'gradle.plugin-repository.url')
-    def pluginRepositoryUsername = getInputParam(gradle, 'gradle.plugin-repository.username')
-    def pluginRepositoryPassword = getInputParam(gradle, 'gradle.plugin-repository.password')
-    def develocityPluginVersion = getInputParam(gradle, 'develocity.plugin.version')
-    def ccudPluginVersion = getInputParam(gradle, 'develocity.ccud-plugin.version')
+    def pluginRepositoryUrl = getInputParam(gradle, 'develocity-injection.plugin-repository.url')
+    def pluginRepositoryUsername = getInputParam(gradle, 'develocity-injection.plugin-repository.username')
+    def pluginRepositoryPassword = getInputParam(gradle, 'develocity-injection.plugin-repository.password')
+    def develocityPluginVersion = getInputParam(gradle, 'develocity-injection.develocity-plugin.version')
+    def ccudPluginVersion = getInputParam(gradle, 'develocity-injection.ccud-plugin.version')
+    def logLevel = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.debug')) ? LogLevel.LIFECYCLE : LogLevel.INFO
 
     def atLeastGradle5 = GradleVersion.current() >= GradleVersion.version('5.0')
     def atLeastGradle4 = GradleVersion.current() >= GradleVersion.version('4.0')
 
     if (develocityPluginVersion || ccudPluginVersion && atLeastGradle4) {
         pluginRepositoryUrl = pluginRepositoryUrl ?: 'https://plugins.gradle.org/m2'
-        logger.lifecycle("Develocity plugins resolution: $pluginRepositoryUrl")
+        logger.log(logLevel, "Develocity plugins resolution: $pluginRepositoryUrl")
 
         repositories {
             maven {
                 url = pluginRepositoryUrl
                 if (pluginRepositoryUsername && pluginRepositoryPassword) {
-                    logger.lifecycle("Using credentials for plugin repository")
+                    logger.log(logLevel, "Using credentials for plugin repository")
                     credentials {
                         username = pluginRepositoryUsername
                         password = pluginRepositoryPassword
@@ -90,15 +91,15 @@ if (!isTopLevelBuild) {
     return
 }
 
-def requestedInitScriptName = getInputParam(gradle, 'develocity.injection.init-script-name')
+def requestedInitScriptName = getInputParam(gradle, 'develocity-injection.init-script-name')
 def initScriptName = buildscript.sourceFile.name
+
+def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam(gradle, "develocity-injection.enabled"))
+if (develocityInjectionEnabled) {
     if (requestedInitScriptName != initScriptName) {
-    logger.quiet("Ignoring init script '${initScriptName}' as requested name '${requestedInitScriptName}' does not match")
+        logger.log(LogLevel.WARN, "Develocity injection not enabled because requested init script name was '${requestedInitScriptName}', but '${initScriptName}' was expected")
         return
     }
-
-def develocityInjectionEnabled = Boolean.parseBoolean(getInputParam(gradle, "develocity.injection-enabled"))
-if (develocityInjectionEnabled) {
     enableDevelocityInjection()
 }
 
@@ -106,6 +107,10 @@ if (develocityInjectionEnabled) {
 def buildScanCollector = new BuildScanCollector()
 def buildScanCaptureEnabled = buildScanCollector.metaClass.respondsTo(buildScanCollector, 'captureBuildScanLink', String)
 if (buildScanCaptureEnabled) {
+    if (requestedInitScriptName != initScriptName) {
+        logger.log(LogLevel.WARN, "Build Scan capture not enabled because requested init script name was '${requestedInitScriptName}', but '${initScriptName}' was expected")
+        return
+    }
     enableBuildScanLinkCapture(buildScanCollector)
 }
 
@@ -122,16 +127,17 @@ void enableDevelocityInjection() {
     def CCUD_PLUGIN_ID = 'com.gradle.common-custom-user-data-gradle-plugin'
     def CCUD_PLUGIN_CLASS = 'com.gradle.CommonCustomUserDataGradlePlugin'
 
