migrate to the new setup-gradle and dependency-submission actions (#1477

)
ben-manes · Jan 27, 2024 · 2bcb7ca · 2bcb7ca
1 parent 7bf11dd
commit 2bcb7ca
Show file tree

Hide file tree

Showing 25 changed files with 168 additions and 81 deletions.
diff --git a/.github/actions/run-gradle/action.yml b/.github/actions/run-gradle/action.yml
@@ -66,25 +66,23 @@ runs:
         distribution: temurin
     - name: Setup Gradle
       id: setup-gradle
-      uses: gradle/gradle-build-action@982da8e78c05368c70dac0351bb82647a9e9a5d2 # v2.11.1
+      uses: gradle/actions/setup-gradle@b6816cf21e7970b88479bb3c57d9cbe5cdd4b949 # v3.0.0-rc.1
       continue-on-error: true
       env:
         JAVA_HOME: ${{ steps.setup-gradle-jdk.outputs.path }}
+        ORG_GRADLE_PROJECT_org.gradle.java.installations.auto-download: 'false'
       with:
+        add-job-summary: never
         cache-read-only: false
-        generate-job-summary: false
         gradle-home-cache-cleanup: true
         gradle-home-cache-strict-match: true
-        arguments: |
-          -Porg.gradle.java.installations.auto-download=false
-          --no-scan
-          help
     - name: Backoff
       if: steps.setup-gradle.outcome == 'failure'
       shell: bash
       run: sleep 10
     - name: Run ${{ inputs.arguments }}
       env:
         JAVA_HOME: ${{ steps.setup-gradle-jdk.outputs.path }}
+        ORG_GRADLE_PROJECT_org.gradle.java.installations.auto-download: 'false'
       shell: bash
-      run: ./gradlew -Porg.gradle.java.installations.auto-download=false ${{ inputs.arguments }}
+      run: ./gradlew ${{ inputs.arguments }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -194,7 +194,7 @@ jobs:
           find . -path */jacoco/*.exec -o -path */results/*.xml
           | tar czf ${{ env.ARTIFACT_NAME }}.tar.gz --files-from -
       - name: Upload test results
-        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
         if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK)
         with:
           retention-days: 1
@@ -251,7 +251,7 @@ jobs:
           java: ${{ env.PUBLISH_JDK }}
         continue-on-error: true
       - name: Publish to Codecov
-        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
+        uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
       - name: Publish to Codacy
@@ -345,7 +345,7 @@ jobs:
       - name: Set up JDK ${{ env.PUBLISH_JDK }}
         uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
         with:
-          action: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+          action: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
           with: |
             distribution: temurin
             java-version: ${{ env.PUBLISH_JDK }}
@@ -355,11 +355,10 @@ jobs:
         uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
         timeout-minutes: 5
         with:
-          action: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 # v2.4.2
+          action: gradle/actions/setup-gradle@b6816cf21e7970b88479bb3c57d9cbe5cdd4b949 # v3.0.0-rc.1
           with: |
+            add-job-summary: never
             cache-read-only: false
-            arguments: help --no-scan
-            generate-job-summary: false
             gradle-home-cache-cleanup: true
           attempt_limit: 3
           attempt_delay: 2000

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -56,7 +56,7 @@ jobs:
         uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
         timeout-minutes: 5
         with:
-          action: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+          action: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
           with: |
             distribution: temurin
             java-version: ${{ env.JAVA_VERSION }}
@@ -66,11 +66,10 @@ jobs:
         uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
         timeout-minutes: 5
         with:
-          action: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 # v2.4.2
+          action: gradle/actions/setup-gradle@b6816cf21e7970b88479bb3c57d9cbe5cdd4b949 # v3.0.0-rc.1
           with: |
+            add-job-summary: never
             cache-read-only: false
-            arguments: help --no-scan
-            generate-job-summary: false
             gradle-home-cache-cleanup: true
           attempt_limit: 3
           attempt_delay: 2000

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -1,12 +1,13 @@
 name: Dependency Review
+permissions: read-all
 on: [pull_request]
 
