Remove 'experimental' from chapter title

The 'gradlePluginPortal()' convenience isn't supported in older Gradle versions.

.eslintrc.json

@@ -12,6 +12,7 @@
       "import/no-namespace": "off",
       "i18n-text/no-en": "off",
       "no-unused-vars": "off",
+      "no-shadow": "off",
       "sort-imports": "off",
       "@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }],
       "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
@@ -30,6 +31,7 @@
       "@typescript-eslint/no-misused-new": "error",
       "@typescript-eslint/no-namespace": "error", 
       "@typescript-eslint/no-non-null-assertion": "off",
+      "@typescript-eslint/no-shadow": "error",
       "@typescript-eslint/no-unnecessary-qualifier": "error",
       "@typescript-eslint/no-unnecessary-type-assertion": "error",
       "@typescript-eslint/no-useless-constructor": "error",

.github/dependabot.yml

@@ -10,12 +10,27 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    groups:
+      github-actions:
+        patterns:
+        - "*"
+
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "weekly"
     ignore:
       - dependency-name: "@types/node"
+    groups:
+      runtime-dependencies:
+        patterns:
+        - "@actions/*"
+        - "@octokit/rest"
+        - "string-argv"
+      dev-dependencies:
+        patterns:
+        - "*"
+      
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/gradle-plugin"
     registries:

.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=e111cb9948407e26351227dabce49822fb88c37ee72f1d1582a69c68af2e702f
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionSha256Sum=38f66cd6eef217b4c35855bb11ea4e9fbc53594ccccb5fb82dfd317ef8c2c5a3
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

.github/workflow-samples/gradle-plugin/gradlew

@@ -130,10 +130,13 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.

.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=e111cb9948407e26351227dabce49822fb88c37ee72f1d1582a69c68af2e702f
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionSha256Sum=38f66cd6eef217b4c35855bb11ea4e9fbc53594ccccb5fb82dfd317ef8c2c5a3
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

.github/workflow-samples/groovy-dsl/gradlew

@@ -130,10 +130,13 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.

.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=e111cb9948407e26351227dabce49822fb88c37ee72f1d1582a69c68af2e702f
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionSha256Sum=38f66cd6eef217b4c35855bb11ea4e9fbc53594ccccb5fb82dfd317ef8c2c5a3
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

.github/workflow-samples/java-toolchain/gradlew

@@ -130,10 +130,13 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.

.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=e111cb9948407e26351227dabce49822fb88c37ee72f1d1582a69c68af2e702f
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionSha256Sum=38f66cd6eef217b4c35855bb11ea4e9fbc53594ccccb5fb82dfd317ef8c2c5a3
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

.github/workflow-samples/kotlin-dsl/gradlew

@@ -130,10 +130,13 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.

.github/workflows/ci-full-check.yml

@@ -29,6 +29,11 @@ jobs:
     with:
       cache-key-prefix: ${{github.run_number}}-
 
+  dependency-graph:
+    uses: ./.github/workflows/integ-test-dependency-graph.yml
+    with:
+      cache-key-prefix: ${{github.run_number}}-
+
   execution-with-caching:
     uses: ./.github/workflows/integ-test-execution-with-caching.yml
     with:

.github/workflows/ci-init-script-check.yml

@@ -20,7 +20,7 @@ jobs:
         distribution: temurin
         java-version: 8
     - name: Setup Gradle
-      uses: gradle/gradle-build-action@v2.4.2 # Use a released version to avoid breakages
+      uses: gradle/gradle-build-action@v2.5.1 # Use a released version to avoid breakages
     - name: Run integration tests
       working-directory: test/init-scripts
       run: ./gradlew check

.github/workflows/ci-quick-check.yml

@@ -22,7 +22,7 @@ jobs:
     - name: Configure Gradle as default for unit test
       uses: ./
       with:
-        gradle-version: 8.1.1
+        gradle-version: 8.2
     - name: Run tests
       run: |
         npm install
@@ -50,6 +50,13 @@ jobs:
       runner-os: '["ubuntu-latest"]'
       download-dist: true
 
+  dependency-graph:
+    needs: build-distribution
+    uses: ./.github/workflows/integ-test-dependency-graph.yml
+    with:
+      runner-os: '["ubuntu-latest"]'
+      download-dist: true
+
   execution-with-caching:
     needs: build-distribution
     uses: ./.github/workflows/integ-test-execution-with-caching.yml

.github/workflows/integ-test-dependency-graph.yml

@@ -0,0 +1,68 @@
+name: Test execution with caching
+
+on:
+  workflow_call:
+    inputs:
+      cache-key-prefix:
+        type: string
+      runner-os:
+        type: string
+        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+      download-dist:
+        type: boolean
+        default: false
+
+env:
+  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-graph-${{ inputs.cache-key-prefix }}
+  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
+
+jobs:
+  groovy-generate:
+    strategy:
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v3
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        dependency-graph: generate
+    - name: Run gradle build
+      run: ./gradlew build
+      working-directory: .github/workflow-samples/groovy-dsl
+
+  kotlin-generate:
+    strategy:
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v3
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        dependency-graph: generate-and-submit
+    - name: Run gradle build
+      run: ./gradlew build
+      working-directory: .github/workflow-samples/kotlin-dsl
+  
+  submit:
+    needs: [groovy-generate, kotlin-generate]
+    runs-on: "ubuntu-latest"
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v3
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Submit dependency graphs
+      uses: ./
+      with:
+        dependency-graph: download-and-submit

.tool-versions

@@ -1,3 +1,3 @@
 # Configuration file for asdf version manager
 nodejs 16.18.1
-gradle 8.1.1
+gradle 8.2

LICENSE

@@ -1,7 +1,7 @@
 
 The MIT License (MIT)
 