-    def develocityUrl = getInputParam(gradle, 'develocity.url')
-    def develocityAllowUntrustedServer = Boolean.parseBoolean(getInputParam(gradle, 'develocity.allow-untrusted-server'))
-    def develocityEnforceUrl = Boolean.parseBoolean(getInputParam(gradle, 'develocity.enforce-url'))
-    def buildScanUploadInBackground = Boolean.parseBoolean(getInputParam(gradle, 'develocity.build-scan.upload-in-background'))
-    def develocityCaptureFileFingerprints = getInputParam(gradle, 'develocity.capture-file-fingerprints') ? Boolean.parseBoolean(getInputParam(gradle, 'develocity.capture-file-fingerprints')) : true
-    def develocityPluginVersion = getInputParam(gradle, 'develocity.plugin.version')
-    def ccudPluginVersion = getInputParam(gradle, 'develocity.ccud-plugin.version')
-    def buildScanTermsOfUseUrl = getInputParam(gradle, 'develocity.terms-of-use.url')
-    def buildScanTermsOfUseAgree = getInputParam(gradle, 'develocity.terms-of-use.agree')
-    def ciAutoInjectionCustomValueValue = getInputParam(gradle, 'develocity.auto-injection.custom-value')
+    def develocityUrl = getInputParam(gradle, 'develocity-injection.url')
+    def develocityAllowUntrustedServer = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.allow-untrusted-server'))
+    def develocityEnforceUrl = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.enforce-url'))
+    def buildScanUploadInBackground = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.upload-in-background'))
+    def develocityCaptureFileFingerprints = getInputParam(gradle, 'develocity-injection.capture-file-fingerprints') ? Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.capture-file-fingerprints')) : true
+    def develocityPluginVersion = getInputParam(gradle, 'develocity-injection.develocity-plugin.version')
+    def ccudPluginVersion = getInputParam(gradle, 'develocity-injection.ccud-plugin.version')
+    def buildScanTermsOfUseUrl = getInputParam(gradle, 'develocity-injection.terms-of-use.url')
+    def buildScanTermsOfUseAgree = getInputParam(gradle, 'develocity-injection.terms-of-use.agree')
+    def ciAutoInjectionCustomValueValue = getInputParam(gradle, 'develocity-injection.custom-value')
+    def logLevel = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.debug')) ? LogLevel.LIFECYCLE : LogLevel.INFO
 
     def atLeastGradle5 = GradleVersion.current() >= GradleVersion.version('5.0')
     def atLeastGradle4 = GradleVersion.current() >= GradleVersion.version('4.0')
@@ -145,22 +151,22 @@ void enableDevelocityInjection() {
     }
 
     def printEnforcingDevelocityUrl = {
-        logger.lifecycle("Enforcing Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer")
+        logger.log(logLevel, "Enforcing Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer")
     }
 
     def printAcceptingGradleTermsOfUse = {
-        logger.lifecycle("Accepting Gradle Terms of Use: $buildScanTermsOfUseUrl")
+        logger.log(logLevel, "Accepting Gradle Terms of Use: $buildScanTermsOfUseUrl")
     }
 
     // finish early if DV plugin version is unsupported (v3.6.4 is the minimum version tested and supports back to DV 2021.1)
     if (develocityPluginVersion && isNotAtLeast(develocityPluginVersion, '3.6.4')) {
-        logger.warn("Develocity Gradle plugin must be at least 3.6.4. Configured version is $develocityPluginVersion.")
+        logger.log(LogLevel.WARN, "Develocity Gradle plugin must be at least 3.6.4. Configured version is $develocityPluginVersion.")
         return
     }
 
