Handling Maven GitLab dependencies made easy. Define multiple tokens and selectively apply them to repositories, remove the need for repeating Credential handling blocks for different environments.
Eclipse Public License 2.0
13
stars
1
forks
source link
Update eskatos/gradle-command-action action to v2.10.0 #57
eskatos/gradle-command-action (eskatos/gradle-command-action)
### [`v2.10.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.10.0)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.9.0...v2.10.0)
This release introduces a new `artifact-retention-days` parameter, which allows a user to configure how long the generated dependency-graph artifacts are retained by GitHub Actions. Adjusting the retention period can be useful to reduce storage costs associated with these dependency-graph artifacts.
See [the documentation](https://togithub.com/gradle/gradle-build-action/tree/v2.10.0#reducing-storage-costs-for-saved-dependency-graph-artifacts) for more details.
##### Changelog
- \[NEW] Add `artifact-retention-days` configuration parameter [#903](https://togithub.com/eskatos/gradle-command-action/issues/903)
- \[FIX] Update to `v1.0.0` of the [github-dependency-graph-gradle-plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin)
- \[FIX] Update `@babel/traverse` to address [reported security vulnerability](https://togithub.com/gradle/gradle-build-action/security/dependabot/18)
**Full-changelog**: https://github.com/gradle/gradle-build-action/compare/v2.9.0...v2.10.0
### [`v2.9.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.9.0)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.8.1...v2.9.0)
The GitHub [dependency-review-action](https://togithub.com/actions/dependency-review-action) helps you understand dependency changes (and the security impact of these changes) for a pull request. This release updates the GItHub Dependency Graph support to be compatible with the `dependency-review-action`.
See [the documentation](https://togithub.com/gradle/gradle-build-action#integrating-the-dependency-review-action) for detailed examples.
##### Changelog
- \[FIX] Use correct SHA for `pull-request` events [#882](https://togithub.com/eskatos/gradle-command-action/issues/882)
- \[FIX] Avoid generating dependency graph during cache cleanup [#905](https://togithub.com/eskatos/gradle-command-action/issues/905)
- \[NEW] Improve warning on failure to submit dependency graph
- \[NEW] Compatibility with GitHub `dependency-review-action` [#879](https://togithub.com/eskatos/gradle-command-action/issues/879)
**Full-changelog**: https://github.com/gradle/gradle-build-action/compare/v2.8.1...v2.9.0
### [`v2.8.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.8.1)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.8.0...v2.8.1)
Fixes an issue that prevented Dependency Graph submission when running on GitHub Enterprise Server.
##### Fixes
- Incorrect endpoint used to submit Dependency Graph on GitHub Enterprise [#885](https://togithub.com/eskatos/gradle-command-action/issues/885)
##### Changelog
### [`v2.8.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.8.0)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.7.1...v2.8.0)
The `v2.8.0` release of the `gradle-build-action` introduces an easy mechanism to connect to Gradle Enterprise, as well improved support for self-hosted GitHub Actions runners.
##### Automatic injection of Gradle Enterprise connectivity
It is now possible to connect a Gradle build to Gradle Enterprise without changing any of the Gradle project sources. This is achieved through Gradle Enterprise injection, where an init-script will apply the Gradle Enterprise plugin and associated configuration.
This feature can be useful to easily trial Gradle Enterprise on a project, or to centralize Gradle Enterprise configuration for all GitHub Actions workflows in an organization.
See [Gradle Enterprise injection in the README](https://togithub.com/gradle/gradle-build-action/blob/v2.8.0/README.md#gradle-enterprise-plugin-injection) for more info.
##### Restore Gradle User Home when directory already exists
Previously, the Gradle User Home would not be restored if the directory already exists. This wasn't normally an issue with GitHub-hosted runners, but limited the usefulness of the action for persistent, self-hosted runners.
This behaviour has been improved in this release:
- The Job Summary now includes a useful error message when Gradle User Home was not restored because the directory already exists.
- The action can now be configured to restore the Gradle User Home when the directory already exists, overwriting existing content with content from the GitHub Actions cache. See https://github.com/gradle/gradle-build-action#overwriting-an-existing-gradle-user-home for more details.
##### Changes
**Issues fixed**: https://github.com/gradle/gradle-build-action/issues?q=milestone%3A2.8.0+is%3Aclosed
**Full changelog**: https://github.com/gradle/gradle-build-action/compare/v2.7.1...v2.8.0
### [`v2.7.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.7.1)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.7.0...v2.7.1)
This release contains no code changes, only dependency updates and documentation improvements.
##### Changelog
### [`v2.7.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.7.0)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.6.1...v2.7.0)
#### GitHub Dependency Graph support
In this release, the GitHub Dependency Graph support is no longer considered "experimental", and should be considered ready for production use. You can read more about the Dependency Graph support in [the README chapter](https://togithub.com/gradle/gradle-build-action#github-dependency-graph-support).
##### Changes
- Update to [`github-dependency-graph-gradle-plugin@v0.2.0`](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin/0.2.0)
- Dependency graph uses Gradle Settings file as manifest location (if Settings file exists)
- Adds a `dependency-graph-file` output to any step that generates a Dependency Graph file
##### Changelog
### [`v2.6.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.6.1)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.6.0...v2.6.1)
##### Dependency Graph support
This patch release fixes and improves a couple of aspects of the experimental Dependency Graph support:
- The action will now generate a unique `job.correlator` value for each Gradle invocation within a Job. This permits multiple Gradle invocations in a single job to generate and submit a separate dependency graph.
- Update to use [`github-dependency-graph-gradle-plugin@v0.1.0`](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin), which brings a number of improvements to the generated dependency graph:
- Each Gradle build invocation is mapped to a single GitHub Dependency Graph manifest. This should result in fewer duplicate security alerts being generated.
- Configurations that contribute to the GitHub Dependency Graph can be filtered by regular expression
### [`v2.6.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.6.0)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.5.1...v2.6.0)
##### GitHub Dependency Graph support (Experimental)
This release brings experimental support for submitting a [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) snapshot via the [GitHub Dependency Submission API](https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28).
The dependency graph snapshot is generated via integration with the [GitHub Dependency Graph Gradle Plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin), and saved as a workflow artifact. The generated snapshot files can be submitted either in the same job, or in a subsequent job (in the same or a dependent workflow).
The generated dependency graph snapshot reports all of the dependencies that were resolved during a bulid execution, and is used by GitHub to generate [Dependabot Alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) for vulnerable dependencies, as well as to populate the [Dependency Graph insights view](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#viewing-the-dependency-graph).
Check out the README chapter for more details on how this works and how to configure a workflow that submits a dependency graph.
##### Changelog
### [`v2.5.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.5.1)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.5.0...v2.5.1)
Fixes a regression in v2.5.0 that resulted in failure when running a workflow that has a name containing a comma.
##### Fixes
- Cache key Validation Error when workflow name contains a comma [#756](https://togithub.com/eskatos/gradle-command-action/issues/756)
##### Changelog
### [`v2.5.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.5.0)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.4.2...v2.5.0)
This minor release fixes a couple of issues that affected the action in particular scenarios, and updates all dependencies to recent versions.
##### Fixes
- Parallel workflows containing jobs with the same name use the same cache key [#699](https://togithub.com/eskatos/gradle-command-action/issues/699)
- Build scans are not captured when GE plugin is applied within `settingsEvaluated` [#626](https://togithub.com/eskatos/gradle-command-action/issues/626)
**Full changelog**: https://github.com/gradle/gradle-build-action/compare/v2.4.2...v2.5.0
### [`v2.4.2`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.4.2)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.4.1...v2.4.2)
This release disables the save/restore of configuration-cache data, since this functionality has been shown to be problematic.
Gradle 8.1 has made changes to this functionality which will require a more comprehensive rework of the action before we can re-enable this.
### [`v2.4.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.4.1)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.4.0...v2.4.1)
This patch release updates a number of dependencies, including `xmljs` which was reported to have a security vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-0842).
There is no evidence that this vulnerability affected the `gradle-build-action`.
**Full changelog**: https://github.com/gradle/gradle-build-action/compare/v2.4.0...v2.4.1
### [`v2.4.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.4.0)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.3.3...v2.4.0)
#### What's new
The `v.2.4.0` release contains various library updates and fixes to fully support Gradle 8.
Notable changes:
- Update to `@actions/cache: 3.1.3` should improve cache save/restore performance on Windows by using gnu tar and zstd when available.
- Fix caching of extracted JDK toolchains for Gradle 7.6+ ([`e444647`](https://togithub.com/eskatos/gradle-command-action/commit/e4446473950007d0d0323adeed9f992824618be9))
**Full Changelog**: https://github.com/gradle/gradle-build-action/compare/v2.3.3...v2.4.0
### [`v2.3.3`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.3.3)
[Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.3.2...v2.3.3)
This patch release removes all uses of the deprecated `set-output` and `set-state` commands, and should remove deprecation warnings from build logs. See [#461](https://togithub.com/eskatos/gradle-command-action/issues/461) and [#477](https://togithub.com/eskatos/gradle-command-action/issues/477) for more details.