-permissions:
-  contents: read
-
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
@@ -20,3 +21,8 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Dependency Review
         uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0
+        with:
+          license-check: false
+          comment-summary-in-pr: on-failure
+          retry-on-snapshot-warnings: true
+          retry-on-snapshot-warnings-timeout: 600
diff --git a/.github/workflows/dependency-submission-pr-retreive.yml b/.github/workflows/dependency-submission-pr-retreive.yml
@@ -0,0 +1,41 @@
+name: Retrieve and submit dependency graph
+permissions: read-all
+on:
+  workflow_run:
+    workflows: ['Generate and save dependency graph']
+    types: [completed]
+
+env:
+  GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+  GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
+  JAVA_VERSION: 21
+
+jobs:
+  submit-dependency-graph:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.adoptium.net:443
+            api.github.com:443
+            caffeine.gradle-enterprise.cloud:443
+            downloads.gradle.org:443
+            downloads.gradle-dn.com:443
+            github.com:443
+            jcenter.bintray.com:443
+            objects.githubusercontent.com:443
+            plugins.gradle.org:443
+            plugins-artifacts.gradle.org:443
+            repo.maven.apache.org:443
+            repo1.maven.org:443
+            services.gradle.org:443
+      - name: Retrieve and submit dependency graph
+        uses: gradle/actions/dependency-submission@b6816cf21e7970b88479bb3c57d9cbe5cdd4b949 # v3.0.0-rc.1
+        with:
+          dependency-graph-action: retrieve-and-submit
diff --git a/.github/workflows/dependency-submission-pr-submit.yml b/.github/workflows/dependency-submission-pr-submit.yml
@@ -0,0 +1,51 @@
+name: Generate and save dependency graph
+permissions: read-all
+on: [ pull_request ]
+
+env:
+  GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
+  GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
+  JAVA_VERSION: 21
+
+jobs:
+  dependency-submission:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.adoptium.net:443
+            api.github.com:443
+            caffeine.gradle-enterprise.cloud:443
+            downloads.gradle.org:443
+            downloads.gradle-dn.com:443
+            github.com:443
+            jcenter.bintray.com:443
+            objects.githubusercontent.com:443
+            plugins.gradle.org:443
+            plugins-artifacts.gradle.org:443
+            repo.maven.apache.org:443
+            repo1.maven.org:443
+            services.gradle.org:443
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Set up JDK ${{ env.JAVA_VERSION }}
+        uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
+        timeout-minutes: 5
+        with:
+          action: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
+          with: |
+            cache: gradle
+            distribution: temurin
+            java-version: ${{ env.JAVA_VERSION }}
+          attempt_limit: 3
+          attempt_delay: 2000
+      - name: Submit Dependency Graph
+        uses: gradle/actions/dependency-submission@b6816cf21e7970b88479bb3c57d9cbe5cdd4b949 # v3.0.0-rc.1
+        with:
+          cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+          dependency-graph-action: generate-and-save
diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml
@@ -1,8 +1,6 @@
 name: Dependency Submission
-on:
-  push:
-    branches: [master]
 permissions: read-all
+on: [ push ]
 
 env:
   GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
@@ -39,32 +37,14 @@ jobs:
         uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
         timeout-minutes: 5
         with:
-          action: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+          action: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
           with: |
             cache: gradle
             distribution: temurin
             java-version: ${{ env.JAVA_VERSION }}
           attempt_limit: 3
           attempt_delay: 2000
-      - name: Setup Gradle
-        uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
-        timeout-minutes: 5
-        with:
-          action: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 # v2.4.2
-          with: |
-            cache-read-only: false
-            arguments: help --no-scan
-            generate-job-summary: false
-            gradle-home-cache-cleanup: true
-          attempt_limit: 3
-          attempt_delay: 2000
       - name: Submit Dependency Graph
-        uses: mikepenz/gradle-dependency-submission@e39d996cbb20c65ff32b7129c0e2be9caefa8f7a # v1
+        uses: gradle/actions/dependency-submission@b6816cf21e7970b88479bb3c57d9cbe5cdd4b949 # v3.0.0-rc.1
         with:
-          gradle-build-module: |-
-            :simulator
-            :caffeine
-            :jcache
-            :guava
-          include-build-environment: true
-          sub-module-mode: INDIVIDUAL_DEEP
+          cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml
@@ -38,7 +38,7 @@ jobs:
         uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
         timeout-minutes: 5
         with:
-          action: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+          action: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
           with: |
             distribution: temurin
             java-version: ${{ env.JAVA_VERSION }}
@@ -48,11 +48,10 @@ jobs:
         uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
         timeout-minutes: 5
         with:
-          action: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 # v2.4.2
+          action: gradle/actions/setup-gradle@b6816cf21e7970b88479bb3c57d9cbe5cdd4b949 # v3.0.0-rc.1
           with: |
+            add-job-summary: never
             cache-read-only: false
-            arguments: help --no-scan
-            generate-job-summary: false
             gradle-home-cache-cleanup: true
             gradle-home-cache-strict-match: true
           attempt_limit: 3

diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml
@@ -60,7 +60,7 @@ jobs:
           java: ${{ env.JAVA_VERSION }}
           arguments: build -x test
       - name: Qodana - Code Inspection
-        uses: JetBrains/qodana-action@a8363b702c2d2d49a77620bcd10541686df21307 # v2023.3.0
+        uses: JetBrains/qodana-action@e42ff2d2727091337983f607598abbbce4e25f1f # v2023.3.1
         with:
           upload-result: true
       - name: Upload SARIF file for GitHub Advanced Security Dashboard

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -24,7 +24,7 @@ jobs:
         uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
         timeout-minutes: 5
         with:
-          action: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+          action: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
           with: |
             distribution: temurin
             java-version: ${{ env.JAVA_VERSION }}
@@ -34,11 +34,10 @@ jobs:
         uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
         timeout-minutes: 5
         with:
-          action: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 # v2.4.2
+          action: gradle/actions/setup-gradle@b6816cf21e7970b88479bb3c57d9cbe5cdd4b949 # v3.0.0-rc.1
           with: |
+            add-job-summary: never
             cache-read-only: false
-            arguments: help --no-scan
-            generate-job-summary: false
             gradle-home-cache-cleanup: true
           attempt_limit: 3
           attempt_delay: 2000

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
@@ -47,7 +47,7 @@ jobs:
           results_file: results.sarif
           repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
       - name: Upload artifact
-        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
         with:
           name: SARIF file
           path: results.sarif

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -14,13 +14,9 @@ jobs:
       contents: read
       security-events: write
     container:
+      # Incompatible with Harden Runner
       image: returntocorp/semgrep
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
-        with:
-          disable-sudo: true
-          egress-policy: audit
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - run: semgrep scan --sarif --output=results.sarif
         env:

diff --git a/examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml b/examples/coalescing-bulkloader-reactor/gradle/libs.versions.toml
@@ -3,7 +3,7 @@ caffeine = "3.1.8"
 junit = "5.10.1"
 reactor = "3.6.2"
 truth = "1.3.0"
-versions = "0.50.0"
+versions = "0.51.0"
 
 [libraries]
 caffeine = { module = "com.github.ben-manes.caffeine:caffeine", version.ref = "caffeine" }

diff --git a/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties b/examples/coalescing-bulkloader-reactor/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-rc-2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-rc-3-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME

diff --git a/examples/graal-native/gradle/libs.versions.toml b/examples/graal-native/gradle/libs.versions.toml
@@ -3,7 +3,7 @@ caffeine = "3.1.8"
 graal = "0.9.28"
 junit = "5.10.1"
 truth = "1.3.0"
-versions = "0.50.0"
+versions = "0.51.0"
 
 [libraries]
 caffeine = { module = "com.github.ben-manes.caffeine:caffeine", version.ref = "caffeine" }

diff --git a/examples/graal-native/gradle/wrapper/gradle-wrapper.properties b/examples/graal-native/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-rc-2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-rc-3-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME

diff --git a/examples/hibernate/gradle/libs.versions.toml b/examples/hibernate/gradle/libs.versions.toml
@@ -6,7 +6,7 @@ junit = "5.10.1"
 log4j2 = "3.0.0-beta1"
 slf4j = "2.0.7"
 truth = "1.3.0"
-versions = "0.50.0"
+versions = "0.51.0"
 
 [libraries]
 caffeine = { module = "com.github.ben-manes.caffeine:jcache", version.ref = "caffeine" }

diff --git a/examples/hibernate/gradle/wrapper/gradle-wrapper.properties b/examples/hibernate/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-rc-2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-rc-3-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME

diff --git a/examples/resilience-failsafe/gradle/libs.versions.toml b/examples/resilience-failsafe/gradle/libs.versions.toml
@@ -3,7 +3,7 @@ caffeine = "3.1.8"
 failsafe = "3.3.2"
 junit = "5.10.1"
 truth = "1.3.0"
-versions = "0.50.0"
+versions = "0.51.0"
 
 [libraries]
 caffeine = { module = "com.github.ben-manes.caffeine:caffeine", version.ref = "caffeine" }

diff --git a/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties b/examples/resilience-failsafe/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-rc-2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-rc-3-bin.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME