build(deps): update gradle/actions action to v6

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
gradle/actions	action	major	v3 → v6

---

Release Notes

gradle/actions (gradle/actions)

v6.1.0

Compare Source

New: Basic Cache Provider

A new MIT-licensed Basic Caching provider is now available as an alternative to the proprietary Enhanced Caching provided by gradle-actions-caching. Choose Basic Caching by setting cache-provider: basic on setup-gradle or dependency-submission actions.

• Built on @actions/cache -- fully open source
• Caches ~/.gradle/caches and ~/.gradle/wrapper directories
• Cache key derived from build files (*.gradle*, gradle-wrapper.properties, etc.)
• Clean cache on build file changes (no restore keys, preventing stale entry accumulation)

Limitations vs Enhanced Caching: No cache cleanup, no deduplication of cached content, cached content is fixed unless build files change.

Revamped Licensing & Distribution Documentation

• New DISTRIBUTION.md documents the licensing of each component (particularly Basic Caching vs Enhanced Caching)
• Simplified licensing notices in README, docs, and runtime log output
• Clear usage tiers: Enhanced Caching is free for public repos and in Free Preview for private repos

What's Changed

• Use a unique cache entry for wrapper-validation test by @​bigdaz in #​921
• Update Dependencies by @​bigdaz in #​922
• Update dependencies and resolve npm vulnerabilities by @​bigdaz in #​933
• Add open-source 'basic' cache provider and revamp licensing documentation by @​bigdaz in #​930
• Restructure caching documentation for basic and enhanced providers by @​bigdaz in #​934

Full Changelog: gradle/actions@v6.0.1...v6.1.0

v6.0.1

Compare Source

[!IMPORTANT]
The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post.
TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

The license changes in v6 introduced a gradle-actions-caching license notice that is printed in logs and in each job summary.

With this release, the license notice will be muted if build-scan terms have been accepted, or if a Develocity access key is provided.

What's Changed

• Bump actions used in docs by @​Goooler in #​792
• Add typing information for use by typesafegithub by @​bigdaz in #​910
• Mute license warning when terms are accepted by @​bigdaz in #​911
• Mention explicit license acceptance in notice by @​bigdaz in #​912
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to 2.21.2 in /sources/test/init-scripts in the gradle group across 1 directory by @​dependabot[bot] in #​907

Full Changelog: gradle/actions@v6.0.0...v6.0.1

v6.0.0

Compare Source

[!IMPORTANT]
The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post.
TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

• Caching functionality of 'gradle-actions' has been extracted into a separate gradle-actions-caching library, and is no longer open-source. See this blog post for more context.
• Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in gradle-actions-caching.
• Dependencies updated to address security vulnerabilities

[!IMPORTANT]

Licensing notice

The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License.
The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at https://gradle.com/legal/terms-of-use/.

The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.

Use of the `gradle-actions-caching` component is subject to a separate license, available at https://gradle.com/legal/terms-of-use/.
If you do not agree to these license terms, do not use the `gradle-actions-caching` component.

What's Changed

• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot[bot] in #​866
• Update known wrapper checksums by @​github-actions[bot] in #​868
• Dependency updates by @​bigdaz in #​876
• Update known wrapper checksums by @​github-actions[bot] in #​878
• Bump @​types/node from 25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1 directory by @​dependabot[bot] in #​877
• Bump the github-actions group across 3 directories with 3 updates by @​dependabot[bot] in #​867
• Update known wrapper checksums by @​github-actions[bot] in #​881
• Bump the npm-dependencies group in /sources with 6 updates by @​dependabot[bot] in #​879
• Bump the github-actions group across 3 directories with 5 updates by @​dependabot[bot] in #​880
• Remove configuration-cache support by @​bigdaz in #​884
• Extract caching logic into a separate gradle-actions-caching component by @​bigdaz in #​885
• Update gradle-actions-caching library to v0.3.0 by @​bot-githubaction in #​899
• Avoid windows shutdown bug by @​bigdaz in #​900
• Dependency updates by @​bigdaz in #​905
• Fix critical and high npm vulnerabilities by @​bigdaz in #​904
• Fix rendering of job-disabled message by @​bigdaz in #​909

Full Changelog: gradle/actions@v5.0.2...v6.0.0

v6

Compare Source

v5.0.2

Compare Source

Summary

This release contains no functional changes. It updates dependencies and known Gradle wrapper checksums.

What's Changed

• Update dependencies by @​bigdaz in #​851
• Bump the github-actions group across 2 directories with 3 updates by @​dependabot[bot] in #​850
• Update DV config by @​bigdaz in #​848
• Convert project to ESM and update dependencies by @​bigdaz in #​854
• Workflow fixes by @​bigdaz in #​856
• Remove superfluous text from log message by @​bigdaz in #​861
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot[bot] in #​860
• Bump the npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in #​859
• Update known wrapper checksums by @​github-actions[bot] in #​857
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.0 to 2.21.1 in /sources/test/init-scripts in the gradle group across 1 directory by @​dependabot[bot] in #​862
• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot[bot] in #​863
• Bump github/codeql-action from 4.32.3 to 4.32.4 in the github-actions group across 1 directory by @​dependabot[bot] in #​864

Full Changelog: gradle/actions@v5.0.1...v5.0.2

v5.0.1

Compare Source

What's Changed

• Bump npm code dependency versions
• Bump Gradle versions used in sample builds
• Bump dependencies versions in Gradle sample builds
• Bump GitHub actions used for build and test
• Update known wrapper checksums to include Gradle 9.2+

Full Changelog: gradle/actions@v5.0.0...v5.0.1

v5.0.0

Compare Source

What's Changed

Breaking Changes

• Upgrade to node 24 by @​amyu in #​721

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency upgrades

• Bump the github-actions group across 1 directory with 2 updates by @​dependabot[bot] in #​748

Full Changelog: gradle/actions@v4...v5.0.0

v5

Compare Source

v4.4.4

Compare Source

What's Changed

• Bump the github-actions group across 2 directories with 3 updates by @​dependabot[bot] in #​726
• Regenerating package lock by @​cdsap in #​729
• Update known wrapper checksums by @​github-actions[bot] in #​730
• Bump the github-actions group across 1 directory with 3 updates by @​dependabot[bot] in #​735
• Bump the gradle group across 3 directories with 1 update by @​dependabot[bot] in #​734
• Bump the npm-dependencies group in /sources with 4 updates by @​dependabot[bot] in #​733
• Bump references to Develocity Gradle plugin from 4.1.1 to 4.2 by @​bot-githubaction in #​736
• Handle gracefully parse errors in checksum file by @​jprinet in #​737
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/kotlin-dsl by @​bot-githubaction in #​742
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/java-toolchain by @​bot-githubaction in #​741
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/groovy-dsl by @​bot-githubaction in #​740
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/gradle-plugin by @​bot-githubaction in #​739
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /sources/test/init-scripts by @​bot-githubaction in #​738
• Update known wrapper checksums by @​github-actions[bot] in #​743
• Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by @​dependabot[bot] in #​746
• Bump the npm-dependencies group in /sources with 5 updates by @​dependabot[bot] in #​745

Full Changelog: gradle/actions@v4...v4.4.4

v4.4.3

Compare Source

What's Changed

• Adapt tests to future new Build Scan publication message by @​alextu in #​708
• Add missing Gradle version input to setup-gradle by @​jprinet in #​713
• Bump the github-actions group across 2 directories with 4 updates by @​dependabot[bot] in #​710
• Bump references to Develocity Gradle plugin from 4.1 to 4.1.1 by @​bot-githubaction in #​712
• Update known wrapper checksums by @​github-actions[bot] in #​709
• Bump the npm-dependencies group across 1 directory with 4 updates by @​dependabot[bot] in #​711
• Do not run setup-gradle post action if workflow is cancelled by @​jprinet in #​716
• Bump the github-actions group across 2 directories with 2 updates by @​dependabot[bot] in #​715
• Bump the npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in #​720
• Bump github/codeql-action from 3.29.11 to 3.30.0 in the github-actions group across 1 directory by @​dependabot[bot] in #​719
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.2 to 2.20.0 in /sources/test/init-scripts in the gradle group across 1 directory by @​dependabot[bot] in #​718
• Update known wrapper checksums by @​github-actions[bot] in #​723
• Bump the npm-dependencies group in /sources with 5 updates by @​dependabot[bot] in #​725

