Commit 4580ec4
authored
Update gradle-actions to v6 (#488)
This PR contains the following updates:
| Package | Type | Update | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|---|---|
| [gradle/actions](https://redirect.github.com/gradle/actions) | action
| major | `v5` → `v6` |

|

|
|
[gradle:actions__setup-gradle](https://redirect.github.com/gradle/actions)
| | major | `v5` → `v6` |

|

|
---
### Release Notes
<details>
<summary>gradle/actions (gradle/actions)</summary>
###
[`v6.2.0`](https://redirect.github.com/gradle/actions/releases/tag/v6.2.0)
[Compare
Source](https://redirect.github.com/gradle/actions/compare/v6.1.1...v6.2.0)
##### Highlights
This release brings significant behaviour improvements to **Enhanced
caching**, improvements to the generated Job Summary, and a number of
correctness and security fixes.
1. **Improved cache-cleanup mechanism.** Cleanup of stale files from the
Gradle User Home is now faster, and no longer depends on Gradle or a
JVM. It works by inspecting the local file state directly, removing the
Gradle invocation from the post-build step.
2. **More granular, more stable caching.** The local build cache is
stored as a separate cache entry, so it can be restored and invalidated
independently of the main Gradle User Home entry. Transient Gradle
housekeeping files are excluded from the cache, reducing its size and
improving stability.
3. **Hide obsolete Job summaries in PR commments**: When a new Job
summary comment is added to a PR, previous outdated Job summaries are
now hidden.
4. **Improved caching report in the job summary.** The cache report now
uses a single, consistent layout across all cache states and providers.
Provider information is integrated directly into the report, and
per-entry details are available in an expandable section.
([#​985](https://redirect.github.com/gradle/actions/issues/985))
5. **Correctness and security fixes.** A unique cache key is now used
per run attempt, so re-runs no longer collide; the job summary shows the
cache key string rather than an internal id; and bundled dependencies
have been updated, including a ReDoS fix and a fast-xml CVE fix.
##### What's Changed
- Remove unnecessary dependency overrides by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​981](https://redirect.github.com/gradle/actions/pull/981)
- Scope CI-integ-test concurrency groups per-branch by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​983](https://redirect.github.com/gradle/actions/pull/983)
- Improve typings by
[@​Vampire](https://redirect.github.com/Vampire) in
[#​938](https://redirect.github.com/gradle/actions/pull/938)
- Hide obsolete Job summaries by
[@​SimonMarquis](https://redirect.github.com/SimonMarquis) in
[#​902](https://redirect.github.com/gradle/actions/pull/902)
- CI: add requireable aggregate/no-op checks for branch protection by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​984](https://redirect.github.com/gradle/actions/pull/984)
- Redesign the caching Job Summary by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​985](https://redirect.github.com/gradle/actions/pull/985)
##### New Contributors
- [@​Vampire](https://redirect.github.com/Vampire) made their
first contribution in
[#​938](https://redirect.github.com/gradle/actions/pull/938)
**Full Changelog**:
<gradle/actions@v6.1.1...v6.2.0>
###
[`v6.1.1`](https://redirect.github.com/gradle/actions/releases/tag/v6.1.1)
[Compare
Source](https://redirect.github.com/gradle/actions/compare/v6.1.0...v6.1.1)
This release updates various dependency versions, resolving several
reported security vulnerabilities.
No functional changes are included
##### What's Changed
- Bump Gradle Wrapper from 9.4.1 to 9.5.1 in /sources/test/init-scripts
by
[@​bot-githubaction](https://redirect.github.com/bot-githubaction)
in [#​961](https://redirect.github.com/gradle/actions/pull/961)
- Bump Gradle Wrapper from 9.4.1 to 9.5.1 in
/.github/workflow-samples/gradle-plugin by
[@​bot-githubaction](https://redirect.github.com/bot-githubaction)
in [#​962](https://redirect.github.com/gradle/actions/pull/962)
- Bump Gradle Wrapper from 9.4.1 to 9.5.1 in
/.github/workflow-samples/groovy-dsl by
[@​bot-githubaction](https://redirect.github.com/bot-githubaction)
in [#​963](https://redirect.github.com/gradle/actions/pull/963)
- Bump Gradle Wrapper from 9.4.1 to 9.5.1 in
/.github/workflow-samples/java-toolchain by
[@​bot-githubaction](https://redirect.github.com/bot-githubaction)
in [#​964](https://redirect.github.com/gradle/actions/pull/964)
- Bump Gradle Wrapper from 9.4.1 to 9.5.1 in
/.github/workflow-samples/kotlin-dsl by
[@​bot-githubaction](https://redirect.github.com/bot-githubaction)
in [#​965](https://redirect.github.com/gradle/actions/pull/965)
- Update known wrapper checksums by
[@​github-actions](https://redirect.github.com/github-actions)\[bot]
in [#​937](https://redirect.github.com/gradle/actions/pull/937)
- Bump the github-actions group across 2 directories with 8 updates by
[@​dependabot](https://redirect.github.com/dependabot)\[bot] in
[#​976](https://redirect.github.com/gradle/actions/pull/976)
- Bump the npm-dependencies group across 1 directory with 14 updates by
[@​dependabot](https://redirect.github.com/dependabot)\[bot] in
[#​970](https://redirect.github.com/gradle/actions/pull/970)
- Bump references to Develocity Gradle plugin from 4.4.0 to 4.4.2 by
[@​bot-githubaction](https://redirect.github.com/bot-githubaction)
in [#​973](https://redirect.github.com/gradle/actions/pull/973)
- Bump the npm-dependencies group in /sources with 5 updates by
[@​dependabot](https://redirect.github.com/dependabot)\[bot] in
[#​977](https://redirect.github.com/gradle/actions/pull/977)
- Update
[@​actions/cache](https://redirect.github.com/actions/cache) and
[@​actions/artifact](https://redirect.github.com/actions/artifact),
stop ignoring them in Dependabot by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​978](https://redirect.github.com/gradle/actions/pull/978)
- Resolve npm security vulnerabilities via dependency overrides by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​980](https://redirect.github.com/gradle/actions/pull/980)
**Full Changelog**:
<gradle/actions@v6.1.0...v6.1.1>
###
[`v6.1.0`](https://redirect.github.com/gradle/actions/releases/tag/v6.1.0)
[Compare
Source](https://redirect.github.com/gradle/actions/compare/v6.0.1...v6.1.0)
##### New: Basic Cache Provider
A new MIT-licensed **Basic Caching** provider is now available as an
alternative to the proprietary **Enhanced Caching** provided by
`gradle-actions-caching`. Choose Basic Caching by setting
`cache-provider: basic` on `setup-gradle` or `dependency-submission`
actions.
- Built on `@actions/cache` -- fully open source
- Caches `~/.gradle/caches` and `~/.gradle/wrapper` directories
- Cache key derived from build files (`*.gradle*`,
`gradle-wrapper.properties`, etc.)
- Clean cache on build file changes (no restore keys, preventing stale
entry accumulation)
**Limitations vs Enhanced Caching:** No cache cleanup, no deduplication
of cached content, cached content is fixed unless build files change.
##### Revamped Licensing & Distribution Documentation
- New **DISTRIBUTION.md** documents the licensing of each component
(particularly Basic Caching vs Enhanced Caching)
- Simplified licensing notices in README, docs, and runtime log output
- Clear usage tiers: Enhanced Caching is free for public repos and in
Free Preview for private repos
##### What's Changed
- Use a unique cache entry for wrapper-validation test by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​921](https://redirect.github.com/gradle/actions/pull/921)
- Update Dependencies by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​922](https://redirect.github.com/gradle/actions/pull/922)
- Update dependencies and resolve npm vulnerabilities by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​933](https://redirect.github.com/gradle/actions/pull/933)
- Add open-source 'basic' cache provider and revamp licensing
documentation by [@​bigdaz](https://redirect.github.com/bigdaz) in
[#​930](https://redirect.github.com/gradle/actions/pull/930)
- Restructure caching documentation for basic and enhanced providers by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​934](https://redirect.github.com/gradle/actions/pull/934)
**Full Changelog**:
<gradle/actions@v6.0.1...v6.1.0>
###
[`v6.0.1`](https://redirect.github.com/gradle/actions/releases/tag/v6.0.1)
[Compare
Source](https://redirect.github.com/gradle/actions/compare/v6...v6.0.1)
> \[!IMPORTANT]
> The release of `gradle/actions@v6` contains important changes to the
license terms. More details in [this blog
post](https://blog.gradle.org/github-actions-for-gradle-v6).
> **TL;DR**: By upgrading to v6, you accept the [Terms of
Use](https://gradle.com/legal/terms-of-use/) for the
`gradle-actions-caching` component.
##### Summary
The [license changes in
v6](https://blog.gradle.org/github-actions-for-gradle-v6) introduced a
`gradle-actions-caching` license notice that is printed in logs and in
each job summary.
With this release, the license notice will be muted if build-scan terms
have been accepted, or if a Develocity access key is provided.
##### What's Changed
- Bump actions used in docs by
[@​Goooler](https://redirect.github.com/Goooler) in
[#​792](https://redirect.github.com/gradle/actions/pull/792)
- Add typing information for use by typesafegithub by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​910](https://redirect.github.com/gradle/actions/pull/910)
- Mute license warning when terms are accepted by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​911](https://redirect.github.com/gradle/actions/pull/911)
- Mention explicit license acceptance in notice by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​912](https://redirect.github.com/gradle/actions/pull/912)
- Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from
2.21.1 to 2.21.2 in /sources/test/init-scripts in the gradle group
across 1 directory by
[@​dependabot](https://redirect.github.com/dependabot)\[bot] in
[#​907](https://redirect.github.com/gradle/actions/pull/907)
**Full Changelog**:
<gradle/actions@v6.0.0...v6.0.1>
###
[`v6.0.0`](https://redirect.github.com/gradle/actions/releases/tag/v6.0.0)
[Compare
Source](https://redirect.github.com/gradle/actions/compare/v6...v6)
> \[!IMPORTANT]
> The release of `gradle/actions@v6` contains important changes to the
license terms. More details in [this blog
post](https://blog.gradle.org/github-actions-for-gradle-v6).
> **TL;DR**: By upgrading to v6, you accept the [Terms of
Use](https://gradle.com/legal/terms-of-use/) for the
`gradle-actions-caching` component.
##### Summary
- Caching functionality of 'gradle-actions' has been extracted into a
separate `gradle-actions-caching` library, and is no longer open-source.
See [this blog
post](https://blog.gradle.org/github-actions-for-gradle-v6) for more
context.
- Existing, rudimentary, configuration-cache support has been removed,
pending a fully functional implementation in `gradle-actions-caching`.
- Dependencies updated to address security vulnerabilities
> \[!IMPORTANT]
>
> #### Licensing notice
>
> The caching functionality in \`gradle-actions\` has been extracted
into \`gradle-actions-caching\`, a proprietary commercial component that
is not covered by the MIT License.
> The bundled \`gradle-actions-caching\` component is licensed and
governed by a separate license, available at
<https://gradle.com/legal/terms-of-use/>.
>
> The \`gradle-actions-caching\` component is used only when caching is
enabled and is not loaded or used when caching is disabled.
>
> Use of the \`gradle-actions-caching\` component is subject to a
separate license, available at <https://gradle.com/legal/terms-of-use/>.
> If you do not agree to these license terms, do not use the
\`gradle-actions-caching\` component.
##### What's Changed
- Bump the npm-dependencies group in /sources with 2 updates by
[@​dependabot](https://redirect.github.com/dependabot)\[bot] in
[#​866](https://redirect.github.com/gradle/actions/pull/866)
- Update known wrapper checksums by
[@​github-actions](https://redirect.github.com/github-actions)\[bot]
in [#​868](https://redirect.github.com/gradle/actions/pull/868)
- Dependency updates by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​876](https://redirect.github.com/gradle/actions/pull/876)
- Update known wrapper checksums by
[@​github-actions](https://redirect.github.com/github-actions)\[bot]
in [#​878](https://redirect.github.com/gradle/actions/pull/878)
- Bump [@​types/node](https://redirect.github.com/types/node) from
25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1
directory by
[@​dependabot](https://redirect.github.com/dependabot)\[bot] in
[#​877](https://redirect.github.com/gradle/actions/pull/877)
- Bump the github-actions group across 3 directories with 3 updates by
[@​dependabot](https://redirect.github.com/dependabot)\[bot] in
[#​867](https://redirect.github.com/gradle/actions/pull/867)
- Update known wrapper checksums by
[@​github-actions](https://redirect.github.com/github-actions)\[bot]
in [#​881](https://redirect.github.com/gradle/actions/pull/881)
- Bump the npm-dependencies group in /sources with 6 updates by
[@​dependabot](https://redirect.github.com/dependabot)\[bot] in
[#​879](https://redirect.github.com/gradle/actions/pull/879)
- Bump the github-actions group across 3 directories with 5 updates by
[@​dependabot](https://redirect.github.com/dependabot)\[bot] in
[#​880](https://redirect.github.com/gradle/actions/pull/880)
- Remove configuration-cache support by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​884](https://redirect.github.com/gradle/actions/pull/884)
- Extract caching logic into a separate `gradle-actions-caching`
component by [@​bigdaz](https://redirect.github.com/bigdaz) in
[#​885](https://redirect.github.com/gradle/actions/pull/885)
- Update gradle-actions-caching library to v0.3.0 by
[@​bot-githubaction](https://redirect.github.com/bot-githubaction)
in [#​899](https://redirect.github.com/gradle/actions/pull/899)
- Avoid windows shutdown bug by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​900](https://redirect.github.com/gradle/actions/pull/900)
- Dependency updates by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​905](https://redirect.github.com/gradle/actions/pull/905)
- Fix critical and high npm vulnerabilities by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​904](https://redirect.github.com/gradle/actions/pull/904)
- Fix rendering of job-disabled message by
[@​bigdaz](https://redirect.github.com/bigdaz) in
[#​909](https://redirect.github.com/gradle/actions/pull/909)
**Full Changelog**:
<gradle/actions@v5.0.2...v6.0.0>
###
[`v6`](https://redirect.github.com/gradle/actions/compare/v5.0.2...v6)
[Compare
Source](https://redirect.github.com/gradle/actions/compare/v5.0.2...v6)
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- "every 1 week on saturday"
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/typesafegithub/github-actions-typing).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMzEuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIzMS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent 9e49270 commit 4580ec4
3 files changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
36 | 36 | | |
37 | 37 | | |
38 | 38 | | |
39 | | - | |
| 39 | + | |
40 | 40 | | |
41 | 41 | | |
42 | 42 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
8 | | - | |
| 8 | + | |
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
41 | 41 | | |
42 | 42 | | |
43 | 43 | | |
44 | | - | |
| 44 | + | |
45 | 45 | | |
46 | 46 | | |
47 | 47 | | |
| |||
0 commit comments