Execute your Gradle build and trigger dependency submission
MIT License
Bot releases are hidden (Show)
Published by bigdaz 10 months ago
This patch release fixes an issue that prevented the gradle-build-action
from executing with Gradle 1.12, and improves error reporting for dependency submission failures.
Full-changelog: https://github.com/gradle/gradle-build-action/compare/v2.11.0...v2.11.1
Published by bigdaz 10 months ago
In addition to a number of dependency updates, this release:
Full-changelog: https://github.com/gradle/gradle-build-action/compare/v2.10.0...v2.11.0
Published by bigdaz 11 months ago
This release introduces a new artifact-retention-days
parameter, which allows a user to configure how long the generated dependency-graph artifacts are retained by GitHub Actions. Adjusting the retention period can be useful to reduce storage costs associated with these dependency-graph artifacts.
See the documentation for more details.
artifact-retention-days
configuration parameter #903v1.0.0
of the github-dependency-graph-gradle-plugin
@babel/traverse
to address reported security vulnerability
Full-changelog: https://github.com/gradle/gradle-build-action/compare/v2.9.0...v2.10.0
Published by bigdaz about 1 year ago
The GitHub dependency-review-action helps you
understand dependency changes (and the security impact of these changes) for a pull request.
This release updates the GItHub Dependency Graph support to be compatible with the dependency-review-action
.
See the documentation for detailed examples.
pull-request
events #882dependency-review-action
#879Full-changelog: https://github.com/gradle/gradle-build-action/compare/v2.8.1...v2.9.0
Published by bigdaz about 1 year ago
Fixes an issue that prevented Dependency Graph submission when running on GitHub Enterprise Server.
https://github.com/gradle/gradle-build-action/compare/v2.8.0...v2.8.1
Published by bigdaz about 1 year ago
The v2.8.0
release of the gradle-build-action
introduces an easy mechanism to connect to Gradle Enterprise, as well improved support for self-hosted GitHub Actions runners.
It is now possible to connect a Gradle build to Gradle Enterprise without changing any of the Gradle project sources. This is achieved through Gradle Enterprise injection, where an init-script will apply the Gradle Enterprise plugin and associated configuration.
This feature can be useful to easily trial Gradle Enterprise on a project, or to centralize Gradle Enterprise configuration for all GitHub Actions workflows in an organization.
See Gradle Enterprise injection in the README for more info.
Previously, the Gradle User Home would not be restored if the directory already exists. This wasn't normally an issue with GitHub-hosted runners, but limited the usefulness of the action for persistent, self-hosted runners.
This behaviour has been improved in this release:
Issues fixed: https://github.com/gradle/gradle-build-action/issues?q=milestone%3A2.8.0+is%3Aclosed
Full changelog: https://github.com/gradle/gradle-build-action/compare/v2.7.1...v2.8.0
Published by bigdaz about 1 year ago
This release contains no code changes, only dependency updates and documentation improvements.
https://github.com/gradle/gradle-build-action/compare/v2.7.0...v2.7.1
Published by bigdaz about 1 year ago
In this release, the GitHub Dependency Graph support is no longer considered "experimental", and should be considered ready for production use. You can read more about the Dependency Graph support in the README chapter.
[email protected]
dependency-graph-file
output to any step that generates a Dependency Graph filehttps://github.com/gradle/gradle-build-action/compare/v2.6.1...v2.7.0
Published by bigdaz over 1 year ago
This patch release fixes and improves a couple of aspects of the experimental Dependency Graph support:
job.correlator
value for each Gradle invocation within a Job. This permits multiple Gradle invocations in a single job to generate and submit a separate dependency graph.[email protected]
, which brings a number of improvements to the generated dependency graph:
Published by bigdaz over 1 year ago
This release brings experimental support for submitting a GitHub Dependency Graph snapshot via the GitHub Dependency Submission API.
The dependency graph snapshot is generated via integration with the GitHub Dependency Graph Gradle Plugin, and saved as a workflow artifact. The generated snapshot files can be submitted either in the same job, or in a subsequent job (in the same or a dependent workflow).
The generated dependency graph snapshot reports all of the dependencies that were resolved during a bulid execution, and is used by GitHub to generate Dependabot Alerts for vulnerable dependencies, as well as to populate the Dependency Graph insights view.
Check out the README chapter for more details on how this works and how to configure a workflow that submits a dependency graph.
https://github.com/gradle/gradle-build-action/compare/v2.5.1...v2.6.0
Published by bigdaz over 1 year ago
Fixes a regression in v2.5.0 that resulted in failure when running a workflow that has a name containing a comma.
https://github.com/gradle/gradle-build-action/compare/v2.5.0...v2.5.1
Published by bigdaz over 1 year ago
This minor release fixes a couple of issues that affected the action in particular scenarios, and updates all dependencies to recent versions.
settingsEvaluated
#626Full changelog: https://github.com/gradle/gradle-build-action/compare/v2.4.2...v2.5.0
Published by bigdaz over 1 year ago
This release disables the save/restore of configuration-cache data, since this functionality has been shown to be problematic.
Gradle 8.1 has made changes to this functionality which will require a more comprehensive rework of the action before we can re-enable this.
Published by bigdaz over 1 year ago
This patch release updates a number of dependencies, including xmljs
which was reported to have a security vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-0842).
There is no evidence that this vulnerability affected the gradle-build-action
.
Full changelog: https://github.com/gradle/gradle-build-action/compare/v2.4.0...v2.4.1
Published by bigdaz over 1 year ago
The v.2.4.0
release contains various library updates and fixes to fully support Gradle 8.
Notable changes:
@actions/cache: 3.1.3
should improve cache save/restore performance on Windows by using gnu tar and zstd when available.Full Changelog: https://github.com/gradle/gradle-build-action/compare/v2.3.3...v2.4.0
Published by bigdaz almost 2 years ago
This patch release removes all uses of the deprecated set-output
and set-state
commands, and should remove deprecation warnings from build logs. See #461 and #477 for more details.
Full Changelog: https://github.com/gradle/gradle-build-action/compare/v2.3.2...v2.3.3
Published by bigdaz about 2 years ago
This patch release fixes an issue which could result in errors in the post-action step. See #441 for details.
Full Changelog: https://github.com/gradle/gradle-build-action/compare/v2.3.1...v2.3.2
Published by bigdaz about 2 years ago
This patch release addresses some security vulnerabilities reported by the CodeQL check:
sourcemap-register.js
: this triggered Incorrect suffix check
@azure/logger
library to avoid logging an environment variable value: this triggered Clear-text logging of sensitive information
The release contains no functional changes.
Full Changelog: https://github.com/gradle/gradle-build-action/compare/v2.3.0...v2.3.1
Published by bigdaz about 2 years ago
With v2.3.0
, the gradle-build-action
can now attempt to remove any unused files from the Gradle User Home directory before storing to the GitHub Actions cache. This can prevent cases where the size of cache entry grows over time.
Gradle Home cache cleanup is disabled by default. You can enable this feature for the action as follows:
gradle-home-cache-cleanup: true
See the README for more details.
Full Changelog: https://github.com/gradle/gradle-build-action/compare/v2.2.5...v2.3.0
Published by bigdaz about 2 years ago
Introduces experimental support for removing unused files from Gradle User Home prior to caching.