-Copyright (c) 2018 GitHub, Inc. and contributors
+Copyright (c) 2023 Gradle Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -408,3 +408,123 @@ You can use the `gradle-build-action` on GitHub Enterprise Server, and benefit f
 - Easily run your build with different versions of Gradle
 - Save/restore of Gradle User Home (requires GHES v3.5+ : GitHub Actions cache was introduced in GHES 3.5)
 - Support for GitHub Actions Job Summary (requires GHES 3.6+ : GitHub Actions Job Summary support was introduced in GHES 3.6). In earlier versions of GHES the build-results summary and caching report will be written to the workflow log, as part of the post-action step.
+
+# GitHub Dependency Graph support
+**EXPERIMENTAL**
+
+The `gradle-build-action` has experimental support for submitting a [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) snapshot via the [GitHub Dependency Submission API](https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28).
+
+The dependency graph snapshot is generated via integration with the [GitHub Dependency Graph Gradle Plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin), and saved as a workflow artifact. The generated snapshot files can be submitted either in the same job, or in a subsequent job (in the same or a dependent workflow).
+
+The generated dependency graph snapshot reports all of the dependencies that were resolved during a bulid execution, and is used by GitHub to generate [Dependabot Alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) for vulnerable dependencies, as well as to populate the [Dependency Graph insights view](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#viewing-the-dependency-graph).
+ 
+You enable GitHub Dependency Graph support by setting the `dependency-graph` action parameter. Valid values are:
+
+|<div style="width:290px">Option</div> | Behaviour |
+| --- |---|
+| `disabled`           | Do not generate a dependency graph for any build invocations.<p>This is the default. |
+| `generate`           | Generate a dependency graph snapshot for each build invocation, saving as a workflow artifact. |
+| `generate-and-submit` | As per `generate`, but any generated dependency graph snapshots will be submitted at the end of the job. |
+| `download-and-submit` | Download any previously saved dependency graph snapshots, submitting them via the Dependency Submission API. This can be useful to collect all snapshots in a matrix of builds and submit them in one step. |
+
+- 'disabled': Do not generate a dependency graph for any build invocations. This is the default.
+- 'generate': Generate a dependency graph snapshot for each build invocation, saving as a workflow artifact.
+- 'generate-and-submit': As per 'generate', but any generated dependency graph snapshots will be submitted at the end of the job.
+- 'download-and-submit': Download any previously saved dependency graph snapshots, submitting them via the Dependency Submission API. This can be useful to collect all snapshots in a matrix of builds and submit them in one step.
+
+Dependency Graph _submission_ (but not generation) requires the `contents: write` permission, which may need to be explicitly enabled in the workflow file.
+
+Example of a simple workflow that generates and submits a dependency graph:
+```yaml
+name: Submit dependency graph
+on:
+  push:
+  
+permissions:
+  contents: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Setup Gradle to generate and submit dependency graphs
+      uses: gradle/gradle-build-action@dependency-graph
+      with:
+        dependency-graph: generate-and-submit
+    - name: Run a build, generating the dependency graph snapshot which will be submitted
+      run: ./gradlew build
+```
+
+### Running multiple builds in a single Job
+
+GitHub tracks dependency snapshots based on the `job.correlator` value that is embedded in the snapshot. When a newer snapshot for an existing correlator is submitted, the previous snapshot is replaced. Snapshots with different `job.correlator` values are additive to the overall dependency graph for the repository.
+
+The `gradle-build-action` will generate a `job.correlator` value based on the workflow name, job id and matrix values. However, if your job steps contains multiple Gradle invocations, then a unique correlator value must be assigned to each. You assign a correlator by setting the `GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR` environment variable.
+
+```yaml
+name: dependency-graph
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Setup Gradle to generate and submit dependency graphs
+      uses: gradle/gradle-build-action@dependency-graph
+      with:
+        dependency-graph: generate-and-submit
+    - name: Run first build using the default job correlator 'dependency-graph-build'
+      run: ./gradlew build
+    - name: Run second build providing a unique job correlator
+      run: ./gradlew test
+      env:
+         GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR: dependency-graph-test
+      
+```
+
+### Dependency snapshots generated for pull requests
+
+This `contents: write` permission is not available for any workflow that is triggered by a pull request submitted from a forked repository, since it would permit a malicious pull request to make repository changes. 
+
+Because of this restriction, it is not possible to `generate-and-submit` a dependency graph generated for a pull-request that comes from a repository fork. In order to do so, 2 workflows will be required:
+1. The first workflow runs directly against the pull request sources and will generate the dependency graph snapshot.
+2. The second workflow is triggered on `workflow_run` of the first workflow, and will submit the previously saved dependency snapshots.
+
+Note: when `download-and-submit` is used in a workflow triggered via [workflow_run](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run), the action will download snapshots saved in the triggering workflow.
+
+***Main workflow file***
+```yaml
+name: run-build-and-generate-dependency-snapshot
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Setup Gradle to generate and submit dependency graphs
+      uses: gradle/gradle-build-action@v2
+      with:
+        dependency-graph: generate # Only generate in this job
+    - name: Run a build, generating the dependency graph snapshot which will be submitted
+      run: ./gradlew build
+```
+
+***Dependent workflow file***
+```yaml
+name: submit-dependency-snapshot
+
+on:
+  workflow_run:
+    workflows: ['run-build-and-generate-dependency-snapshot']
+    types: [completed]
+
+jobs:
+  submit-snapshots:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Retrieve dependency graph artifact and submit
+        uses: gradle/gradle-build-action@v2
+      with:
+        dependency-graph: download-and-submit
+```
+

action.yml

@@ -58,6 +58,11 @@ inputs:
     required: false
     default: true
 
+  dependency-graph:
+    description: Specifies if a GitHub dependency snapshot should be generated for each Gradle build, and if so, how. Valid values are 'disabled' (default), 'generate', 'generate-and-submit' and 'download-and-submit'.
+    required: false
+    default: 'disabled'
+
   # EXPERIMENTAL & INTERNAL ACTION INPUTS
   # The following action properties allow fine-grained tweaking of the action caching behaviour.
   # These properties are experimental and not (yet) designed for production use, and may change without notice in a subsequent release of `gradle-build-action`.
@@ -75,6 +80,11 @@ inputs:
     required: false
     default: false
 