Full Changelog: gradle/actions@v4.4.2...v4.4.3

v4.4.2

Compare Source

This patch release updates a bunch of dependency versions

What's Changed

• Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group across 1 directory (#​703)
• Bumps the npm-dependencies group in /sources with 4 updates (#​702)
• Upgrade to gradle 9 in workflows and tests (#​704)
• Update known wrapper checksums (#​701)
• Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/gradle-plugin (#​695)
• Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/groovy-dsl (#​696)
• Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/java-toolchain (#​697)
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.1 to 2.19.2 in /sources/test/init-scripts in the gradle group across 1 directory (#​693)
• Bump github/codeql-action from 3.29.0 to 3.29.4 in the github-actions group across 1 directory (#​691)
• Bump the npm-dependencies group in /sources with 5 updates (#​692)
• Bump references to Develocity Gradle plugin from 4.0.2 to 4.1 (#​685)
• Bump the npm-dependencies group across 1 directory with 8 updates (#​684)
• Run Gradle release candidate tests with JDK 17 (#​690)
• Update Develocity npm agent to version 1.0.1 (#​687)
• Update known wrapper checksums (#​688)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/kotlin-dsl (#​683
• Bump the github-actions group across 1 directory with 3 updates (#​675)
• Bump the gradle group across 3 directories with 2 updates (#​674)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /sources/test/init-scripts (#​679)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/java-toolchain (#​682)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/groovy-dsl (#​681)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/gradle-plugin (#​680)
• Update known wrapper checksums (#​676)

Full Changelog: gradle/actions@v4.4.1...v4.4.2

v4.4.1

Compare Source

This patch release fixes a bug in Develocity Injection with a custom plugin repository.
The gradle-plugin-repository-* action parameters were not being correctly mapped to environment variables that are read by the Develocity Injection init script.

This issue has been fixed by setting the correct environment variables:

• gradle-plugin-repository-url is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_URL
• gradle-plugin-repository-username is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_USERNAME
• gradle-plugin-repository-password is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_PASSWORD

Additionally, these parameters can now be used to configure a custom plugin repository for the GitHub Dependency Graph Gradle Plugin, required for dependency submission.

What's Changed

• Dependency updates by @​bigdaz in #​667
• Fix plugin repository env vars by @​bigdaz in #​669

Full Changelog: gradle/actions@v4.4.0...v4.4.1

v4.4.0

Compare Source

This release updates 2 downstream components:

• Develocity injection has been updated to v2.0
  • Some environment variables related to Develocity injection have been renamed. All vars now being with DEVELOCITY_INJECTION_. Check the docs for more details.
• Dependency-graph plugin has been updated to v1.4.0
  • The 'detector' values included in the generated graph can now be configured via environment variables.

What's Changed

• Update develocity-injection init script to v1.3 by @​bot-githubaction in #​592
• Update develocity-injection init script to v2.0 by @​bot-githubaction in #​593
• [StepSecurity] ci: Harden GitHub Actions by @​step-security-bot in #​597
• Use v1.4.0 of dependency graph plugin by @​bigdaz in #​638

New Contributors

• @​step-security-bot made their first contribution in #​597

Full Changelog: gradle/actions@v4.3.1...v4.4.0

v4.3.1

Compare Source

This release fixes a couple of minor issues, as well as keeping dependencies up to date.

Fixed issues

• The develocity-allow-untrusted-server parameter should be honoured when fetching short-lived access tokens #​583
• Build summary may incorrectly report build success #​415

What's Changed

• Update develocity-injection init script to v1.1.1 by @​bot-githubaction in #​545
• Bump the github-actions group across 2 directories with 3 updates by @​dependabot in #​547
• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot in #​548
• Update develocity-injection init script to v1.2 by @​bot-githubaction in #​550
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot in #​552
• Bump the npm-dependencies group across 1 directory with 5 updates by @​dependabot in #​558
• Update known wrapper checksums by @​github-actions in #​560
• Bump references to Develocity Gradle plugin from 3.19.1 to 3.19.2 by @​bot-githubaction in #​561
• Catch more build failures in job summary by @​bigdaz in #​571
• Scope captured build failures by @​erichaagdev in #​574
• Ignore SSL certificate validation when fetching Develocity short-lived access token if develocity-allow-untrusted-server is enabled by @​remcomokveld in #​575
• Dependency updates by @​bigdaz in #​579
• Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by @​dependabot in #​580
• Bump the github-actions group across 2 directories with 2 updates by @​dependabot in #​582

New Contributors

• @​erichaagdev made their first contribution in #​574
• @​remcomokveld made their first contribution in #​575

Full Changelog: gradle/actions@v4.3.0...v4.3.1

v4.3.0

Compare Source

This release brings some significant improvements to cache-cleanup and dependency-submission:

• Cleanup cache entries written by newly released Gradle versions (#​436)
• Use existing Gradle wrapper distribution for cache-cleanup where possible (#​515)
• Automatically save each dependency-graph that is submitted by dependency-submission (#​519)
• Fix deprecation warnings emitted by Gradle 8.12+ when:
  • Using build-scan-publish: true or Develocity injection (#​543)
  • Using dependency-submission with an authenticated plugin repository with Gradle (#​541)
• Fix warning when using toolchain support with Gradle 7.x (#​511)

What's Changed

• Update known wrapper checksums by @​github-actions in #​493
• Fix typo in cache-reporting.ts by @​SimonMarquis in #​492
• Bump Gradle Wrappers by @​github-actions in #​499
• Bump the github-actions group across 3 directories with 7 updates by @​dependabot in #​510
• Bump the npm-dependencies group across 1 directory with 6 updates by @​dependabot in #​512
• Clean-up missing imports for tests by @​bigdaz in #​513
• Bump the npm-dependencies group in /sources with 3 updates by @​dependabot in #​521
• Add npm build scans by @​bigdaz in #​517
• Avoid env-var interpolation in toolchains.xml by @​bigdaz in #​518
• Avoid saving build-results for cache cleanup by @​bigdaz in #​520
• Save dependency graph as workflow artifact by @​bigdaz in #​522
• Update to CCUDGP 2.1 by @​bigdaz in #​524
• Bump references to Develocity Gradle plugin from 3.19 to 3.19.1 by @​bot-githubaction in #​527
• Choose best Gradle version to use for cache cleanup by @​bigdaz in #​526
• Uppercase cache-encryption-key by @​Goooler in #​528
• Attempt to use gradle wrapper for cache cleanup by @​bigdaz in #​525
• Document GRADLE_ACTIONS_SKIP_BUILD_RESULT_CAPTURE by @​bigdaz in #​529
• Update known wrapper checksums by @​github-actions in #​509
• Bump Gradle Wrappers by @​github-actions in #​535
• Bump the github-actions group across 2 directories with 2 updates by @​dependabot in #​538
• Update undici to resolve vulnerability by @​bigdaz in #​536
• Bump the npm-dependencies group across 1 directory with 2 updates by @​dependabot in #​539
• Update docs for dependency review by @​bigdaz in #​540
• Fix space assignment deprecations in init-scripts by @​bigdaz in #​542

New Contributors

• @​SimonMarquis made their first contribution in #​492

Full Changelog: gradle/actions@v4.2.2...v4.3.0

v4.2.2

Compare Source

This patch release updates a bunch of dependency versions and fixes a deprecation warning emitted with Gradle 8.12.

What's Changed

• Bump cross-spawn in /sources by @​dependabot in #​455
• Update known wrapper checksums by @​github-actions in #​462
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot in #​474
• Update @​actions/cache4.0.0 and patch by @​amyu in #​479
• Update develocity-injection init script to v1.1 by @​bot-githubaction in #​471
• Dependency updates by @​bigdaz in #​480
• Bump references to Develocity Gradle plugin from 3.18.2 to 3.19 by @​bot-githubaction in #​483
• Update known wrapper checksums by @​github-actions in #​484
• Bump the gradle group across 1 directory with 2 updates by @​dependabot in #​485
• Attempt to limit failures in wrapper-validation tests by @​bigdaz in #​490
• Update known wrapper checksums by @​github-actions in #​488
• Remove deprecation warning from init-script by @​bigdaz in #​491
• Use latest dependency-graph plugin by @​bigdaz in #​489

New Contributors

• @​sebastian-dyroff made their first contribution in #​465
• @​amyu made their first contribution in #​479

Full Changelog: gradle/actions@v4.2.1...v4.2.2

v4.2.1

Compare Source

This patch release fixes some issues with Develocity and Build Scan integration:

• Build scan links not captured in project using plugin com.gradle.enteprise:3.18.2 (#​449)
• Enabling build-scan-publish causes some Develocity injection parameters to be ignored (#​447)
• Setting develocity-ccud-plugin-version parameter is ignored (#​446)

What's Changed

• Do not fail wrapper-validation on filename with illegal characters #​438
• Bump references to Develocity Gradle plugin from 3.18.1 to 3.18.2 by @​bot-githubaction in #​441
• Bump Gradle from 8.10.2 to 8.11 in #​443
• Develocity injection fixes in #​448
• Adapt build-result-capture script for GE plugin 3.17+ in #​450
• ci: add scorecard by @​nitrocode in #​384

New Contributors

• @​nitrocode made their first contribution in #​384

Full Changelog: gradle/actions@v4.2.0...v4.2.1

v4.2.0

Compare Source

This release fixes a bug that prevents cache-cleanup from working with Gradle 8.11.
A number of improvements to cache reporting are also included.

What's Changed

• Fix cache-cleanup with Gradle 8.11 (#​430)
• Update known wrapper checksums to include Gradle 8.11 (#​424)
• Include cache save/restore times in Job Summary (#​389)
• Improve cache logging by @​bigdaz (#​392)
• Correctly handle multiline patterns for extracted entries (#​393)
• Numerous dependency updates

Full Changelog: gradle/actions@v4.1.0...v4.2.0

v4.1.0

Compare Source

This release brings some minor improvements:

• The latest release of Gradle is no longer required to perform cache-cleanup. If Gradle is found to on the PATH and the version meets minimum version requirements, then the version on PATH is used for cache-cleanup and Gradle is not downloaded.
• Fixes a bug where setting the develocity-token-expiry parameter had no effect (#​381)
• Numerous NPM dependency updates

Full Changelog: gradle/actions@v4.0.1...v4.1.0

v4.0.1

Compare Source

This patch release updates a number of dependencies, and fixes a bug that caused Gradle version '8.1' to be confused with '8.10'.

What's Changed

• Dependency-updates by @​bigdaz in #​326, #​356
• NPM dependency updates by @​dependabot in #​330, #​349
• Include Gradle 8.10 in known wrapper checksums in #​341
• Differentiate Gradle 8.1 from 8.10 when checking version by @​bigdaz in #​358

Full Changelog: gradle/actions@v4.0.0...v4.0.1

v4.0.0

Compare Source

Final release of v4.0.0 of the setup-gradle, dependency-submission and wrapper-validation actions provided under gradle/actions.
This release is available under the v4 tag.

Major changes from the v3 release

The arguments parameter has been removed

Using the action to execute Gradle via the arguments parameter was deprecated in v3 and this parameter has been removed.
See here for more details.

Cache cleanup enabled by default

After a number of fixes and improvements, this release enables cache-cleanup by default for all Jobs using the setup-gradle and dependency-submission actions.

Improvements and bugfixes related cache cleanup:

• By default, cache cleanup is not run if any Gradle build fails (#​71)
• Cache cleanup is not run after configuration-cache reuse (#​19)

This feature should help to minimize the size of entries written to the GitHub Actions cache, speeding up builds and reducing cache usage.

Wrapper validation enabled by default

In v3, the setup-gradle action was enhanced to support Gradle wrapper validation, removing the need to use a separate workflow
file with the gradle/actions/wrapper-validation action.

With this release, wrapper validation has been significantly improved, and is now enabled by default (#​12):

• The allow-snapshot-wrappers makes it possible to validate snapshot wrapper jars using setup-gradle.
• Checksums for nightly and snapshot Gradle versions are now validated (#​281).
• Valid wrapper checksums are cached in Gradle User Home, reducing the need to retrieve checksum values remotely (#​172).
• Reduce network calls in wrapper-validation for new Gradle versions: By only fetching wrapper checksums for Gradle versions that were not known when this action was released, this release reduces the likelihood that a network failure could cause failure in wrapper validation (#​171)
• Improved error message when wrapper-validation finds no wrapper jars (#​284)

Wrapper validation is important for supply-chain integrity. Enabling this feature by default will increase the coverage of wrapper
validation on projects using GitHub Actions.

New input parameters for Dependency Graph generation

Some dependency-graph inputs that could previously only be configured via environment variables now have dedicated action inputs:

• dependency-graph-report-dir: sets the location where dependency-graph reports will be generated
• dependency-graph-exclude-projects and dependency-graph-include-projects: select which Gradle projects will contribute to the generated dependency graph.
• dependency-graph-exclude-configurations and dependency-graph-include-configurations: select which Gradle configurations will contribute to the generated dependency graph.

