Bump the github-actions group with 1 update (#1047)

Bumps the github-actions group with 1 update:
[gradle/gradle-build-action](https://github.com/gradle/gradle-build-action).

Updates `gradle/gradle-build-action` from 2.11.1 to 2.12.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/gradle-build-action/releases">gradle/gradle-build-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.12.0</h2>
<p>Adds a new option to clear a previously submitted
dependency-graph.</p>
<pre lang="yaml"><code>steps:
- uses: gradle/gradle-build-action@v2
  with:
    dependency-graph: clear
</code></pre>
<p>This may prove useful when migrating to a workflow using the upcoming
<code>gradle/actions/dependency-submission</code> action.</p>
<p><strong>Full-changelog</strong>: <a
href="https://github.com/gradle/gradle-build-action/compare/v2.11.1...v2.12.0">https://github.com/gradle/gradle-build-action/compare/v2.11.1...v2.12.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a8f75513ea"><code>a8f7551</code></a>
Build outputs</li>
<li><a
href="9283312acb"><code>9283312</code></a>
Add new option to clear dependency-graph</li>
<li><a
href="7c8a278ea0"><code>7c8a278</code></a>
Remove old clear-dependency-graph action</li>
<li><a
href="d8ca9b7d2e"><code>d8ca9b7</code></a>
Do full checks on release branches</li>
<li>See full diff in <a
href="https://github.com/gradle/gradle-build-action/compare/v2.11.1...v2.12.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gradle/gradle-build-action&package-manager=github_actions&previous-version=2.11.1&new-version=2.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.eslintrc.json

@@ -12,6 +12,7 @@
       "import/no-namespace": "off",
       "i18n-text/no-en": "off",
       "no-unused-vars": "off",
+      "no-shadow": "off",
       "sort-imports": "off",
       "@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }],
       "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
@@ -30,6 +31,7 @@
       "@typescript-eslint/no-misused-new": "error",
       "@typescript-eslint/no-namespace": "error", 
       "@typescript-eslint/no-non-null-assertion": "off",
+      "@typescript-eslint/no-shadow": "error",
       "@typescript-eslint/no-unnecessary-qualifier": "error",
       "@typescript-eslint/no-unnecessary-type-assertion": "error",
       "@typescript-eslint/no-useless-constructor": "error",

.github/actions/build-dist/action.yml

@@ -3,14 +3,18 @@ name: 'Build and upload distribution'
 runs:
   using: "composite"
   steps: 
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 20
     - name: Build distribution
       shell: bash
       run: |
+        npm -v
+        node -v
         npm install
         npm run build
     - name: Upload distribution
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: dist
         path: dist/
-

.github/actions/download-dist/action.yml

@@ -6,7 +6,7 @@ runs:
   steps: 
     - name: Download dist
       if: ${{ env.DOWNLOAD_DIST == 'true' }}
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: dist
         path: dist/

.github/dependabot.yml

@@ -10,12 +10,23 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    groups:
+      github-actions:
+        patterns:
+        - "*"
+
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "weekly"
     ignore:
-      - dependency-name: "@types/node"
+      - dependency-name: "@types/node" # Breaking change: update with next major release
+      - dependency-name: "@octokit/rest" # Tied to node version
+    groups:
+      npm-dependencies:
+        patterns:
+        - "*"
+      
   - package-ecosystem: "gradle"
     directory: ".github/workflow-samples/gradle-plugin"
     registries:

.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=e111cb9948407e26351227dabce49822fb88c37ee72f1d1582a69c68af2e702f
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionSha256Sum=9d926787066a081739e8200858338b4a69e837c3a821a33aca9db09dd4a41026
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

.github/workflow-samples/gradle-plugin/gradlew

@@ -83,7 +83,8 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -130,10 +131,13 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
@@ -141,7 +145,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
         # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
@@ -149,7 +153,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
       '' | soft) :;; #(
       *)
         # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -198,11 +202,11 @@ fi
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=e111cb9948407e26351227dabce49822fb88c37ee72f1d1582a69c68af2e702f
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionSha256Sum=9d926787066a081739e8200858338b4a69e837c3a821a33aca9db09dd4a41026
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