+  github-token:
+    description: The GitHub token used to authenticate when submitting via the Dependency Submission API.
+    default: ${{ github.token }}
+    required: false
+
 outputs:
   build-scan-url:
     description: Link to the build scan if any

actions/clear-dependency-graph/action.yml

@@ -0,0 +1,24 @@
+name: 'Clear dependency graph for a correlator'
+
+inputs:
+  job-correlator:
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+  - name: Set current timestamp as env variable
+    shell: bash
+    run: echo "NOW=$(date -Iseconds)" >> $GITHUB_ENV
+  - name: Submit empty dependency graph
+    shell: bash
+    run: |
+      curl -L \
+      -X POST \
+      -H "Accept: application/vnd.github+json" \
+      -H "Authorization: Bearer ${{ github.token }}" \
+      -H "X-GitHub-Api-Version: 2022-11-28" \
+      https://api.github.com/repos/${{ github.repository }}/dependency-graph/snapshots \
+      -d '{ "version" : 0, "job" : { "id" : "${{ github.run_id }}", "correlator" : "${{ inputs.job-correlator }} " }, "sha" : "${{ github.sha }}", "ref" : "${{ github.ref }}",  "detector" : { "name" : "GitHub Dependency Graph Gradle Plugin", "version" : "0.0.3", "url" : "https://github.com/gradle/github-dependency-graph-gradle-plugin" }, "manifests" : {}, "scanned" : "${{ env.NOW }}" }'
+  - run: echo "::notice ::Cleared dependency graph for job correlator '${{ inputs.job-correlator }}'"
+    shell: bash

actions/dependency-graph-generate/action.yml

@@ -1,19 +0,0 @@
-name: "Dependency Graph Generate"
-description: Calculates the complete dependency graph for the repository, saving it as a JSON artifact.
-
-inputs:
-  gradle-version:
-    description: Gradle version to use. If specified, this Gradle version will be downloaded, added to the PATH and used for invoking Gradle.
-    required: false
-
-  gradle-executable:
-    description: Path to the Gradle executable. If specified, this executable will be added to the PATH and used for invoking Gradle.
-    required: false
-
-  build-root-directory:
-    description: Path to the root directory of the build. Default is the root of the GitHub workspace.
-    required: false
-
-runs:
-  using: 'node16'
-  main: '../../dist/dependency-graph-generate/index.js'

actions/dependency-graph-submit/action.yml

@@ -1,12 +0,0 @@
-name: "Dependency Graph Submit"
-description: Retrieves a previously created dependency graph JSON and submits via the GitHub Dependency Submission API.
-
-inputs:
-  github-token:
-    description: The GitHub token used to authenticate when submitting via the Dependency Submission API.
-    default: ${{ github.token }}
-    required: false
-
-runs:
-  using: 'node16'
-  main: '../../dist/dependency-graph-submit/index.js'

dist/dependency-graph-generate/index.js

@@ -47457,7 +47457,7 @@ var import_plugin_paginate_rest = __nccwpck_require__(1237);
 var import_plugin_rest_endpoint_methods = __nccwpck_require__(4923);
 
 // pkg/dist-src/version.js
-var VERSION = "19.0.11";
+var VERSION = "19.0.13";
 
 // pkg/dist-src/index.js
 var Octokit = import_core.Octokit.plugin(
@@ -63723,12 +63723,16 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
 OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
 ***************************************************************************** */
-/* global global, define, System, Reflect, Promise */
+/* global global, define, Symbol, Reflect, Promise, SuppressedError */
 var __extends;
 var __assign;
 var __rest;
 var __decorate;
 var __param;
+var __esDecorate;
+var __runInitializers;
+var __propKey;
+var __setFunctionName;
 var __metadata;
 var __awaiter;
 var __generator;
@@ -63749,6 +63753,8 @@ var __classPrivateFieldGet;
 var __classPrivateFieldSet;
 var __classPrivateFieldIn;
 var __createBinding;
+var __addDisposableResource;
+var __disposeResources;
 (function (factory) {
     var root = typeof global === "object" ? global : typeof self === "object" ? self : typeof this === "object" ? this : {};
     if (typeof define === "function" && define.amd) {
@@ -63816,6 +63822,51 @@ var __createBinding;
         return function (target, key) { decorator(target, key, paramIndex); }
     };
 
+    __esDecorate = function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
+        function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
+        var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
+        var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
+        var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
+        var _, done = false;
+        for (var i = decorators.length - 1; i >= 0; i--) {
+            var context = {};
+            for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
+            for (var p in contextIn.access) context.access[p] = contextIn.access[p];
+            context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
+            var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
+            if (kind === "accessor") {
+                if (result === void 0) continue;
+                if (result === null || typeof result !== "object") throw new TypeError("Object expected");
+                if (_ = accept(result.get)) descriptor.get = _;
+                if (_ = accept(result.set)) descriptor.set = _;
+                if (_ = accept(result.init)) initializers.unshift(_);
+            }
+            else if (_ = accept(result)) {
+                if (kind === "field") initializers.unshift(_);
+                else descriptor[key] = _;
+            }
+        }
+        if (target) Object.defineProperty(target, contextIn.name, descriptor);
+        done = true;
+    };
+
+    __runInitializers = function (thisArg, initializers, value) {
+        var useValue = arguments.length > 2;
+        for (var i = 0; i < initializers.length; i++) {
+            value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+        }
+        return useValue ? value : void 0;
+    };
+
+    __propKey = function (x) {
+        return typeof x === "symbol" ? x : "".concat(x);
+    };
+
+    __setFunctionName = function (f, name, prefix) {
+        if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : "";
+        return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name });
+    };
+
     __metadata = function (metadataKey, metadataValue) {
         if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(metadataKey, metadataValue);
     };
@@ -63948,7 +63999,7 @@ var __createBinding;
     __asyncDelegator = function (o) {
         var i, p;
         return i = {}, verb("next"), verb("throw", function (e) { throw e; }), verb("return"), i[Symbol.iterator] = function () { return this; }, i;
-        function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === "return" } : f ? f(v) : v; } : f; }
+        function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: false } : f ? f(v) : v; } : f; }
     };
 
     __asyncValues = function (o) {
@@ -64000,11 +64051,62 @@ var __createBinding;
         return typeof state === "function" ? receiver === state : state.has(receiver);
     };
 
+    __addDisposableResource = function (env, value, async) {
+        if (value !== null && value !== void 0) {
+            if (typeof value !== "object") throw new TypeError("Object expected.");
+            var dispose;
+            if (async) {
+                if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined.");
+                dispose = value[Symbol.asyncDispose];
+            }
+            if (dispose === void 0) {
+                if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined.");
+                dispose = value[Symbol.dispose];
+            }
+            if (typeof dispose !== "function") throw new TypeError("Object not disposable.");
+            env.stack.push({ value: value, dispose: dispose, async: async });
+        }
+        else if (async) {
+            env.stack.push({ async: true });
+        }
+        return value;
+    };
+
+    var _SuppressedError = typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
+        var e = new Error(message);
+        return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
+    };
+
+    __disposeResources = function (env) {
+        function fail(e) {
+            env.error = env.hasError ? new _SuppressedError(e, env.error, "An error was suppressed during disposal.") : e;
+            env.hasError = true;
+        }
+        function next() {
+            while (env.stack.length) {
+                var rec = env.stack.pop();
+                try {
+                    var result = rec.dispose && rec.dispose.call(rec.value);
+                    if (rec.async) return Promise.resolve(result).then(next, function(e) { fail(e); return next(); });
+                }
+                catch (e) {
+                    fail(e);
+                }
+            }
+            if (env.hasError) throw env.error;
+        }
+        return next();
+    };
+
     exporter("__extends", __extends);
     exporter("__assign", __assign);
     exporter("__rest", __rest);
     exporter("__decorate", __decorate);
     exporter("__param", __param);
+    exporter("__esDecorate", __esDecorate);
+    exporter("__runInitializers", __runInitializers);
+    exporter("__propKey", __propKey);
+    exporter("__setFunctionName", __setFunctionName);
     exporter("__metadata", __metadata);
     exporter("__awaiter", __awaiter);
     exporter("__generator", __generator);
@@ -64025,6 +64127,8 @@ var __createBinding;
     exporter("__classPrivateFieldGet", __classPrivateFieldGet);
     exporter("__classPrivateFieldSet", __classPrivateFieldSet);
     exporter("__classPrivateFieldIn", __classPrivateFieldIn);
+    exporter("__addDisposableResource", __addDisposableResource);
+    exporter("__disposeResources", __disposeResources);
 });
 
 

dist/dependency-graph-submit/index.js

@@ -10625,7 +10625,7 @@ var import_plugin_paginate_rest = __nccwpck_require__(1237);
 var import_plugin_rest_endpoint_methods = __nccwpck_require__(4923);
 
 // pkg/dist-src/version.js
-var VERSION = "19.0.11";
+var VERSION = "19.0.13";
 
 // pkg/dist-src/index.js
 var Octokit = import_core.Octokit.plugin(

package.json

@@ -11,9 +11,7 @@
 
     "compile-main": "ncc build src/main.ts --out dist/main --source-map --no-source-map-register",
     "compile-post": "ncc build src/post.ts --out dist/post --source-map --no-source-map-register",
-    "compile-dependency-graph-generate": "ncc build src/dependency-graph-generate.ts --out dist/dependency-graph-generate --source-map --no-source-map-register",
-    "compile-dependency-graph-submit": "ncc build src/dependency-graph-submit.ts --out dist/dependency-graph-submit --source-map --no-source-map-register",
-    "compile": "npm run compile-main && npm run compile-post && npm run compile-dependency-graph-generate && npm run compile-dependency-graph-submit",
+    "compile": "npm run compile-main && npm run compile-post",
 
     "test": "jest",
     "check": "npm run format && npm run lint",
@@ -40,23 +38,23 @@
     "@actions/glob": "0.4.0",
     "@actions/http-client": "2.1.0",
     "@actions/tool-cache": "2.0.1",
-    "@octokit/rest": "19.0.11",
+    "@octokit/rest": "19.0.13",
     "string-argv": "0.3.2"
   },
   "devDependencies": {
     "@types/node": "16.11.21",
     "@types/jest": "29.5.2",
     "@types/unzipper": "0.10.6",
-    "@typescript-eslint/parser": "5.60.1",
+    "@typescript-eslint/parser": "5.61.0",
     "@vercel/ncc": "0.36.1",
-    "eslint": "8.43.0",
+    "eslint": "8.44.0",
     "eslint-plugin-github": "4.8.0",
-    "eslint-plugin-jest": "27.2.1",
-    "jest": "29.5.0",
+    "eslint-plugin-jest": "27.2.2",
+    "jest": "29.6.1",
     "js-yaml": "4.1.0", 
     "patch-package": "7.0.0",
-    "prettier": "2.8.8",
-    "ts-jest": "29.1.0",
-    "typescript": "5.1.5"
+    "prettier": "3.0.0",
+    "ts-jest": "29.1.1",
+    "typescript": "5.1.6"
   }
 }

src/cache-base.ts

@@ -172,7 +172,12 @@ export class GradleStateCache {
     }
 
     private initializeGradleUserHome(gradleUserHome: string, initScriptsDir: string): void {
-        const initScriptFilenames = ['build-result-capture.init.gradle', 'build-result-capture-service.plugin.groovy']
+        const initScriptFilenames = [
+            'build-result-capture.init.gradle',
+            'build-result-capture-service.plugin.groovy',
+            'github-dependency-graph.init.gradle',
+            'github-dependency-graph-gradle-plugin-apply.groovy'
+        ]
         for (const initScriptFilename of initScriptFilenames) {
             const initScriptContent = this.readInitScriptAsString(initScriptFilename)
             const initScriptPath = path.resolve(initScriptsDir, initScriptFilename)

src/cache-utils.ts

@@ -125,10 +125,25 @@ function getCacheKeyJobInstance(): string {
 
     // By default, we hash the full `matrix` data for the run, to uniquely identify this job invocation
     // The only way we can obtain the `matrix` data is via the `workflow-job-context` parameter in action.yml.
-    const workflowJobContext = params.getJobContext()
+    const workflowJobContext = params.getJobMatrix()
     return hashStrings([workflowJobContext])
 }
 