**Full Changelog**: https://github.com/gradle/gradle-build-action/compare/v2.3.2...v2.3.3
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v2.3.2->v2.10.0Release Notes
eskatos/gradle-command-action (eskatos/gradle-command-action)
### [`v2.10.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.10.0) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.9.0...v2.10.0) This release introduces a new `artifact-retention-days` parameter, which allows a user to configure how long the generated dependency-graph artifacts are retained by GitHub Actions. Adjusting the retention period can be useful to reduce storage costs associated with these dependency-graph artifacts. See [the documentation](https://togithub.com/gradle/gradle-build-action/tree/v2.10.0#reducing-storage-costs-for-saved-dependency-graph-artifacts) for more details. ##### Changelog - \[NEW] Add `artifact-retention-days` configuration parameter [#903](https://togithub.com/eskatos/gradle-command-action/issues/903) - \[FIX] Update to `v1.0.0` of the [github-dependency-graph-gradle-plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin) - \[FIX] Update `@babel/traverse` to address [reported security vulnerability](https://togithub.com/gradle/gradle-build-action/security/dependabot/18) **Full-changelog**: https://github.com/gradle/gradle-build-action/compare/v2.9.0...v2.10.0 ### [`v2.9.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.9.0) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.8.1...v2.9.0) The GitHub [dependency-review-action](https://togithub.com/actions/dependency-review-action) helps you understand dependency changes (and the security impact of these changes) for a pull request. This release updates the GItHub Dependency Graph support to be compatible with the `dependency-review-action`. See [the documentation](https://togithub.com/gradle/gradle-build-action#integrating-the-dependency-review-action) for detailed examples. ##### Changelog - \[FIX] Use correct SHA for `pull-request` events [#882](https://togithub.com/eskatos/gradle-command-action/issues/882) - \[FIX] Avoid generating dependency graph during cache cleanup [#905](https://togithub.com/eskatos/gradle-command-action/issues/905) - \[NEW] Improve warning on failure to submit dependency graph - \[NEW] Compatibility with GitHub `dependency-review-action` [#879](https://togithub.com/eskatos/gradle-command-action/issues/879) **Full-changelog**: https://github.com/gradle/gradle-build-action/compare/v2.8.1...v2.9.0 ### [`v2.8.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.8.1) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.8.0...v2.8.1) Fixes an issue that prevented Dependency Graph submission when running on GitHub Enterprise Server. ##### Fixes - Incorrect endpoint used to submit Dependency Graph on GitHub Enterprise [#885](https://togithub.com/eskatos/gradle-command-action/issues/885) ##### Changelog ### [`v2.8.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.8.0) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.7.1...v2.8.0) The `v2.8.0` release of the `gradle-build-action` introduces an easy mechanism to connect to Gradle Enterprise, as well improved support for self-hosted GitHub Actions runners. ##### Automatic injection of Gradle Enterprise connectivity It is now possible to connect a Gradle build to Gradle Enterprise without changing any of the Gradle project sources. This is achieved through Gradle Enterprise injection, where an init-script will apply the Gradle Enterprise plugin and associated configuration. This feature can be useful to easily trial Gradle Enterprise on a project, or to centralize Gradle Enterprise configuration for all GitHub Actions workflows in an organization. See [Gradle Enterprise injection in the README](https://togithub.com/gradle/gradle-build-action/blob/v2.8.0/README.md#gradle-enterprise-plugin-injection) for more info. ##### Restore Gradle User Home when directory already exists Previously, the Gradle User Home would not be restored if the directory already exists. This wasn't normally an issue with GitHub-hosted runners, but limited the usefulness of the action for persistent, self-hosted runners. This behaviour has been improved in this release: - The Job Summary now includes a useful error message when Gradle User Home was not restored because the directory already exists. - The action can now be configured to restore the Gradle User Home when the directory already exists, overwriting existing content with content from the GitHub Actions cache. See https://github.com/gradle/gradle-build-action#overwriting-an-existing-gradle-user-home for more details. ##### Changes **Issues fixed**: https://github.com/gradle/gradle-build-action/issues?q=milestone%3A2.8.0+is%3Aclosed **Full changelog**: https://github.com/gradle/gradle-build-action/compare/v2.7.1...v2.8.0 ### [`v2.7.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.7.1) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.7.0...v2.7.1) This release contains no code changes, only dependency updates and documentation improvements. ##### Changelog ### [`v2.7.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.7.0) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.6.1...v2.7.0) #### GitHub Dependency Graph support In this release, the GitHub Dependency Graph support is no longer considered "experimental", and should be considered ready for production use. You can read more about the Dependency Graph support in [the README chapter](https://togithub.com/gradle/gradle-build-action#github-dependency-graph-support). ##### Changes - Update to [`github-dependency-graph-gradle-plugin@v0.2.0`](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin/0.2.0) - Dependency graph uses Gradle Settings file as manifest location (if Settings file exists) - Adds a `dependency-graph-file` output to any step that generates a Dependency Graph file ##### Changelog ### [`v2.6.