.github/workflow-samples/groovy-dsl/gradlew

@@ -83,7 +83,8 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -130,10 +131,13 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
@@ -141,7 +145,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
         # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
@@ -149,7 +153,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
       '' | soft) :;; #(
       *)
         # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -198,11 +202,11 @@ fi
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

.github/workflow-samples/groovy-dsl/settings.gradle

@@ -1,6 +1,6 @@
 plugins {
-    id "com.gradle.enterprise" version "3.13.4"
-    id "com.gradle.common-custom-user-data-gradle-plugin" version "1.11"
+    id "com.gradle.enterprise" version "3.16.1"
+    id "com.gradle.common-custom-user-data-gradle-plugin" version "1.12.1"
 }
 
 gradleEnterprise {

.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=e111cb9948407e26351227dabce49822fb88c37ee72f1d1582a69c68af2e702f
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionSha256Sum=9d926787066a081739e8200858338b4a69e837c3a821a33aca9db09dd4a41026
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

.github/workflow-samples/java-toolchain/gradlew

@@ -83,7 +83,8 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -130,10 +131,13 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
@@ -141,7 +145,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
         # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
@@ -149,7 +153,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
       '' | soft) :;; #(
       *)
         # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -198,11 +202,11 @@ fi
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

.github/workflow-samples/java-toolchain/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id("org.gradle.toolchains.foojay-resolver-convention") version("0.4.0")
+    id("org.gradle.toolchains.foojay-resolver-convention") version("0.7.0")
 }
 
 rootProject.name = 'basic'

.github/workflow-samples/kotlin-dsl/build.gradle.kts

@@ -8,9 +8,9 @@ repositories {
 
 dependencies {
     api("org.apache.commons:commons-math3:3.6.1")
-    implementation("com.google.guava:guava:32.0.1-jre")
+    implementation("com.google.guava:guava:33.0.0-jre")
 
-    testImplementation("org.junit.jupiter:junit-jupiter:5.9.3")
+    testImplementation("org.junit.jupiter:junit-jupiter:5.10.1")
 }
 
 tasks.test {

.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=e111cb9948407e26351227dabce49822fb88c37ee72f1d1582a69c68af2e702f
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionSha256Sum=9d926787066a081739e8200858338b4a69e837c3a821a33aca9db09dd4a41026
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

.github/workflow-samples/kotlin-dsl/gradlew

@@ -83,7 +83,8 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -130,10 +131,13 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
@@ -141,7 +145,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
         # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
@@ -149,7 +153,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
       '' | soft) :;; #(
       *)
         # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -198,11 +202,11 @@ fi
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

.github/workflow-samples/kotlin-dsl/settings.gradle.kts

@@ -1,6 +1,6 @@
 plugins {
-    id("com.gradle.enterprise") version "3.13.4"
-    id("com.gradle.common-custom-user-data-gradle-plugin") version "1.11"
+    id("com.gradle.enterprise") version "3.16.1"
+    id("com.gradle.common-custom-user-data-gradle-plugin") version "1.12.1"
 }
 
 gradleEnterprise {

.github/workflow-samples/no-ge/build.gradle

@@ -0,0 +1 @@
+// Required to keep dependabot happy

.github/workflow-samples/no-ge/settings.gradle

@@ -0,0 +1 @@
+rootProject.name = 'no-ge'

.github/workflow-samples/no-wrapper-gradle-5/build.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.build-scan" version "3.13.4" 
+    id "com.gradle.build-scan" version "3.16.1" 
 }
 
 gradleEnterprise {

.github/workflow-samples/no-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.enterprise" version "3.13.4"
+    id "com.gradle.enterprise" version "3.16.1"
 }
 
 gradleEnterprise {

.github/workflows/ci-codeql.yml

@@ -1,22 +1,10 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
 name: CI-codeql
 
 on:
   push:
-    branches: [ main ]
+    branches: [ "main" ]
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
+    branches: [ "main" ]
   schedule:
     - cron: '25 23 * * 2'
 
@@ -32,39 +20,20 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+        language: [ 'javascript-typescript' ]
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
+        config: |
+          paths: 
+          - src
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/ci-dependency-review.yml

@@ -15,6 +15,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4

.github/workflows/ci-full-check.yml

@@ -9,6 +9,7 @@ on:
   push:
     branches: 
       - main
+      - release/**
     paths:
       - '.github/**'
       - 'dist/**'
@@ -25,7 +26,19 @@ jobs:
       cache-key-prefix: ${{github.run_number}}-
 
   caching-config:
-    uses: ./.github/workflows/integ-test-action-inputs-caching.yml
+    uses: ./.github/workflows/integ-test-caching-config.yml
+    with:
+      cache-key-prefix: ${{github.run_number}}-
+
+  dependency-graph:
+    uses: ./.github/workflows/integ-test-dependency-graph.yml
+    permissions:
+      contents: write
+    with:
+      cache-key-prefix: ${{github.run_number}}-
+
+  dependency-graph-failures:
+    uses: ./.github/workflows/integ-test-dependency-graph-failures.yml
     with:
       cache-key-prefix: ${{github.run_number}}-
 
@@ -39,15 +52,24 @@ jobs:
     with:
       cache-key-prefix: ${{github.run_number}}-
 
+  develocity-injection:
+    uses: ./.github/workflows/integ-test-inject-develocity.yml
+    with:
+      cache-key-prefix: ${{github.run_number}}-
+    secrets:
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_SOLUTIONS_ACCESS_TOKEN }}
+
   provision-gradle-versions:
     uses: ./.github/workflows/integ-test-provision-gradle-versions.yml
     with:
       cache-key-prefix: ${{github.run_number}}-
 
-  # restore-configuration-cache:
-  #   uses: ./.github/workflows/integ-test-restore-configuration-cache.yml
-  #   with:
-  #     cache-key-prefix: ${{github.run_number}}-
+  restore-configuration-cache:
+    uses: ./.github/workflows/integ-test-restore-configuration-cache.yml
+    with:
+      cache-key-prefix: ${{github.run_number}}-
+    secrets:
+      GRADLE_ENCRYPTION_KEY: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
 
   restore-custom-gradle-home:
     uses: ./.github/workflows/integ-test-restore-custom-gradle-home.yml
@@ -78,3 +100,8 @@ jobs:
     uses: ./.github/workflows/integ-test-sample-gradle-plugin.yml
     with:
       cache-key-prefix: ${{github.run_number}}-
+
+  toolchain-detection:
+    uses: ./.github/workflows/integ-test-detect-java-toolchains.yml
+    with:
+      cache-key-prefix: ${{github.run_number}}-

.github/workflows/ci-init-script-check.yml

@@ -13,14 +13,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Setup Java
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         distribution: temurin
         java-version: 8
     - name: Setup Gradle
-      uses: gradle/gradle-build-action@v2.4.2 # Use a released version to avoid breakages
+      uses: gradle/gradle-build-action@v2.12.0 # Use a released version to avoid breakages
     - name: Run integration tests
       working-directory: test/init-scripts
       run: ./gradlew check

.github/workflows/ci-quick-check.yml

@@ -3,14 +3,16 @@ name: CI-quick-check
 on:
   workflow_dispatch:
   push:
-    branches-ignore: main
+    branches-ignore: 
+    - main
+    - release/**
 
 jobs:
   build-distribution:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Build and upload distribution
       uses: ./.github/actions/build-dist
 
@@ -18,11 +20,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Configure Gradle as default for unit test
       uses: ./
       with:
-        gradle-version: 8.1.1
+        gradle-version: 8.5
     - name: Run tests
       run: |
         npm install
@@ -45,7 +47,23 @@ jobs:
 
   caching-config:
     needs: build-distribution
-    uses: ./.github/workflows/integ-test-action-inputs-caching.yml
+    uses: ./.github/workflows/integ-test-caching-config.yml
+    with:
+      runner-os: '["ubuntu-latest"]'
+      download-dist: true
+
+  dependency-graph:
+    needs: build-distribution
+    uses: ./.github/workflows/integ-test-dependency-graph.yml
+    permissions:
+      contents: write
+    with:
+      runner-os: '["ubuntu-latest"]'
+      download-dist: true
+
+  dependency-graph-failures:
+    needs: build-distribution
+    uses: ./.github/workflows/integ-test-dependency-graph-failures.yml
     with:
       runner-os: '["ubuntu-latest"]'
       download-dist: true
@@ -64,6 +82,15 @@ jobs:
       runner-os: '["ubuntu-latest"]'
       download-dist: true
 