+export function getUniqueLabelForJobInstance(): string {
+    return getUniqueLabelForJobInstanceValues(github.context.workflow, github.context.job, params.getJobMatrix())
+}
+
+export function getUniqueLabelForJobInstanceValues(workflow: string, jobId: string, matrixJson: string): string {
+    const matrix = JSON.parse(matrixJson)
+    const matrixString = Object.values(matrix).join('-')
+    const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`
+    return sanitize(label)
+}
+
+function sanitize(value: string): string {
+    return value.replace(/[^a-zA-Z0-9_-]/g, '').toLowerCase()
+}
+
 function getCacheKeyJobExecution(): string {
     // Used to associate a cache key with a particular execution (default is bound to the git commit sha)
     return process.env[CACHE_KEY_JOB_EXECUTION_VAR] || github.context.sha

src/dependency-graph-generate.ts

@@ -1,24 +0,0 @@
-import * as core from '@actions/core'
-
-import * as provisioner from './provision'
-import * as dependencyGraph from './dependency-graph'
-
-/**
- * The main entry point for the action, called by Github Actions for the step.
- */
-export async function run(): Promise<void> {
-    try {
-        // Download and install Gradle if required
-        const executable = await provisioner.provisionGradle()
-
-        // Generate and upload dependency graph artifact
-        await dependencyGraph.generateDependencyGraph(executable)
-    } catch (error) {
-        core.setFailed(String(error))
-        if (error instanceof Error && error.stack) {
-            core.info(error.stack)
-        }
-    }
-}
-
-run()

src/dependency-graph-submit.ts

@@ -1,16 +0,0 @@
-import * as core from '@actions/core'
-import * as dependencyGraph from './dependency-graph'
-
-export async function run(): Promise<void> {
-    try {
-        // Retrieve the dependency graph artifact and submit via Dependency Submission API
-        await dependencyGraph.submitDependencyGraph()
-    } catch (error) {
-        core.setFailed(String(error))
-        if (error instanceof Error && error.stack) {
-            core.info(error.stack)
-        }
-    }
-}
-
-run()

src/dependency-graph.ts

@@ -8,59 +8,64 @@ import {Octokit} from '@octokit/rest'
 import * as path from 'path'
 import fs from 'fs'
 
-import * as execution from './execution'
 import * as layout from './repository-layout'
+import {DependencyGraphOption, getJobMatrix} from './input-params'
 
 const DEPENDENCY_GRAPH_ARTIFACT = 'dependency-graph'
-const DEPENDENCY_GRAPH_FILE = 'dependency-graph.json'
 
-export async function generateDependencyGraph(executable: string | undefined): Promise<void> {
-    const workspaceDirectory = layout.workspaceDirectory()
-    const buildRootDirectory = layout.buildRootDirectory()
-    const buildPath = getRelativePathFromWorkspace(buildRootDirectory)
+export function setup(option: DependencyGraphOption): void {
+    if (option === DependencyGraphOption.Disabled || option === DependencyGraphOption.DownloadAndSubmit) {
+        return
+    }
 
-    const initScript = path.resolve(
-        __dirname,
-        '..',
-        '..',
-        'src',
-        'resources',
-        'init-scripts',
-        'github-dependency-graph.init.gradle'
+    core.info('Enabling dependency graph generation')
+    const jobCorrelator = getJobCorrelator()
+    core.exportVariable('GITHUB_DEPENDENCY_GRAPH_ENABLED', 'true')
+    core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR', jobCorrelator)
+    core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_ID', github.context.runId)
+    core.exportVariable(
+        'GITHUB_DEPENDENCY_GRAPH_REPORT_DIR',
+        path.resolve(layout.workspaceDirectory(), 'dependency-graph-reports')
     )
-    const args = [
-        `-Dorg.gradle.github.env.GRADLE_BUILD_PATH=${buildPath}`,
-        '--init-script',
-        initScript,
-        ':GitHubDependencyGraphPlugin_generateDependencyGraph'
-    ]
+}
 
-    await execution.executeGradleBuild(executable, buildRootDirectory, args)
-    const dependencyGraphJson = copyDependencyGraphToBuildRoot(buildRootDirectory)
+export async function complete(option: DependencyGraphOption): Promise<void> {
+    switch (option) {
+        case DependencyGraphOption.Disabled:
+            return
+        case DependencyGraphOption.Generate:
+            await uploadDependencyGraphs()
+            return
+        case DependencyGraphOption.GenerateAndSubmit:
+            await submitDependencyGraphs(await uploadDependencyGraphs())
+            return
+        case DependencyGraphOption.DownloadAndSubmit:
+            await downloadAndSubmitDependencyGraphs()
+    }
+}
+
+async function uploadDependencyGraphs(): Promise<string[]> {
+    const workspaceDirectory = layout.workspaceDirectory()
+    const graphFiles = await findDependencyGraphFiles(workspaceDirectory)
+
+    const relativeGraphFiles = graphFiles.map(x => getRelativePathFromWorkspace(x))
+    core.info(`Uploading dependency graph files: ${relativeGraphFiles}`)
 
     const artifactClient = artifact.create()
-    artifactClient.uploadArtifact(DEPENDENCY_GRAPH_ARTIFACT, [dependencyGraphJson], workspaceDirectory)
+    artifactClient.uploadArtifact(DEPENDENCY_GRAPH_ARTIFACT, graphFiles, workspaceDirectory)
+
+    return graphFiles
 }
 
-function copyDependencyGraphToBuildRoot(buildRootDirectory: string): string {
-    const sourceFile = path.resolve(
-        buildRootDirectory,
-        'build',
-        'reports',
-        'github-dependency-graph-plugin',
-        'github-dependency-snapshot.json'
-    )
-
-    const destFile = path.resolve(buildRootDirectory, DEPENDENCY_GRAPH_FILE)
-    fs.copyFileSync(sourceFile, destFile)
-    return destFile
-}
-
-export async function submitDependencyGraph(): Promise<void> {
+async function downloadAndSubmitDependencyGraphs(): Promise<void> {
     const workspaceDirectory = layout.workspaceDirectory()
+    submitDependencyGraphs(await retrieveDependencyGraphs(workspaceDirectory))
+}
+
+async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<void> {
     const octokit: Octokit = getOctokit()
 
-    for (const jsonFile of await retrieveDependencyGraphs(octokit, workspaceDirectory)) {
+    for (const jsonFile of dependencyGraphFiles) {
         const jsonContent = fs.readFileSync(jsonFile, 'utf8')
 
         const jsonObject = JSON.parse(jsonContent)
@@ -69,34 +74,20 @@ export async function submitDependencyGraph(): Promise<void> {
         const response = await octokit.request('POST /repos/{owner}/{repo}/dependency-graph/snapshots', jsonObject)
 
         const relativeJsonFile = getRelativePathFromWorkspace(jsonFile)
-        core.info(`Submitted ${relativeJsonFile}: ${JSON.stringify(response)}`)
         core.notice(`Submitted ${relativeJsonFile}: ${response.data.message}`)
     }
 }
 
-async function findDependencyGraphFiles(dir: string): Promise<string[]> {
-    const globber = await glob.create(`${dir}/**/${DEPENDENCY_GRAPH_FILE}`)
-    const graphFiles = globber.glob()
-    core.info(`Found graph files in ${dir}: ${graphFiles}`)
-    return graphFiles
-}
-
-async function retrieveDependencyGraphs(octokit: Octokit, workspaceDirectory: string): Promise<string[]> {
+async function retrieveDependencyGraphs(workspaceDirectory: string): Promise<string[]> {
     if (github.context.payload.workflow_run) {
-        return await retrieveDependencyGraphsForWorkflowRun(
-            github.context.payload.workflow_run.id,
-            octokit,
-            workspaceDirectory
-        )
+        return await retrieveDependencyGraphsForWorkflowRun(github.context.payload.workflow_run.id, workspaceDirectory)
     }
     return retrieveDependencyGraphsForCurrentWorkflow(workspaceDirectory)
 }
 
-async function retrieveDependencyGraphsForWorkflowRun(
-    runId: number,
-    octokit: Octokit,
-    workspaceDirectory: string
-): Promise<string[]> {
+async function retrieveDependencyGraphsForWorkflowRun(runId: number, workspaceDirectory: string): Promise<string[]> {
+    const octokit: Octokit = getOctokit()
+
     // Find the workflow run artifacts named "dependency-graph"
     const artifacts = await octokit.rest.actions.listWorkflowRunArtifacts({
         owner: github.context.repo.owner,
@@ -139,6 +130,12 @@ async function retrieveDependencyGraphsForCurrentWorkflow(workspaceDirectory: st
     return await findDependencyGraphFiles(downloadPath)
 }
 
+async function findDependencyGraphFiles(dir: string): Promise<string[]> {
+    const globber = await glob.create(`${dir}/dependency-graph-reports/*.json`)
+    const graphFiles = globber.glob()
+    return graphFiles
+}
+
 function getOctokit(): Octokit {
     return new Octokit({
         auth: getGithubToken()
@@ -153,3 +150,29 @@ function getRelativePathFromWorkspace(file: string): string {
     const workspaceDirectory = layout.workspaceDirectory()
     return path.relative(workspaceDirectory, file)
 }
+
+export function getJobCorrelator(): string {
+    return constructJobCorrelator(github.context.workflow, github.context.job, getJobMatrix())
+}
+
+export function constructJobCorrelator(workflow: string, jobId: string, matrixJson: string): string {
+    const matrixString = describeMatrix(matrixJson)
+    const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`
+    return sanitize(label)
+}
+
+function describeMatrix(matrixJson: string): string {
+    core.debug(`Got matrix json: ${matrixJson}`)
+    const matrix = JSON.parse(matrixJson)
+    if (matrix) {
+        return Object.values(matrix).join('-')
+    }
+    return ''
+}
+
+function sanitize(value: string): string {
+    return value
+        .replace(/[^a-zA-Z0-9_-\s]/g, '')
+        .replace(/\s+/g, '_')
+        .toLowerCase()
+}

src/input-params.ts

@@ -51,7 +51,7 @@ export function getArguments(): string[] {
 }
 
 // Internal parameters
-export function getJobContext(): string {
+export function getJobMatrix(): string {
     return core.getInput('workflow-job-context')
 }
 
@@ -63,6 +63,27 @@ export function isJobSummaryEnabled(): boolean {
     return getBooleanInput('generate-job-summary', true)
 }
 
+export function isDependencyGraphEnabled(): boolean {
+    return getBooleanInput('generate-dependency-graph', true)
+}
+
+export function getDependencyGraphOption(): DependencyGraphOption {
+    const val = core.getInput('dependency-graph')
+    switch (val.toLowerCase().trim()) {
+        case 'disabled':
+            return DependencyGraphOption.Disabled
+        case 'generate':
+            return DependencyGraphOption.Generate
+        case 'generate-and-submit':
+            return DependencyGraphOption.GenerateAndSubmit
+        case 'download-and-submit':
+            return DependencyGraphOption.DownloadAndSubmit
+    }
+    throw TypeError(
+        `The value '${val} is not valid for 'dependency-graph. Valid values are: [disabled, generate-and-upload, generate-and-submit, download-and-submit]. The default value is 'disabled'.`
+    )
+}
+
 function getBooleanInput(paramName: string, paramDefault = false): boolean {
     const paramValue = core.getInput(paramName)
     switch (paramValue.toLowerCase().trim()) {
@@ -75,3 +96,10 @@ function getBooleanInput(paramName: string, paramDefault = false): boolean {
     }
     throw TypeError(`The value '${paramValue} is not valid for '${paramName}. Valid values are: [true, false]`)
 }
+
+export enum DependencyGraphOption {
+    Disabled,
+    Generate,
+    GenerateAndSubmit,
+    DownloadAndSubmit
+}

src/resources/init-scripts/github-dependency-graph-gradle-plugin-apply.groovy

@@ -0,0 +1,9 @@
+buildscript {
+  repositories {
+    maven { url "https://plugins.gradle.org/m2/" }
+  }
+  dependencies {
+    classpath "org.gradle:github-dependency-graph-gradle-plugin:0.0.5"
+  }
+}
+apply plugin: org.gradle.github.GitHubDependencyGraphPlugin

src/resources/init-scripts/github-dependency-graph.init.gradle

@@ -1,12 +1,24 @@
-import org.gradle.github.GitHubDependencyGraphPlugin
-initscript {
-  repositories {
-    maven {
-      url = uri("https://plugins.gradle.org/m2/")
-    }
-  }
-  dependencies {
-    classpath("org.gradle:github-dependency-graph-gradle-plugin:+")
-  }
+import org.gradle.util.GradleVersion
+
+if (System.env.GITHUB_DEPENDENCY_GRAPH_ENABLED != "true") {
+  return
 }
-apply plugin: GitHubDependencyGraphPlugin
+
+if (GradleVersion.current().baseVersion < GradleVersion.version("5.0")) {
+  println "::warning::Dependency Graph is not supported for Gradle versions < 5.0. No dependency snapshot will be generated."
+  return
+}
+
+def reportDir = System.env.GITHUB_DEPENDENCY_GRAPH_REPORT_DIR
+def jobCorrelator = System.env.GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR
+def reportFile = new File(reportDir, jobCorrelator + ".json")
+
+if (reportFile.exists()) {
+  println "::warning::No dependency snapshot generated for step: report file for '${jobCorrelator}' created in earlier step. Each build invocation requires a unique job correlator: specify GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR var for this step."
+  return
+}
+
+println "Generating dependency graph for '${jobCorrelator}'"
+
+// TODO:DAZ This should be conditionally applied, since the script may be present when not required.
+apply from: 'github-dependency-graph-gradle-plugin-apply.groovy'

src/setup-gradle.ts

@@ -6,6 +6,7 @@ import * as os from 'os'
 import * as caches from './caches'
 import * as layout from './repository-layout'
 import * as params from './input-params'
+import * as dependencyGraph from './dependency-graph'
 
 import {logJobSummary, writeJobSummary} from './job-summary'
 import {loadBuildResults} from './build-results'
@@ -36,6 +37,8 @@ export async function setup(): Promise<void> {
     await caches.restore(gradleUserHome, cacheListener)
 
     core.saveState(CACHE_LISTENER, cacheListener.stringify())
+
+    dependencyGraph.setup(params.getDependencyGraphOption())
 }
 
 export async function complete(): Promise<void> {
@@ -58,6 +61,8 @@ export async function complete(): Promise<void> {
     } else {
         logJobSummary(buildResults, cacheListener)
     }
+
+    dependencyGraph.complete(params.getDependencyGraphOption())
 }
 
 async function determineGradleUserHome(): Promise<string> {

test/init-scripts/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=e111cb9948407e26351227dabce49822fb88c37ee72f1d1582a69c68af2e702f
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionSha256Sum=38f66cd6eef217b4c35855bb11ea4e9fbc53594ccccb5fb82dfd317ef8c2c5a3
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

test/init-scripts/gradlew

@@ -130,10 +130,13 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.

test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy

@@ -22,8 +22,9 @@ class BaseInitScriptTest extends Specification {
     static final TestGradleVersion GRADLE_5_X = new TestGradleVersion(GradleVersion.version('5.6.4'), 8, 12)
     static final TestGradleVersion GRADLE_6_NO_BUILD_SERVICE = new TestGradleVersion(GradleVersion.version('6.5.1'), 8, 14)
     static final TestGradleVersion GRADLE_6_X = new TestGradleVersion(GradleVersion.version('6.9.4'), 8, 15)
-    static final TestGradleVersion GRADLE_7_X = new TestGradleVersion(GradleVersion.version('7.6.1'), 8, 19)
-    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.0.2'), 8, 19)
+    static final TestGradleVersion GRADLE_7_X = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
+    static final TestGradleVersion GRADLE_8_0 = new TestGradleVersion(GradleVersion.version('8.0.2'), 8, 19)
+    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.2'), 8, 19)
 
     static final List<TestGradleVersion> ALL_VERSIONS = [
         GRADLE_3_X, // First version where TestKit supports environment variables
@@ -32,14 +33,15 @@ class BaseInitScriptTest extends Specification {
         GRADLE_6_NO_BUILD_SERVICE, // Last version without build service support
         GRADLE_6_X,
         GRADLE_7_X,
+        GRADLE_8_0,
         GRADLE_8_X,
     ]
 
     static final List<TestGradleVersion> CONFIGURATION_CACHE_VERSIONS =
-        [GRADLE_7_X, GRADLE_8_X]
+        [GRADLE_7_X, GRADLE_8_0, GRADLE_8_X]
 
     static final List<TestGradleVersion> SETTINGS_PLUGIN_VERSIONS =
-        [GRADLE_6_X, GRADLE_7_X, GRADLE_8_X]
+        [GRADLE_6_X, GRADLE_7_X, GRADLE_8_0, GRADLE_8_X]
 
     static final String PUBLIC_BUILD_SCAN_ID = 'i2wepy2gr7ovw'
     static final String DEFAULT_SCAN_UPLOAD_TOKEN = 'scan-upload-token'

test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestDependencyGraph.groovy

@@ -0,0 +1,87 @@
+package com.gradle.gradlebuildaction
+
+import static org.junit.Assume.assumeTrue
+
+class TestDependencyGraph extends BaseInitScriptTest {
+    def initScript = 'github-dependency-graph.init.gradle'
+
+    static final List<TestGradleVersion> NO_DEPENDENCY_GRAPH_VERSIONS = [GRADLE_3_X, GRADLE_4_X]
+    static final List<TestGradleVersion> DEPENDENCY_GRAPH_VERSIONS = ALL_VERSIONS - NO_DEPENDENCY_GRAPH_VERSIONS
+
+
+    def "does not produce dependency graph when not enabled"() {
+        assumeTrue testGradleVersion.compatibleWithCurrentJvm
+
+        when:
+        run(['help'], initScript, testGradleVersion.gradleVersion)
+
+        then:
+        assert !reportsDir.exists()
+
+        where:
+        testGradleVersion << ALL_VERSIONS
+    }
+
+    def "produces dependency graph when enabled"() {
+        assumeTrue testGradleVersion.compatibleWithCurrentJvm
+
+        when:
+        run(['help'], initScript, testGradleVersion.gradleVersion, [], envVars)
+
+        then:
+        assert reportFile.exists()
+
+        where:
+        testGradleVersion << DEPENDENCY_GRAPH_VERSIONS
+    }
+
+    def "warns and produces no dependency graph when enabled for older Gradle versions"() {
+        assumeTrue testGradleVersion.compatibleWithCurrentJvm
+
+        when:
+        def result = run(['help'], initScript, testGradleVersion.gradleVersion, [], envVars)
+
+        then:
+        assert !reportsDir.exists()
+        assert result.output.contains("::warning::Dependency Graph is not supported")
+
+        where:
+        testGradleVersion << NO_DEPENDENCY_GRAPH_VERSIONS
+    }
+
+    def "warns and does not overwrite existing report file"() {
+        assumeTrue testGradleVersion.compatibleWithCurrentJvm
+
+        when:
+        reportsDir.mkdirs()
+        reportFile << "DUMMY CONTENT"
+        def result = run(['help'], initScript, testGradleVersion.gradleVersion, [], envVars)
+
+        then:
+        assert reportFile.text == "DUMMY CONTENT"
+        assert result.output.contains("::warning::No dependency snapshot generated for step")
+
+        where:
+        testGradleVersion << DEPENDENCY_GRAPH_VERSIONS
+    }
+
+    def getEnvVars() {
+        return [
+            GITHUB_DEPENDENCY_GRAPH_ENABLED: "true",
+            GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR: "CORRELATOR",
+            GITHUB_DEPENDENCY_GRAPH_JOB_ID: "1",
+            GITHUB_DEPENDENCY_GRAPH_REPORT_DIR: reportsDir.absolutePath,
+            GITHUB_REF: "main",
+            GITHUB_SHA: "123456",
+            GITHUB_WORKSPACE: testProjectDir.absolutePath
+        ]
+    }
+
+    def getReportsDir() {
+        return new File(testProjectDir, 'build/reports/github-dependency-graph-snapshots')
+    }
+
+    def getReportFile() {
+        return new File(reportsDir, "CORRELATOR.json")
+    }
+}

test/jest/cache-cleanup.test.ts

@@ -49,7 +49,7 @@ test('will cleanup unused gradle versions', async () => {
 
     const gradle802 = path.resolve(gradleUserHome, "caches/8.0.2")
     const wrapper802 = path.resolve(gradleUserHome, "wrapper/dists/gradle-8.0.2-bin")
-    const gradleCurrent = path.resolve(gradleUserHome, "caches/8.1.1")
+    const gradleCurrent = path.resolve(gradleUserHome, "caches/8.2")
 
     expect(fs.existsSync(gradle802)).toBe(true)
     expect(fs.existsSync(wrapper802)).toBe(true)

test/jest/dependency-graph.test.ts

@@ -0,0 +1,34 @@
+import * as dependencyGraph from '../../src/dependency-graph'
+
+describe('dependency-graph', () => {
+    describe('constructs job correlator', () => {
+        it('removes commas from workflow name', () => {
+            const id = dependencyGraph.constructJobCorrelator('Workflow, with,commas', 'jobid', '{}')
+            expect(id).toBe('workflow_withcommas-jobid')
+        })
+        it('removes non word characters', () => {
+            const id = dependencyGraph.constructJobCorrelator('Workflow!_with()characters', 'job-*id', '{"foo": "bar!@#$%^&*("}')
+            expect(id).toBe('workflow_withcharacters-job-id-bar')
+        })
+        it('replaces spaces', () => {
+            const id = dependencyGraph.constructJobCorrelator('Workflow !_ with () characters, and   spaces', 'job-*id', '{"foo": "bar!@#$%^&*("}')
+            expect(id).toBe('workflow___with_characters_and_spaces-job-id-bar')
+        })
+        it('without matrix', () => {
+            const id = dependencyGraph.constructJobCorrelator('workflow', 'jobid', 'null')
+            expect(id).toBe('workflow-jobid')
+        })
+        it('with dashes in values', () => {
+            const id = dependencyGraph.constructJobCorrelator('workflow-name', 'job-id', '{"os": "ubuntu-latest"}')
+            expect(id).toBe('workflow-name-job-id-ubuntu-latest')
+        })
+        it('with single matrix value', () => {
+            const id = dependencyGraph.constructJobCorrelator('workflow', 'jobid', '{"os": "windows"}')
+            expect(id).toBe('workflow-jobid-windows')
+        })
+        it('with composite matrix value', () => {
+            const id = dependencyGraph.constructJobCorrelator('workflow', 'jobid', '{"os": "windows", "java-version": "21.1", "other": "Value, with COMMA"}')
+            expect(id).toBe('workflow-jobid-windows-211-value_with_comma')
+        })
+    })
+})