Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update gradle/gradle-build-action action to v2.11.1 #5

Merged
merged 1 commit into from
Jan 8, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 8, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
gradle/gradle-build-action action minor v2.4.2 -> v2.11.1

Release Notes

gradle/gradle-build-action (gradle/gradle-build-action)

v2.11.1

Compare Source

This patch release fixes an issue that prevented the gradle-build-action from executing with Gradle 1.12, and improves error reporting for dependency submission failures.

Changelog
  • [FIX] Poor error reporting for dependency-submission failure #​1008
  • [FIX] Error with gradle-build-action v2.11.0 and Gradle 1.12: unable to resolve class PluginManager #​1007

Full-changelog: gradle/gradle-build-action@v2.11.0...v2.11.1

v2.11.0

Compare Source

In addition to a number of dependency updates, this release:

  • Allows a custom Plugin Repository to be specified when resolving the github-dependency-graph-gradle-plugin. See the documentation for details.
  • Brings increased resilience when failures occur collecting build results or cleaning the Gradle User Home. Such failures should no longer prevent the caching of Gradle User Home or lead to build failures.
Changelog
  • [NEW] Allow a custom plugin repository to be used to resolve dependency-graph plugin #​933
  • [FIX] Cache entries and Job Summary not written on cache-cleanup failure #​990 #​858
  • [FIX] Failure to write build results file should not cause overall build to fail #​866

Full-changelog: gradle/gradle-build-action@v2.10.0...v2.11.0

v2.10.0

Compare Source

This release introduces a new artifact-retention-days parameter, which allows a user to configure how long the generated dependency-graph artifacts are retained by GitHub Actions. Adjusting the retention period can be useful to reduce storage costs associated with these dependency-graph artifacts.

See the documentation for more details.

Changelog

Full-changelog: gradle/gradle-build-action@v2.9.0...v2.10.0

v2.9.0

Compare Source

The GitHub dependency-review-action helps you understand dependency changes (and the security impact of these changes) for a pull request. This release updates the GItHub Dependency Graph support to be compatible with the dependency-review-action.

See the documentation for detailed examples.

Changelog
  • [FIX] Use correct SHA for pull-request events #​882
  • [FIX] Avoid generating dependency graph during cache cleanup #​905
  • [NEW] Improve warning on failure to submit dependency graph
  • [NEW] Compatibility with GitHub dependency-review-action #​879

Full-changelog: gradle/gradle-build-action@v2.8.1...v2.9.0

v2.8.1

Compare Source

Fixes an issue that prevented Dependency Graph submission when running on GitHub Enterprise Server.

Fixes
  • Incorrect endpoint used to submit Dependency Graph on GitHub Enterprise #​885
Changelog

v2.8.0

Compare Source

The v2.8.0 release of the gradle-build-action introduces an easy mechanism to connect to Gradle Enterprise, as well improved support for self-hosted GitHub Actions runners.

Automatic injection of Gradle Enterprise connectivity

It is now possible to connect a Gradle build to Gradle Enterprise without changing any of the Gradle project sources. This is achieved through Gradle Enterprise injection, where an init-script will apply the Gradle Enterprise plugin and associated configuration.

This feature can be useful to easily trial Gradle Enterprise on a project, or to centralize Gradle Enterprise configuration for all GitHub Actions workflows in an organization.

See Gradle Enterprise injection in the README for more info.

Restore Gradle User Home when directory already exists

Previously, the Gradle User Home would not be restored if the directory already exists. This wasn't normally an issue with GitHub-hosted runners, but limited the usefulness of the action for persistent, self-hosted runners.

This behaviour has been improved in this release:

Changes

Issues fixed: https://github.com/gradle/gradle-build-action/issues?q=milestone%3A2.8.0+is%3Aclosed
Full changelog: gradle/gradle-build-action@v2.7.1...v2.8.0

v2.7.1

Compare Source

This release contains no code changes, only dependency updates and documentation improvements.

Changelog

v2.7.0

Compare Source

GitHub Dependency Graph support

In this release, the GitHub Dependency Graph support is no longer considered "experimental", and should be considered ready for production use. You can read more about the Dependency Graph support in the README chapter.

Changes
  • Update to github-dependency-graph-gradle-plugin@v0.2.0
    • Dependency graph uses Gradle Settings file as manifest location (if Settings file exists)
  • Adds a dependency-graph-file output to any step that generates a Dependency Graph file
Changelog

v2.6.1

Compare Source

Dependency Graph support

This patch release fixes and improves a couple of aspects of the experimental Dependency Graph support:

  • The action will now generate a unique job.correlator value for each Gradle invocation within a Job. This permits multiple Gradle invocations in a single job to generate and submit a separate dependency graph.
  • Update to use github-dependency-graph-gradle-plugin@v0.1.0, which brings a number of improvements to the generated dependency graph:
    • Each Gradle build invocation is mapped to a single GitHub Dependency Graph manifest. This should result in fewer duplicate security alerts being generated.
    • Configurations that contribute to the GitHub Dependency Graph can be filtered by regular expression

v2.6.0

Compare Source

GitHub Dependency Graph support (Experimental)

This release brings experimental support for submitting a GitHub Dependency Graph snapshot via the GitHub Dependency Submission API.

The dependency graph snapshot is generated via integration with the GitHub Dependency Graph Gradle Plugin, and saved as a workflow artifact. The generated snapshot files can be submitted either in the same job, or in a subsequent job (in the same or a dependent workflow).

The generated dependency graph snapshot reports all of the dependencies that were resolved during a bulid execution, and is used by GitHub to generate Dependabot Alerts for vulnerable dependencies, as well as to populate the Dependency Graph insights view.

Check out the README chapter for more details on how this works and how to configure a workflow that submits a dependency graph.

Changelog

v2.5.1

Compare Source

Fixes a regression in v2.5.0 that resulted in failure when running a workflow that has a name containing a comma.

Fixes
  • Cache key Validation Error when workflow name contains a comma #​756
Changelog

v2.5.0

Compare Source

This minor release fixes a couple of issues that affected the action in particular scenarios, and updates all dependencies to recent versions.

Fixes
  • Parallel workflows containing jobs with the same name use the same cache key #​699
  • Build scans are not captured when GE plugin is applied within settingsEvaluated #​626

Full changelog: gradle/gradle-build-action@v2.4.2...v2.5.0


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Copy link
Contributor

github-actions bot commented Jan 8, 2024

Qodana Community for JVM

28 new problems were found

Inspection name Severity Problems
Inconsistent comment for Java parameter 🔶 Warning 6
Unstable API Usage 🔶 Warning 5
Unused symbol 🔶 Warning 2
Explicit 'get' or 'set' call ◽️ Notice 9
Return or assignment can be lifted out ◽️ Notice 4
If-Null return/break/... foldable to '?:' ◽️ Notice 1
Accessor call that can be replaced with property access syntax ◽️ Notice 1

💡 Qodana analysis was run in the pull request mode: only the changed files were checked

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

  1. Register at Qodana Cloud and configure the action
  2. Use GitHub Code Scanning with Qodana
  3. Host Qodana report at GitHub Pages
  4. Inspect and use qodana.sarif.json (see the Qodana SARIF format for details)

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/qodana-action@v2023.2.8
        with:
          upload-result: true
Contact Qodana team

Contact us at qodana-support@jetbrains.com

@develar develar merged commit 39f79c5 into main Jan 8, 2024
6 checks passed
@renovate renovate bot deleted the renovate/gradle-gradle-build-action-2.x branch January 8, 2024 08:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant