simplify the gha jdk selection and enable the build cache for graalvm

.github/actions/run-gradle/action.yml

@@ -29,36 +29,23 @@ inputs:
 runs:
  using: composite
  steps:
- - name: Prepare OpenJDK
- if: inputs.java != 'GraalVM'
- shell: bash
- run: echo "JAVA_VERSION=${{ inputs.java }}" >> $GITHUB_ENV
- - name: Prepare GraalVM
- if: inputs.java == 'GraalVM'
+ - name: Prepare JDK toolchain
  shell: bash
  run: |
- echo "GRAALVM=true" >> $GITHUB_ENV
- echo "JAVA_VERSION=${{ inputs.graal }}" >> $GITHUB_ENV
- - name: Set up JDK ${{ inputs.java }}
- uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
- if: (inputs.early-access != inputs.java) && (inputs.java != 'GraalVM')
- with:
- java-version: ${{ inputs.java }}
- distribution: temurin
- - name: Set up JDK ${{ inputs.java }}
- uses: oracle-actions/setup-java@2e744f723b003fdd759727d0ff654c8717024845 # v1.4.0
- if: (inputs.early-access == inputs.java) && (inputs.java != 'GraalVM')
- with:
- release: ${{ inputs.java }}
- website: jdk.java.net
- version: latest
- - name: Set up GraalVM
- uses: graalvm/setup-graalvm@22cc13fe88ef133134b3798e128fb208df55e1f5 # v1.2.3
- if: inputs.java == 'GraalVM'
+ if [[ "${{ inputs.java }}" == "GraalVM" ]]; then
+ echo "JAVA_VENDOR='GraalVM Community'" >> $GITHUB_ENV
+ echo "JAVA_VERSION=${{ inputs.graal }}" >> $GITHUB_ENV
+ else
+ echo "JAVA_VENDOR='Eclipse Temurin'" >> $GITHUB_ENV
+ echo "JAVA_VERSION=${{ inputs.java }}" >> $GITHUB_ENV
+ fi
+ - name: Set up JDK
+ uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
  with:
- distribution: 'graalvm'
- github-token: ${{ inputs.token }}
- java-version: ${{ env.JAVA_VERSION }}
+ java-version: ${{
+ inputs.java == 'GraalVM' && 'graalvm' ||
+ (inputs.early-access == inputs.java && (inputs.java + '-ea') || inputs.java) }}
+ distribution: ${{ inputs.java == 'GraalVM' && 'graalvm' || 'temurin' }}
  - name: Prepare JDK ${{ inputs.java }}
  shell: bash
  run: |
@@ -72,7 +59,7 @@ runs:
  echo "toolchainVersion=${toolchainVersion}" >> $GITHUB_ENV
  - name: Set up JDK ${{ env.toolchainVersion }}
  id: setup-gradle-jdk
- uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+ uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
  if: inputs.java != 'GraalVM'
  with:
  java-version: ${{ env.toolchainVersion }}

.github/workflows/actionlint.yml

@@ -14,7 +14,7 @@ jobs:
  allowed-endpoints: >
  api.github.com:443
  github.com:443
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: actionlint
  uses: reviewdog/action-actionlint@12f7cb8c93ab327c99dec3a1d502c0f314978afd # v1.55.0
  env:

.github/workflows/analysis.yml

@@ -31,7 +31,7 @@ jobs:
  disable-sudo: true
  egress-policy: block
  allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Forbidden Apis
  uses: ./.github/actions/run-gradle
  with:
@@ -49,7 +49,7 @@ jobs:
  disable-sudo: true
  egress-policy: block
  allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Pmd
  uses: ./.github/actions/run-gradle
  with:
@@ -67,7 +67,7 @@ jobs:
  disable-sudo: true
  egress-policy: block
  allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Spotbugs
  uses: ./.github/actions/run-gradle
  with:

.github/workflows/benchmarks.yml

@@ -39,7 +39,7 @@ jobs:
  raw.githubusercontent.com:443
  services.gradle.org:443
  www.graalvm.org:443
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Compute JMH Benchmark
  uses: ./.github/actions/run-gradle
  with:

.github/workflows/build.yml

@@ -39,7 +39,6 @@ env:
  schemastore.org:443
  www.graalvm.org:443
  PUBLISH_JDK: 11
- EA_JDK: 24
 
 jobs:
  compile:
@@ -59,16 +58,11 @@ jobs:
  egress-policy: block
  allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
  - name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- - name: Prepare GraalVM
- if: env.JAVA_VERSION == 'GraalVM'
- shell: bash
- run: echo "GRADLE_ARGS=--no-build-cache" >> $GITHUB_ENV
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Compile
  uses: ./.github/actions/run-gradle
  with:
  java: ${{ env.JAVA_VERSION }}
- early-access: ${{ env.EA_JDK }}
  token: ${{ secrets.GITHUB_TOKEN }}
  arguments: check -x test ${{ env.GRADLE_ARGS }}
  - name: Cancel if failed
@@ -176,7 +170,7 @@ jobs:
  egress-policy: block
  allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
  - name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Run tests (${{ env.JAVA_VERSION }})
  uses: ./.github/actions/run-gradle
  with:
@@ -233,7 +227,7 @@ jobs:
  storage.googleapis.com:443
  uploader.codecov.io:443
  - name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  with:
  fetch-depth: 0
  - name: Download Tests Results
@@ -351,7 +345,7 @@ jobs:
  errorprone.info:443
  lightbend.github.io:443
  guava.dev:443
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Publish Snapshot
  uses: ./.github/actions/run-gradle
  env:

.github/workflows/codacy.yml

@@ -29,7 +29,7 @@ jobs:
  registry-1.docker.io:443
  *.blob.core.windows.net:443
  - name: Checkout code
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Run Codacy Analysis
  uses: codacy/codacy-analysis-cli-action@97bf5df3c09e75f5bcd72695998f96ebd701846e # v4.4.5
  continue-on-error: true
@@ -47,7 +47,7 @@ jobs:
  if: steps.check_files.outputs.files_exists == 'true'
  run: jq -c '.runs |= unique_by({tool, invocations, results})' < results.sarif > codacy.sarif
  - name: Upload result to GitHub Code Scanning
- uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+ uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
  if: steps.check_files.outputs.files_exists == 'true'
  continue-on-error: true
  with:

.github/workflows/codeql.yml

@@ -50,17 +50,17 @@ jobs:
  uploads.github.com:443
  services.gradle.org:443
  - name: Checkout repository
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Setup Gradle
  uses: ./.github/actions/run-gradle
  with:
  java: ${{ env.JAVA_VERSION }}
  token: ${{ secrets.GITHUB_TOKEN }}
  - name: Initialize CodeQL
- uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+ uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
  with:
  languages: java
  - name: Autobuild
- uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+ uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+ uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9

.github/workflows/dependency-check.yml

@@ -45,7 +45,7 @@ jobs:
  raw.githubusercontent.com:443
  services.gradle.org:443
  www.cisa.gov:443
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Run dependency-check
  uses: ./.github/actions/run-gradle
  continue-on-error: true
@@ -60,7 +60,7 @@ jobs:
  with:
  files: build/reports/dependency-check-report.sarif
  - name: Upload result to GitHub Code Scanning
- uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+ uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
  if: steps.check_files.outputs.files_exists == 'true'
  with:
  sarif_file: build/reports/dependency-check-report.sarif

.github/workflows/dependency-review.yml

@@ -19,7 +19,7 @@ jobs:
  api.github.com:443
  github.com:443
  - name: Checkout Repository
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Dependency Review
  uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
  with:

.github/workflows/dependency-submission-pr-submit.yml

@@ -31,9 +31,9 @@ jobs:
  repo.maven.apache.org:443
  repo1.maven.org:443
  services.gradle.org:443
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Set up JDK ${{ env.JAVA_VERSION }}
- uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+ uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
  with:
  java-version: ${{ env.JAVA_VERSION }}
  distribution: temurin

.github/workflows/dependency-submission.yml

@@ -31,9 +31,9 @@ jobs:
  repo.maven.apache.org:443
  repo1.maven.org:443
  services.gradle.org:443
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Set up JDK ${{ env.JAVA_VERSION }}
- uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+ uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
  with:
  java-version: ${{ env.JAVA_VERSION }}
  distribution: temurin