+  develocity-injection:
+    needs: build-distribution
+    uses: ./.github/workflows/integ-test-inject-develocity.yml
+    with:
+      runner-os: '["ubuntu-latest"]'
+      download-dist: true
+    secrets:
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_SOLUTIONS_ACCESS_TOKEN }}
+
   provision-gradle-versions:
     needs: build-distribution
     uses: ./.github/workflows/integ-test-provision-gradle-versions.yml
@@ -71,12 +98,14 @@ jobs:
       runner-os: '["ubuntu-latest"]'
       download-dist: true
 
-  # restore-configuration-cache:
-  #   needs: build-distribution
-  #   uses: ./.github/workflows/integ-test-restore-configuration-cache.yml
-  #   with:
-  #     runner-os: '["ubuntu-latest"]'
-  #     download-dist: true
+  restore-configuration-cache:
+    needs: build-distribution
+    uses: ./.github/workflows/integ-test-restore-configuration-cache.yml
+    with:
+      runner-os: '["ubuntu-latest"]'
+      download-dist: true
+    secrets:
+      GRADLE_ENCRYPTION_KEY: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
 
   restore-containerized-gradle-home:
     needs: build-distribution
@@ -117,3 +146,10 @@ jobs:
     with:
       runner-os: '["ubuntu-latest"]'
       download-dist: true
+
+  toolchain-detection:
+    needs: build-distribution
+    uses: ./.github/workflows/integ-test-detect-java-toolchains.yml
+    with:
+      runner-os: '["ubuntu-latest"]'
+      download-dist: true

.github/workflows/ci-verify-outputs.yml

@@ -8,6 +8,7 @@ on:
   push:
     branches: 
       - main
+      - release/**
       - dependabot/**
 
 jobs:
@@ -15,7 +16,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 20
     - name: Build
       run: |
         npm -v
@@ -33,7 +37,7 @@ jobs:
       id: diff
 
     # If index.js was different than expected, upload the expected version as an artifact
-    - uses: actions/upload-artifact@v3
+    - uses: actions/upload-artifact@v4
       if: ${{ failure() && steps.diff.conclusion == 'failure' }}
       with:
         name: dist

.github/workflows/demo-failure-cases.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Test build failure
       uses: ./
       continue-on-error: true
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Test wrapper missing
       uses: ./
       continue-on-error: true
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Test bad config value
       uses: ./
       continue-on-error: true

.github/workflows/demo-job-summary.yml

@@ -8,11 +8,11 @@ env:
   GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
 jobs:
-  run-gradle-builds:
+  many-gradle-builds:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Build distribution
       shell: bash
       run: |
@@ -23,10 +23,10 @@ jobs:
     - name: Build kotlin-dsl project
       working-directory: .github/workflow-samples/kotlin-dsl
       run: ./gradlew assemble
-    - name: Build kotlin-dsl project without build scan
+    - name: Build kotlin-dsl project without Build Scan®
       working-directory: .github/workflow-samples/kotlin-dsl
       run: ./gradlew assemble check --no-scan
-    - name: Build kotlin-dsl project with build scan publish failure
+    - name: Build kotlin-dsl project with Build Scan® publish failure
       working-directory: .github/workflow-samples/kotlin-dsl
       run: ./gradlew check -Dgradle.enterprise.url=https://not.valid.server
     - name: Build groovy-dsl project
@@ -41,3 +41,46 @@ jobs:
       working-directory: .github/workflow-samples/groovy-dsl
       continue-on-error: true
       run: ./gradlew not-a-real-task
+
+  successful-builds-with-no-summary:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Build distribution
+      shell: bash
+      run: |
+        npm install
+        npm run build
+    - name: Setup Gradle
+      uses: ./
+      with:
+        add-job-summary: on-failure
+    - name: Build kotlin-dsl project
+      working-directory: .github/workflow-samples/kotlin-dsl
+      run: ./gradlew assemble
+    - name: Build kotlin-dsl project without Build Scan®
+      working-directory: .github/workflow-samples/kotlin-dsl
+      run: ./gradlew assemble check --no-scan
+
+  pre-existing-gradle-home:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Build distribution
+      shell: bash
+      run: |
+        npm install
+        npm run build
+    - name: Pre-create Gradle User Home
+      shell: bash
+      run: |
+        mkdir ~/.gradle
+        mkdir ~/.gradle/caches
+        touch ~/.gradle/caches/dummy.txt
+    - name: Setup Gradle
+      uses: ./
+    - name: Run build
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: ./gradlew assemble

.github/workflows/demo-pr-build-scan-comment.yml

@@ -1,27 +1,51 @@
-name: Demo adding build scan comment to PR
+name: Demo adding Build Scan® comment to PR
 on:
   pull_request:
     types: [assigned, review_requested]
+
+permissions:
+  pull-requests: write
+
 jobs:
-  gradle:
+  successful-build-with-always-comment:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout project sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Setup Gradle
       uses: ./
+      with:
+        add-job-summary-as-pr-comment: always
     - name: Run build with Gradle wrapper
       id: gradle
       working-directory: .github/workflow-samples/kotlin-dsl
       run: ./gradlew build --scan
-    - name: "Add build scan URL as PR comment"
-      uses: actions/github-script@v6
+
+  successful-build-with-comment-on-failure:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout project sources
+      uses: actions/checkout@v4
+    - name: Setup Gradle
+      uses: ./
       with:
-        github-token: ${{secrets.GITHUB_TOKEN}}
-        script: |
-          github.rest.issues.createComment({
-            issue_number: context.issue.number,
-            owner: context.repo.owner,
-            repo: context.repo.repo,
-            body: 'PR ready for review: ${{ steps.gradle.outputs.build-scan-url }}'
-          })
+        add-job-summary-as-pr-comment: on-failure
+    - name: Run build with Gradle wrapper
+      id: gradle
+      working-directory: .github/workflow-samples/kotlin-dsl
+      run: ./gradlew build --scan
+
+  failing-build-with-comment-on-failure:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout project sources
+      uses: actions/checkout@v4
+    - name: Setup Gradle
+      uses: ./
+      with:
+        add-job-summary-as-pr-comment: on-failure
+    - name: Run build with Gradle wrapper
+      id: gradle
+      working-directory: .github/workflow-samples/kotlin-dsl
+      run: ./gradlew no-a-real-task --scan
+      continue-on-error: true

.github/workflows/integ-test-action-inputs.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Invoke with multi-line arguments

.github/workflows/integ-test-cache-cleanup.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -45,7 +45,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -65,7 +65,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle

.github/workflows/integ-test-caching-config.yml

@@ -1,4 +1,4 @@
-name: Test action inputs for caching
+name: Test caching configuration
 
 on:
   workflow_call:
@@ -25,7 +25,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -38,7 +38,8 @@ jobs:
             enterprise
         # Exclude build-cache from main cache entry
         gradle-home-cache-excludes: |
-            caches/build-cache-1
+            caches/build-cache-*
+            caches/*/executionHistory
     - name: Build using Gradle wrapper
       working-directory: .github/workflow-samples/groovy-dsl
       run: ./gradlew test
@@ -52,7 +53,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -63,7 +64,8 @@ jobs:
             caches
             enterprise
         gradle-home-cache-excludes: |
-            caches/build-cache-1
+            caches/build-cache-*
+            caches/*/executionHistory
         cache-read-only: true
     - name: Execute Gradle build with --offline
       working-directory: .github/workflow-samples/groovy-dsl
@@ -77,7 +79,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -88,19 +90,19 @@ jobs:
       id: gradle
       working-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
       run: gradle help "-DgradleVersionCheck=${{matrix.gradle}}"
-    - name: Check build scan url is captured
+    - name: Check Build Scan url is captured
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
-          core.setFailed('No build scan detected')
+          core.setFailed('No Build Scan detected')
 
   # Test that build scans are captured when caching is disabled because Gradle User Home already exists
   cache-disabled-pre-existing-gradle-home:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Create dummy Gradle User Home
@@ -111,12 +113,12 @@ jobs:
       id: gradle
       working-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
       run: gradle help "-DgradleVersionCheck=${{matrix.gradle}}"
-    - name: Check build scan url is captured
+    - name: Check Build Scan url is captured
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
-          core.setFailed('No build scan detected')
+          core.setFailed('No Build Scan detected')
 
   # Test seed the cache with cache-write-only and verify with cache-read-only
   seed-build-write-only:
@@ -128,7 +130,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -149,7 +151,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle

.github/workflows/integ-test-dependency-graph-failures.yml

@@ -0,0 +1,103 @@
+name: Test dependency graph
+
+on:
+  workflow_call:
+    inputs:
+      cache-key-prefix:
+        type: string
+      runner-os:
+        type: string
+        default: '["ubuntu-latest"]'
+      download-dist:
+        type: boolean
+        default: false
+
+env:
+  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-graph-${{ inputs.cache-key-prefix }}
+  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
+
+jobs:
+  unsupported-gradle-version-warning:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        gradle-version: 7.0.1
+        dependency-graph: generate
+        dependency-graph-continue-on-failure: true
+    - name: Run with unsupported Gradle version
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: |
+        if gradle help | grep -q 'warning::Dependency Graph is not supported for Gradle 7.0.1. No dependency snapshot will be generated.';
+        then
+          echo "Got the expected warning"
+        else
+          echo "Did not get the expected warning"
+          exit 1
+        fi
+
+  unsupported-gradle-version-failure:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        gradle-version: 7.0.1
+        dependency-graph: generate
+        dependency-graph-continue-on-failure: false
+    - name: Run with unsupported Gradle version
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: |
+        if gradle help; then
+          echo "Expected build to fail with Gradle 7.0.1"
+          exit 1
+        fi
+
+  insufficient-permissions-warning:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        dependency-graph: generate-and-submit
+        dependency-graph-continue-on-failure: true
+    - name: Run with insufficient permissions
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: ./gradlew help
+      # This test is primarily for demonstration: it's unclear how to check for warnings emitted in the post-action
+
+  SHOULD_FAIL-insufficient-permissions-failure:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    continue-on-error: true
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        dependency-graph: generate-and-submit
+        dependency-graph-continue-on-failure: false
+    - name: Run with insufficient permissions
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: ./gradlew help
+      # This test is primarily for demonstration: it's unclear how to check for a failure in the post-action

.github/workflows/integ-test-dependency-graph.yml

@@ -0,0 +1,148 @@
+name: Test dependency graph
+
+on:
+  workflow_call:
+    inputs:
+      cache-key-prefix:
+        type: string
+      runner-os:
+        type: string
+        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+      download-dist:
+        type: boolean
+        default: false
+
+permissions:
+  contents: write
+
+env:
+  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-graph-${{ inputs.cache-key-prefix }}
+  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
+
+jobs:
+  groovy-generate:
+    strategy:
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        dependency-graph: generate-and-upload
+    - name: Run gradle build
+      run: ./gradlew build
+      working-directory: .github/workflow-samples/groovy-dsl
+
+  kotlin-generate:
+    strategy:
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        dependency-graph: generate-and-submit
+    - name: Run gradle build
+      run: ./gradlew build
+      working-directory: .github/workflow-samples/kotlin-dsl
+  
+  submit:
+    needs: [groovy-generate]
+    runs-on: "ubuntu-latest"
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Submit dependency graphs
+      uses: ./
+      with:
+        dependency-graph: download-and-submit
+
+  multiple-builds:
+    strategy:
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        dependency-graph: generate-and-submit
+    - id: gradle-assemble
+      run: ./gradlew assemble
+      working-directory: .github/workflow-samples/groovy-dsl
+    - id: gradle-build
+      run: ./gradlew build
+      working-directory: .github/workflow-samples/groovy-dsl
+    - id: gradle-build-again
+      run: ./gradlew build
+      working-directory: .github/workflow-samples/groovy-dsl
+    - name: Check generated dependency graphs
+      shell: bash
+      run: |
+        echo "gradle-assemble report file: ${{ steps.gradle-assemble.outputs.dependency-graph-file }}"
+        echo "gradle-build report file: ${{ steps.gradle-build.outputs.dependency-graph-file }}"
+        echo "gradle-build-again report file: ${{ steps.gradle-build-again.outputs.dependency-graph-file }}"
+        ls -l dependency-graph-reports
+        if [ ! -e "${{ steps.gradle-assemble.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find gradle-assemble dependency graph file"
+            exit 1
+        fi
+        if [ ! -e "${{ steps.gradle-build.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find gradle-build dependency graph files"
+            exit 1
+        fi
+        if [ ! -e "${{ steps.gradle-build-again.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find gradle-build-again dependency graph files"
+            exit 1
+        fi
+        
+  config-cache:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        dependency-graph: generate-and-submit
+    - id: config-cache-store
+      run: ./gradlew assemble --configuration-cache
+      working-directory: .github/workflow-samples/groovy-dsl
+    - name: Check and delete generated dependency graph
+      shell: bash
+      run: |
+        if [ ! -e "${{ steps.config-cache-store.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find config-cache-store dependency graph files"
+            exit 1
+        fi
+        rm ${{ steps.config-cache-store.outputs.dependency-graph-file }}
+    - id: config-cache-reuse
+      run: ./gradlew assemble --configuration-cache
+      working-directory: .github/workflow-samples/groovy-dsl
+    - name: Check no dependency graph is generated
+      shell: bash
+      run: |
+        if [ ! -z "$(ls -A dependency-graph-reports)" ]; then
+            echo "Expected no dependency graph files to be generated"
+            ls -l dependency-graph-reports
+            exit 1
+        fi        

