1066 Commits

Author SHA1 Message Date
daz
a1980784de
Improve reporting for dependency-graph failure
The previous message was assuming a permissions issue, and was not
including the underlying error message in the response.
2023-12-19 14:05:20 -07:00
Daz DeBoer
f95e9c7459
Clarify dependency-graph example 2023-12-12 10:48:54 -07:00
daz
8cbcb9948b
Plugin repository URL is configurable
The repository URL used to resolve the `github-dependency-graph-gradle-plugin` is now
configurable, allowing a user to specify an internal proxy if the public portal is not available.

Specify a custom plugin repository using the `GRADLE_PLUGIN_REPOSITORY_URL` env var,
or the `gradle.plugin-repository.url` System property.

Fixes #933
v2.11.0
2023-12-11 21:15:34 -07:00
daz
a71aff6a12
Handle failure in cache-cleanup
Do not abort the remainder of the post-action on failure in cache-cleanup.
Instead, just log a warning and continue.

Fixes #858
Fixes #990
2023-12-11 20:38:28 -07:00
daz
77699bae74
Handle failure writing build-results file
Fixes #866
2023-12-11 20:18:58 -07:00
daz
dc5927259f
Merge branch 'dd/dependency-updates'
* dd/dependency-updates:
  Bumps the npm-dependencies group with 5 updates:
  Bump the github-actions group with 2 updates
  Bump from Gradle 8.4 to Gradle 8.5
2023-12-11 19:49:28 -07:00
daz
4f0075d967
Clarify docs for dedicated workflow
Fixes #976
2023-12-11 19:48:32 -07:00
daz
e1f9864a52
Bumps the npm-dependencies group with 5 updates:
| Package | From | To |
    | --- | --- | --- |
    | [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) | `29.5.8` | `29.5.11` |
    | [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `6.12.0` | `6.14.0` |
    | [eslint](https://github.com/eslint/eslint) | `8.54.0` | `8.55.0` |
    | [prettier](https://github.com/prettier/prettier) | `3.1.0` | `3.1.1` |
    | [typescript](https://github.com/Microsoft/TypeScript) | `5.3.2` | `5.3.3` |
2023-12-11 19:43:02 -07:00
dependabot[bot]
76d5a9b475
Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/setup-java](https://github.com/actions/setup-java) and [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).


Updates `actions/setup-java` from 3 to 4
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

Updates `gradle/gradle-build-action` from 2.9.0 to 2.10.0
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.9.0...v2.10.0)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-11 19:23:45 -07:00
daz
39d8c6d06e
Bump from Gradle 8.4 to Gradle 8.5 2023-12-11 18:33:39 -07:00
Kengo TODA
0280eb7de5 docs: upload build reports even when build failed
Signed-off-by: Kengo TODA <skypencil@gmail.com>
2023-11-28 04:50:00 +01:00
daz
87a9a15658
Use 1.0.0 release of dependency graph plugin v2.10.0 2023-11-27 17:46:35 +10:00
Daz DeBoer
375481748b
Document artifact-retention-days 2023-11-26 19:46:29 -07:00
daz
beff1c573c
Update dev dependencies 2023-11-27 12:28:37 +10:00
dependabot[bot]
21a3ebb55f Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile
Bumps [com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary) from 2.15.3 to 2.16.0.
- [Commits](https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.15.3...jackson-dataformats-binary-2.16.0)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-smile
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-27 03:20:34 +01:00
dependabot[bot]
a5be560235 Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) and [actions/github-script](https://github.com/actions/github-script).