Other improvements

• In Job summary, the action now provides an explanation when cache is set to read-only or disabled (#​255)
• When setup-gradle requests a specific Gradle version, the action will no longer download and install that version if it is already available on the PATH of the runner (#​270)
• To attempt to speed up builds, the setup-gradle and dependency-submission actions now attempt to use the D: drive for Gradle User Home if it is available (#​290)

Deprecations and breaking changes

• The gradle-home-cache-cleanup input parameter has been deprecated and replaced by cache-cleanup
• The undocumented dependency-graph: clear parameter has been removed without replacement
• The following parameters deprecated in v3 have been removed:
  • arguments
  • build-scan-terms-of-service-url and build-scan-terms-of-service-agree

Changelog

• Only fetch checksums for unknown wrapper versions by @​bigdaz in #​292
• Isolate 'dependency-submission' action from 'setup-gradle' by @​bigdaz in #​293
• Caching improvements by @​bigdaz in #​294
• Config cache cleanup by @​bigdaz in #​295
• Delete excluded paths on restore Gradle Home by @​bigdaz in #​298
• Use faster D: drive on windows for Gradle User Home and Gradle downloads by @​bigdaz in #​299
• Always set the GRADLE_USER_HOME env var by @​bigdaz in #​300
• Fix windows by @​bigdaz in #​302
• Use pre-installed Gradle when available by @​bigdaz in #​301
• Prepare for v4 release by @​bigdaz in #​303
• Include RUNNER_ARCH in cache key by @​bigdaz in #​305
• Introduce dependency graph params by @​bigdaz in #​304
• Finish enabling cache-cleanup by default by @​bigdaz in #​306
• Bump references to Develocity Gradle plugin from 3.17.5 to 3.17.6 by @​bot-githubaction in #​315
• Group cache-cleanup log messages by @​bigdaz in #​319
• Enable wrapper-validation by default in setup-gradle by @​bigdaz in #​318
• Improve error messages for min-wrapper-count by @​bigdaz in #​321

Full Changelog: gradle/actions@v3.5.0...v4.0.0

v4

Compare Source

v3.5.0

Compare Source

This release contains a major upgrade to gradle-home-cache-cleanup as well as improvements to dependency-submission.

What's Changed

• Include Gradle 8.9 in known wrapper checksums (avoiding the need to download) (#​266)
• Improvements to cache-cleanup
  • Provision latest Gradle version to use for cache-cleanup (#​33, #​271)
  • Avoid use of timestamp manipulation for cache-cleanup (#​24, #​272)
  • Cleanup artifact transforms cache in Gradle home (#​47)
  • More logging from cache-cleanup operation (#​169)
• Use latest dependency graph plugin (#​269)
  • Avoid resolving configurations that are deprecated for resolving (gradle/github-dependency-graph-gradle-plugin#129)
  • Avoid circular task dependency when build includes itself (gradle/github-dependency-graph-gradle-plugin#141)
• Automatically upload dependency graph file on submission failure (#​291)

Full Changelog: gradle/actions@v3.4.2...v3.5.0

v3.4.2

Compare Source

This patch release fixes a race condition that resulted in the DEVELOCITY_ACCESS_KEY variable not being set in the environment.

What's Changed

• Fix race condition with fetching short lived token by @​alextu in #​260

Full Changelog: gradle/actions@v3.4.1...v3.4.2

v3.4.1

Compare Source

This patch release fixes a bug introduced in v3.4.0, that prevents build scan publication to Develocity.
The bug results in the removal of the DEVELOCITY_ACCESS_KEY variable being removed, so that Gradle cannot authenticate with the Develocity server.

What's Changed

• Don't clear access key when access token cannot be obtained by @​cdsap in #​258
• Simplify requesting short-lived Develocity access tokens by @​bigdaz in #​259

Full Changelog: gradle/actions@v3.4.0...v3.4.1

v3.4.0

Compare Source

This release improves the integration with Gradle Develocity®, as well as updating a number of key dependencies.

• The new develocity-access-key input parameter allows the action to generate a short-lived access token for subsequent
  communication with Develocity. This reduces the risk of the full (long-lived) access key being compromised,
  either accidentally or by a malicious action.
• New input parameters are available

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.