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.6.1) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.6.0...v2.6.1) ##### Dependency Graph support This patch release fixes and improves a couple of aspects of the experimental Dependency Graph support: - The action will now generate a unique `job.correlator` value for each Gradle invocation within a Job. This permits multiple Gradle invocations in a single job to generate and submit a separate dependency graph. - Update to use [`github-dependency-graph-gradle-plugin@v0.1.0`](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin), which brings a number of improvements to the generated dependency graph: - Each Gradle build invocation is mapped to a single GitHub Dependency Graph manifest. This should result in fewer duplicate security alerts being generated. - Configurations that contribute to the GitHub Dependency Graph can be filtered by regular expression ### [`v2.6.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.6.0) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.5.1...v2.6.0) ##### GitHub Dependency Graph support (Experimental) This release brings experimental support for submitting a [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) snapshot via the [GitHub Dependency Submission API](https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28). The dependency graph snapshot is generated via integration with the [GitHub Dependency Graph Gradle Plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin), and saved as a workflow artifact. The generated snapshot files can be submitted either in the same job, or in a subsequent job (in the same or a dependent workflow). The generated dependency graph snapshot reports all of the dependencies that were resolved during a bulid execution, and is used by GitHub to generate [Dependabot Alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) for vulnerable dependencies, as well as to populate the [Dependency Graph insights view](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#viewing-the-dependency-graph). Check out the README chapter for more details on how this works and how to configure a workflow that submits a dependency graph. ##### Changelog ### [`v2.5.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.5.1) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.5.0...v2.5.1) Fixes a regression in v2.5.0 that resulted in failure when running a workflow that has a name containing a comma. ##### Fixes - Cache key Validation Error when workflow name contains a comma [#756](https://togithub.com/eskatos/gradle-command-action/issues/756) ##### Changelog ### [`v2.5.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.5.0) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.4.2...v2.5.0) This minor release fixes a couple of issues that affected the action in particular scenarios, and updates all dependencies to recent versions. ##### Fixes - Parallel workflows containing jobs with the same name use the same cache key [#699](https://togithub.com/eskatos/gradle-command-action/issues/699) - Build scans are not captured when GE plugin is applied within `settingsEvaluated` [#626](https://togithub.com/eskatos/gradle-command-action/issues/626) **Full changelog**: https://github.com/gradle/gradle-build-action/compare/v2.4.2...v2.5.0 ### [`v2.4.2`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.4.2) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.4.1...v2.4.2) This release disables the save/restore of configuration-cache data, since this functionality has been shown to be problematic. Gradle 8.1 has made changes to this functionality which will require a more comprehensive rework of the action before we can re-enable this. ### [`v2.4.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.4.1) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.4.0...v2.4.1) This patch release updates a number of dependencies, including `xmljs` which was reported to have a security vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-0842). There is no evidence that this vulnerability affected the `gradle-build-action`. **Full changelog**: https://github.com/gradle/gradle-build-action/compare/v2.4.0...v2.4.1 ### [`v2.4.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.4.0) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.3.3...v2.4.0) #### What's new The `v.2.4.0` release contains various library updates and fixes to fully support Gradle 8. Notable changes: - Update to `@actions/cache: 3.1.3` should improve cache save/restore performance on Windows by using gnu tar and zstd when available. - Fix caching of extracted JDK toolchains for Gradle 7.6+ ([`e444647`](https://togithub.com/eskatos/gradle-command-action/commit/e4446473950007d0d0323adeed9f992824618be9)) **Full Changelog**: https://github.com/gradle/gradle-build-action/compare/v2.3.3...v2.4.0 ### [`v2.3.3`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/eskatos/gradle-command-action/compare/v2.3.2...v2.3.3) This patch release removes all uses of the deprecated `set-output` and `set-state` commands, and should remove deprecation warnings from build logs. See [#461](https://togithub.com/eskatos/gradle-command-action/issues/461) and [#477](https://togithub.com/eskatos/gradle-command-action/issues/477) for more details. **Full Changelog**: https://github.com/gradle/gradle-build-action/compare/v2.3.2...v2.3.3Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.