Updates `gradle/gradle-build-action` from 2.8.1 to 2.9.0
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.8.1...v2.9.0)

Updates `actions/github-script` from 6 to 7
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v6...v7)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-27 03:20:09 +01:00
Daz DeBoer
9bca466e27
Make artifact retention configurable
- Added a new `artifact-retention-days` input parameter to control retention of uploaded artifacts
- Artifacts retention will use repository settings if not overridden.
2023-11-09 00:06:31 -07:00
Daz DeBoer
f757bcfd86
Merge pull request #951 from gradle/dd/v2.9.1
Update dependencies
2023-11-09 06:19:22 +01:00
daz
8b6c211905
Bump to RC of github dependency graph plugin 2023-11-08 21:11:42 -08:00
daz
8db1c7621b
Build outputs 2023-11-08 21:02:15 -08:00
daz
6eaacfc06c
Update NPM dependencies 2023-11-08 21:02:15 -08:00
dependabot[bot]
750905c0ed
Bump @babel/traverse from 7.21.3 to 7.23.2
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.21.3 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-08 21:02:15 -08:00
daz
d5fbcc8361
Bump java dependency versions in tests 2023-11-08 21:02:15 -08:00
daz
0e761ca2b4
Bump to Gradle 8.4 for tests and samples 2023-11-08 21:02:15 -08:00
daz
6b7c087721
Bump version of Develocity plugins 2023-11-08 20:35:00 -08:00
Matthew Haughton
0bfe00a136 Fix typos in README
Signed-off-by: Matthew Haughton <3flex@users.noreply.github.com>
2023-10-12 21:33:54 +02:00
Daz DeBoer
62cce3c597
FIx dependency review example in README 2023-09-30 18:24:45 -06:00
Daz DeBoer
842c587ad8
Merge pull request #911 - Improve dependency review support v2.9.0 2023-10-01 02:01:56 +02:00
daz
4241e05054
Document configuration for dependency-review-action 2023-09-30 17:45:44 -06:00
daz
bfa3c0508e
Build outputs 2023-09-30 08:49:10 -06:00
daz
c3bdce8205
Warn on dependency-graph-submit failure
A common issue when submitting a dependency graph is that the required
'contents: write' permission is not set.
We now catch any dependency submission failure and inform the user to check
that the required permissions are available.
2023-09-30 08:47:10 -06:00
daz
f92e7c3428
Improve compat with dependency-review-action
When using 'download-and-submit' for dependency graphs, we now run the
submission immediately instead of waiting until the post-action.
This allows a single job to both submit the graph and run the dependency
review action.
2023-09-29 20:36:16 -06:00
daz
d1b726d8c1 Do not generate dependency graph in cache-cleanup
- Allow environment variables to be overridden by system properties in dependency-graph initscript
- Set `GITHUB_DEPENDENCY_GRAPH_ENABLED=false` when executing Gradle for cache cleanup
2023-09-29 22:55:54 +02:00
Daz DeBoer
6fcc109efa
Dependency updates (#904)
### Github Action updates

Updates `gradle/gradle-build-action` from 2.8.0 to 2.8.1

### NPM updates

Updates `@octokit/webhooks-types` from 7.3.0 to 7.3.1
- [Release notes](https://github.com/octokit/webhooks/releases)
- [Commits](https://github.com/octokit/webhooks/compare/v7.3.0...v7.3.1)

Updates `@typescript-eslint/parser` from 6.7.2 to 6.7.3
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.7.3/packages/parser)

Updates `eslint` from 8.49.0 to 8.50.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.49.0...v8.50.0)
2023-09-29 13:55:35 -06:00
Benoit Pierre
fde5b4fcde fix README.md internal references
Signed-off-by: Benoit Pierre <benoit.pierre@gmail.com>
2023-09-29 21:35:43 +02:00
daz
324fbdc804
Update to dep-graph plugin 0.4.1 2023-09-29 13:22:08 -06:00
daz
5658338fb0 Build outputs 2023-09-26 15:51:30 +02:00
daz
87ccc98a2a Use correct SHA for pull request events
In a pull request, GITHUB_SHA is set to the "last merge commit on the GITHUB_REF branch".
This isn't the correct value to use when generating a dependency graph.
This changes to use the value of `pull_request.head.sha`, which is the correct
value for a dependency graph.