.github/workflows/devskim.yml

@@ -27,10 +27,10 @@ jobs:
  api.github.com:443
  github.com:443
  - name: Checkout code
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Run DevSkim scanner
  uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14
  - name: Upload DevSkim scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+ uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
  with:
  sarif_file: devskim-results.sarif

.github/workflows/examples.yml

@@ -32,9 +32,9 @@ jobs:
  repo1.maven.org:443
  services.gradle.org:443
  www.graalvm.org:443
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Set up JDK ${{ env.JAVA_VERSION }}
- uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+ uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
  with:
  java-version: ${{ env.JAVA_VERSION }}
  distribution: temurin

.github/workflows/gitleaks.yml

@@ -23,7 +23,7 @@ jobs:
  egress-policy: block
  allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
  - name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  with:
  fetch-depth: 0
  - name: Run gitleaks

.github/workflows/gradle-wrapper-validation.yml

@@ -17,5 +17,5 @@ jobs:
  downloads.gradle-dn.com:443
  github.com:443
  services.gradle.org:443
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - uses: gradle/actions/wrapper-validation@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0

.github/workflows/qodana.yml

@@ -55,7 +55,7 @@ jobs:
  resources.jetbrains.com:443
  services.gradle.org:443
  - name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Build
  uses: ./.github/actions/run-gradle
  with:
@@ -68,6 +68,6 @@ jobs:
  with:
  upload-result: true
  - name: Upload SARIF file for GitHub Advanced Security Dashboard
- uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+ uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
  with:
  sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json

.github/workflows/release.yml

@@ -18,7 +18,7 @@ jobs:
  with:
  disable-sudo: true
  egress-policy: audit
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Releasing
  uses: ./.github/actions/run-gradle
  env:

.github/workflows/scorecards-analysis.yml

@@ -41,7 +41,7 @@ jobs:
  tuf-repo-cdn.sigstore.dev:443
  www.bestpractices.dev:443
  - name: Checkout code
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  with:
  persist-credentials: false
  - name: Run analysis
@@ -58,6 +58,6 @@ jobs:
  path: results.sarif
  retention-days: 5
  - name: Upload to code-scanning
- uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+ uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
  with:
  sarif_file: results.sarif

.github/workflows/semgrep.yml

@@ -17,7 +17,7 @@ jobs:
  # Incompatible with Harden Runner
  image: returntocorp/semgrep
  steps:
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - run: semgrep scan --sarif --output=results.sarif
  env:
  SEMGREP_RULES: >-
@@ -34,7 +34,7 @@ jobs:
  if: steps.check_files.outputs.files_exists == 'true'
  run: jq -c '.runs[0].tool.driver.rules |= unique_by(.id)' < results.sarif > semgrep.sarif
  - name: Upload SARIF file for GitHub Advanced Security Dashboard
- uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+ uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
  if: steps.check_files.outputs.files_exists == 'true'
  continue-on-error: true
  with:

.github/workflows/snyk.yml

@@ -25,7 +25,7 @@ jobs:
  if: github.event.repository.fork == false
  steps:
  - name: Checkout repository
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Setup Gradle
  uses: ./.github/actions/run-gradle
  with:
@@ -42,7 +42,7 @@ jobs:
  with:
  files: snyk.sarif
  - name: Upload result to GitHub Code Scanning
- uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+ uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
  if: steps.check_files.outputs.files_exists == 'true'
  with:
  sarif_file: snyk.sarif

.github/workflows/spelling.yml

@@ -14,7 +14,7 @@ jobs:
  allowed-endpoints: >
  api.github.com:443
  github.com:443
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Misspell
  uses: reviewdog/action-misspell@ef8b22c1cca06c8d306fc6be302c3dab0f6ca12f # v1.23.0
  with:
@@ -32,6 +32,6 @@ jobs:
  allowed-endpoints: >
  github.com:443
  objects.githubusercontent.com:443
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
  - name: Typos
  uses: crate-ci/typos@8e6a4285bcbde632c5d79900a7779746e8b7ea3f # v1.24.6