     // finish early if configuration parameters passed in via system properties are not valid/supported
     if (ccudPluginVersion && isNotAtLeast(ccudPluginVersion, '1.7')) {
-        logger.warn("Common Custom User Data Gradle plugin must be at least 1.7. Configured version is $ccudPluginVersion.")
+        logger.log(LogLevel.WARN, "Common Custom User Data Gradle plugin must be at least 1.7. Configured version is $ccudPluginVersion.")
         return
     }
 
@@ -187,7 +193,7 @@ void enableDevelocityInjection() {
                             { rootExtension }
                         )
                         if (develocityUrl) {
-                            logger.lifecycle("Connection to Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
+                            logger.log(logLevel, "Connection to Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
                             rootExtension.server = develocityUrl
                             rootExtension.allowUntrustedServer = develocityAllowUntrustedServer
                         }
@@ -197,7 +203,7 @@ void enableDevelocityInjection() {
                         }
                         buildScanExtension.value CI_AUTO_INJECTION_CUSTOM_VALUE_NAME, ciAutoInjectionCustomValueValue
                         if (isAtLeast(develocityPluginVersion, '2.1') && atLeastGradle5) {
-                            logger.lifecycle("Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
+                            logger.log(logLevel, "Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
                             if (isAtLeast(develocityPluginVersion, '3.17')) {
                                 buildScanExtension.capture.fileFingerprints.set(develocityCaptureFileFingerprints)
                             } else if (isAtLeast(develocityPluginVersion, '3.7')) {
@@ -225,7 +231,7 @@ void enableDevelocityInjection() {
                             develocity.buildScan.termsOfUseAgree = buildScanTermsOfUseAgree
                         }
 
-                        logger.lifecycle("Setting uploadInBackground: $buildScanUploadInBackground")
+                        logger.log(logLevel, "Setting uploadInBackground: $buildScanUploadInBackground")
                         develocity.buildScan.uploadInBackground = buildScanUploadInBackground
                     },
                     { buildScan ->
@@ -250,7 +256,7 @@ void enableDevelocityInjection() {
 
                         // uploadInBackground available for build-scan-plugin 3.3.4 and later only
                         if (buildScan.metaClass.respondsTo(buildScan, 'setUploadInBackground', Boolean)) {
-                            logger.lifecycle("Setting uploadInBackground: $buildScanUploadInBackground")
+                            logger.log(logLevel, "Setting uploadInBackground: $buildScanUploadInBackground")
                             buildScan.uploadInBackground = buildScanUploadInBackground
                         }
                     }
@@ -261,7 +267,7 @@ void enableDevelocityInjection() {
                         it.moduleVersion.with { group == "com.gradle" && name == "common-custom-user-data-gradle-plugin" }
                     }
                     if (!ccudPluginComponent) {
-                        logger.lifecycle("Applying $CCUD_PLUGIN_CLASS with version $ccudPluginVersion via init script")
+                        logger.log(logLevel, "Applying $CCUD_PLUGIN_CLASS with version $ccudPluginVersion via init script")
                         pluginManager.apply(initscript.classLoader.loadClass(CCUD_PLUGIN_CLASS))
                     }
                 }
@@ -274,7 +280,7 @@ void enableDevelocityInjection() {
                     def pluginClass = dvOrGe(DEVELOCITY_PLUGIN_CLASS, GRADLE_ENTERPRISE_PLUGIN_CLASS)
                     applyPluginExternally(settings.pluginManager, pluginClass, develocityPluginVersion)
                     if (develocityUrl) {
-                        logger.lifecycle("Connection to Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
+                        logger.log(logLevel, "Connection to Develocity: $develocityUrl, allowUntrustedServer: $develocityAllowUntrustedServer, captureFileFingerprints: $develocityCaptureFileFingerprints")
                         eachDevelocitySettingsExtension(settings) { ext ->
                             // server and allowUntrustedServer must be configured via buildScan extension for gradle-enterprise-plugin 3.1.1 and earlier
                             if (ext.metaClass.respondsTo(ext, 'getServer')) {
@@ -293,13 +299,13 @@ void enableDevelocityInjection() {
 
                     eachDevelocitySettingsExtension(settings,
                         { develocity ->
-                            logger.lifecycle("Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
+                            logger.log(logLevel, "Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
                             develocity.buildScan.capture.fileFingerprints = develocityCaptureFileFingerprints
                         },
                         { gradleEnterprise ->
                             gradleEnterprise.buildScan.publishAlways()
                             if (isAtLeast(develocityPluginVersion, '2.1')) {
-                                logger.lifecycle("Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
+                                logger.log(logLevel, "Setting captureFileFingerprints: $develocityCaptureFileFingerprints")
                                 if (isAtLeast(develocityPluginVersion, '3.7')) {
                                     gradleEnterprise.buildScan.capture.taskInputFiles = develocityCaptureFileFingerprints
                                 } else {
@@ -325,7 +331,7 @@ void enableDevelocityInjection() {
                         develocity.buildScan.termsOfUseAgree = buildScanTermsOfUseAgree
                     }
 
-                    logger.lifecycle("Setting uploadInBackground: $buildScanUploadInBackground")
+                    logger.log(logLevel, "Setting uploadInBackground: $buildScanUploadInBackground")
                     develocity.buildScan.uploadInBackground = buildScanUploadInBackground
                 },
                 { gradleEnterprise ->
@@ -349,7 +355,7 @@ void enableDevelocityInjection() {
 
                     // uploadInBackground available for gradle-enterprise-plugin 3.3.4 and later only
                     if (gradleEnterprise.buildScan.metaClass.respondsTo(gradleEnterprise.buildScan, 'setUploadInBackground', Boolean)) {
-                        logger.lifecycle("Setting uploadInBackground: $buildScanUploadInBackground")
+                        logger.log(logLevel, "Setting uploadInBackground: $buildScanUploadInBackground")
                         gradleEnterprise.buildScan.uploadInBackground = buildScanUploadInBackground
                     }
                 }
@@ -357,7 +363,7 @@ void enableDevelocityInjection() {
 
             if (ccudPluginVersion) {
                 if (!settings.pluginManager.hasPlugin(CCUD_PLUGIN_ID)) {
-                    logger.lifecycle("Applying $CCUD_PLUGIN_CLASS with version $ccudPluginVersion via init script")
+                    logger.log(logLevel, "Applying $CCUD_PLUGIN_CLASS with version $ccudPluginVersion via init script")
                     settings.pluginManager.apply(initscript.classLoader.loadClass(CCUD_PLUGIN_CLASS))
                 }
             }
@@ -366,7 +372,8 @@ void enableDevelocityInjection() {
 }
 
 void applyPluginExternally(def pluginManager, String pluginClassName, String pluginVersion) {
-    logger.lifecycle("Applying $pluginClassName with version $pluginVersion via init script")
+    def logLevel = Boolean.parseBoolean(getInputParam(gradle, 'develocity-injection.debug')) ? LogLevel.LIFECYCLE : LogLevel.INFO
+    logger.log(logLevel, "Applying $pluginClassName with version $pluginVersion via init script")
 
     def externallyApplied = 'develocity.externally-applied'
     def externallyAppliedDeprecated = 'gradle.enterprise.externally-applied'

sources/src/wrapper-validation/cache.ts

@@ -1,6 +1,7 @@
 import fs from 'fs'
 import path from 'path'
 import {ACTION_METADATA_DIR} from '../configuration'
+import * as core from '@actions/core'
 
 export class ChecksumCache {
     private readonly cacheFile: string
@@ -12,7 +13,11 @@ export class ChecksumCache {
     load(): string[] {
         // Load previously validated checksums saved in Gradle User Home
         if (fs.existsSync(this.cacheFile)) {
+            try {
                 return JSON.parse(fs.readFileSync(this.cacheFile, 'utf-8'))
+            } catch (e) {
+                core.warning(`Failed to parse checksum cache file: ${e}`)
+            }
         }
         return []
     }

sources/src/wrapper-validation/checksums.ts

@@ -1,6 +1,6 @@
-import * as httpm from 'typed-rest-client/HttpClient'
 import * as cheerio from 'cheerio'
 import * as core from '@actions/core'
+import * as httpm from '@actions/http-client'
 
 import fileWrapperChecksums from './wrapper-checksums.json'
 
@@ -69,8 +69,20 @@ async function httpGetJsonArray(url: string): Promise<unknown[]> {
 }
 
 async function httpGetText(url: string): Promise<string> {
+    const maxAttempts = 4
+    let attempts = 0
+    while (attempts < maxAttempts) {
+        try {
             const response = await httpc.get(url)
             return await response.readBody()
+        } catch (error) {
+            attempts++
+            if (attempts === maxAttempts) {
+                return new Promise((_resolve, reject) => reject(error))
+            }
+        }
+    }
+    return new Promise((_resolve, reject) => reject(new Error('Illegal state')))
 }
 
 async function addDistributionSnapshotChecksumUrls(checksumUrls: [string, string][]): Promise<void> {
@@ -80,7 +92,7 @@ async function addDistributionSnapshotChecksumUrls(checksumUrls: [string, string
 
     // // Find all links ending with '-wrapper.jar.sha256'
     const wrapperChecksumLinks = $('a[href$="-wrapper.jar.sha256"]')
-    wrapperChecksumLinks.each((index, element) => {
+    wrapperChecksumLinks.each((_index, element) => {
         const url = $(element).attr('href')!
 
         // Extract the version from the url

sources/src/wrapper-validation/wrapper-checksums.json

@@ -1,4 +1,144 @@
 [
+  {
+    "version": "9.2.0-rc-2",
+    "checksum": "423cb469ccc0ecc31f0e4e1c309976198ccb734cdcbb7029d4bda0f18f57e8d9"
+  },
+  {
+    "version": "9.2.0-rc-1",
+    "checksum": "423cb469ccc0ecc31f0e4e1c309976198ccb734cdcbb7029d4bda0f18f57e8d9"
+  },
+  {
+    "version": "9.1.0",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "9.2.0-milestone-2",
+    "checksum": "423cb469ccc0ecc31f0e4e1c309976198ccb734cdcbb7029d4bda0f18f57e8d9"
+  },
+  {
+    "version": "9.2.0-milestone-1",
+    "checksum": "423cb469ccc0ecc31f0e4e1c309976198ccb734cdcbb7029d4bda0f18f57e8d9"
+  },
+  {
+    "version": "9.1.0-rc-4",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "9.1.0-rc-3",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "9.1.0-rc-2",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "9.1.0-rc-1",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "9.0.0",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "9.0.0-rc-4",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "9.0.0-rc-3",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "9.0.0-rc-2",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "9.0.0-milestone-10",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "8.14.3",
+    "checksum": "7d3a4ac4de1c32b59bc6a4eb8ecb8e612ccd0cf1ae1e99f66902da64df296172"
+  },
+  {
+    "version": "7.6.6",
+    "checksum": "14dfa961b6704bb3decdea06502781edaa796a82e6da41cd2e1962b14fbe21a3"
+  },
+  {
+    "version": "9.0.0-rc-1",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "8.14.2",
+    "checksum": "7d3a4ac4de1c32b59bc6a4eb8ecb8e612ccd0cf1ae1e99f66902da64df296172"
+  },
+  {
+    "version": "7.6.5",
+    "checksum": "14dfa961b6704bb3decdea06502781edaa796a82e6da41cd2e1962b14fbe21a3"
+  },
+  {
+    "version": "9.0.0-milestone-9",
+    "checksum": "76805e32c009c0cf0dd5d206bddc9fb22ea42e84db904b764f3047de095493f3"
+  },
+  {
+    "version": "8.14.1",
+    "checksum": "7d3a4ac4de1c32b59bc6a4eb8ecb8e612ccd0cf1ae1e99f66902da64df296172"
+  },
+  {
+    "version": "9.0.0-milestone-8",
+    "checksum": "f98ed44dd3f067fa699b5c34661be67c7f0097ea58b0017255141a08d2eb5f87"
+  },
+  {
+    "version": "9.0-milestone-7",
+    "checksum": "f98ed44dd3f067fa699b5c34661be67c7f0097ea58b0017255141a08d2eb5f87"
+  },
+  {
+    "version": "9.0-milestone-6",
+    "checksum": "f98ed44dd3f067fa699b5c34661be67c7f0097ea58b0017255141a08d2eb5f87"
+  },
+  {
+    "version": "9.0-milestone-5",
+    "checksum": "c605ee1b011c0da3bc468735530c1d43ea3ede0fb8ce978b5479c7f688343ef5"
+  },
+  {
+    "version": "9.0-milestone-4",
+    "checksum": "c605ee1b011c0da3bc468735530c1d43ea3ede0fb8ce978b5479c7f688343ef5"
+  },
+  {
+    "version": "8.14",
+    "checksum": "7d3a4ac4de1c32b59bc6a4eb8ecb8e612ccd0cf1ae1e99f66902da64df296172"
+  },
+  {
+    "version": "8.14-rc-3",
+    "checksum": "7d3a4ac4de1c32b59bc6a4eb8ecb8e612ccd0cf1ae1e99f66902da64df296172"
+  },
+  {
+    "version": "9.0-milestone-3",
+    "checksum": "c605ee1b011c0da3bc468735530c1d43ea3ede0fb8ce978b5479c7f688343ef5"
+  },
+  {
+    "version": "8.14-rc-2",
+    "checksum": "7d3a4ac4de1c32b59bc6a4eb8ecb8e612ccd0cf1ae1e99f66902da64df296172"
+  },
+  {
+    "version": "9.0-milestone-2",
+    "checksum": "c605ee1b011c0da3bc468735530c1d43ea3ede0fb8ce978b5479c7f688343ef5"
+  },
+  {
+    "version": "9.0-milestone-1",
+    "checksum": "9687bf4e8beb2c293cfd1393cbf2854ef68f921757302116033f476289abf7b0"
+  },
+  {
+    "version": "8.14-rc-1",
+    "checksum": "7d3a4ac4de1c32b59bc6a4eb8ecb8e612ccd0cf1ae1e99f66902da64df296172"
+  },
+  {
+    "version": "8.14-milestone-8",
+    "checksum": "81a82aaea5abcc8ff68b3dfcb58b3c3c429378efd98e7433460610fecd7ae45f"
+  },
+  {
+    "version": "8.14-milestone-7",
+    "checksum": "81a82aaea5abcc8ff68b3dfcb58b3c3c429378efd98e7433460610fecd7ae45f"
+  },
   {
     "version": "8.14-milestone-5",
     "checksum": "81a82aaea5abcc8ff68b3dfcb58b3c3c429378efd98e7433460610fecd7ae45f"

sources/test/init-scripts/build.gradle

@@ -14,13 +14,15 @@ repositories {
 
 dependencies {
     testImplementation gradleTestKit()
-    testImplementation 'org.spockframework:spock-core:2.3-groovy-3.0'
-    testImplementation('org.spockframework:spock-junit4:2.3-groovy-3.0')
+    testImplementation 'org.spockframework:spock-core:2.3-groovy-4.0'
+    testImplementation('org.spockframework:spock-junit4:2.3-groovy-4.0')
 
     testImplementation ('io.ratpack:ratpack-groovy-test:1.9.0') {
         exclude group: 'org.codehaus.groovy', module: 'groovy-all'
     }
-    testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.18.2'
+    testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.20.0'
+
+    testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }
 
 test {