Fixes #882
2023-09-26 15:51:30 +02:00
daz
4441c9f9bf Update to dep-graph plugin 0.4.0 2023-09-26 15:51:30 +02:00
Daz DeBoer
b5126f31db
Use github.getOctokit() for compat with GitHub Enterprise
Thanks @nise-nabe for the inspiration

Fixes #885
v2.8.1
2023-09-21 10:55:26 -06:00
Daz DeBoer
d8615ccc8b
Document configuration to publish to scans.gradle.com
Fixes #870
2023-09-21 10:47:51 -06:00
Daz DeBoer
444c20baf7 Test multiple dependency graphs on all os's 2023-09-21 18:22:31 +02:00
daz
aea76e1766
Dependency updates 2023-09-21 10:01:33 -06:00
daz
103e3a7ba7
Build outputs 2023-09-21 08:47:55 -06:00
dependabot[bot]
73e3fc21c7
Bump the npm-dependencies group with 12 updates
Bumps the npm-dependencies group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [@actions/artifact](https://github.com/actions/toolkit/tree/HEAD/packages/artifact) | `1.1.1` | `1.1.2` |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `1.10.0` | `1.10.1` |
| [@types/unzipper](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/unzipper) | `0.10.6` | `0.10.7` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `6.4.1` | `6.7.2` |
| [@vercel/ncc](https://github.com/vercel/ncc) | `0.36.1` | `0.38.0` |
| [eslint](https://github.com/eslint/eslint) | `8.47.0` | `8.49.0` |
| [eslint-plugin-github](https://github.com/github/eslint-plugin-github) | `4.9.2` | `4.10.0` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `27.2.3` | `27.4.0` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `29.6.3` | `29.7.0` |
| [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) | `29.5.4` | `29.5.5` |
| [prettier](https://github.com/prettier/prettier) | `3.0.2` | `3.0.3` |
| [typescript](https://github.com/Microsoft/TypeScript) | `5.1.6` | `5.2.2` |


Updates `@actions/artifact` from 1.1.1 to 1.1.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/artifact/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/artifact)

Updates `@actions/core` from 1.10.0 to 1.10.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@types/unzipper` from 0.10.6 to 0.10.7
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/unzipper)

Updates `@typescript-eslint/parser` from 6.4.1 to 6.7.2
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.7.2/packages/parser)

Updates `@vercel/ncc` from 0.36.1 to 0.38.0
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.36.1...0.38.0)

Updates `eslint` from 8.47.0 to 8.49.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.47.0...v8.49.0)

Updates `eslint-plugin-github` from 4.9.2 to 4.10.0
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v4.9.2...v4.10.0)

Updates `eslint-plugin-jest` from 27.2.3 to 27.4.0
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.2.3...v27.4.0)

Updates `jest` from 29.6.3 to 29.7.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v29.7.0/packages/jest)

Updates `@types/jest` from 29.5.4 to 29.5.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Updates `prettier` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.0.2...3.0.3)

Updates `typescript` from 5.1.6 to 5.2.2
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.1.6...v5.2.2)

---
updated-dependencies:
- dependency-name: "@actions/artifact"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@types/unzipper"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@types/jest"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-21 08:44:23 -06:00
daz
b063df05a4
Bump GE plugin versions 2023-09-21 08:41:43 -06:00
dependabot[bot]
5e3952da92 Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).


Updates `actions/checkout` from 3 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

Updates `gradle/gradle-build-action` from 2.7.1 to 2.8.0
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.7.1...v2.8.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-21 16:35:57 +02:00
Daz DeBoer
ed940a329a
Fix name of test dependency-graph workflow 2023-09-21 08:19:49 -06:00
Daz DeBoer
3bfe3a4658
Clarify documentation
Fixes #867
2023-09-04 16:09:52 -06:00
daz
8f08e41675
Use unique cache key for workflow 2023-08-28 12:40:55 -06:00