.github/workflows/integ-test-detect-java-toolchains.yml

@@ -0,0 +1,93 @@
+name: Test detect java toolchains
+
+on:
+  workflow_call:
+    inputs:
+      cache-key-prefix:
+        type: string
+      runner-os:
+        type: string
+        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+      download-dist:
+        type: boolean
+        default: false
+
+env:
+  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: detect-java-toolchain-${{ inputs.cache-key-prefix }}
+  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
+
+jobs:
+  # Test that pre-installed runner JDKs are detected
+  pre-installed-toolchains:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle
+      uses: ./
+    - name: List detected toolchains
+      shell: bash
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: | 
+        gradle --info javaToolchains > output.txt
+        cat output.txt
+    - name: Verify detected toolchains
+      shell: bash
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: | 
+        grep -q 'Eclipse Temurin JDK 1.8' output.txt || (echo "::error::Did not detect preinstalled JDK 1.8" && exit 1)
+        grep -q 'Eclipse Temurin JDK 11' output.txt || (echo "::error::Did not detect preinstalled JDK 11" && exit 1)
+        grep -q 'Eclipse Temurin JDK 17' output.txt || (echo "::error::Did not detect preinstalled JDK 17" && exit 1)
+        grep -q 'Eclipse Temurin JDK 21' output.txt || (echo "::error::Did not detect preinstalled JDK 21" && exit 1)
+
+  # Test that JDKs provisioned by setup-java are detected
+  setup-java-installed-toolchain:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Java 20
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin'
+        java-version: '20'
+    - name: Setup Java 16
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin'
+        java-version: '16'
+    - name: Setup Gradle
+      uses: ./
+    - name: List detected toolchains
+      shell: bash
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: | 
+        gradle --info javaToolchains > output.txt
+        cat output.txt
+    - name: Verify setup JDKs are detected
+      shell: bash
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: | 
+        grep -q 'Eclipse Temurin JDK 16' output.txt || (echo "::error::Did not detect setup-java installed JDK 16" && exit 1)
+        grep -q 'Eclipse Temurin JDK 20' output.txt || (echo "::error::Did not detect setup-java installed JDK 20" && exit 1)
+    - name: Verify pre-installed toolchains are detected
+      shell: bash
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: | 
+        grep -q 'Eclipse Temurin JDK 1.8' output.txt || (echo "::error::Did not detect preinstalled JDK 1.8" && exit 1)
+        grep -q 'Eclipse Temurin JDK 11' output.txt || (echo "::error::Did not detect preinstalled JDK 11" && exit 1)
+        grep -q 'Eclipse Temurin JDK 17' output.txt || (echo "::error::Did not detect preinstalled JDK 17" && exit 1)
+        grep -q 'Eclipse Temurin JDK 21' output.txt || (echo "::error::Did not detect preinstalled JDK 21" && exit 1)

.github/workflows/integ-test-execution-with-caching.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Execute Gradle build
@@ -44,7 +44,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Execute Gradle build

.github/workflows/integ-test-execution.yml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Test use defined Gradle version
@@ -46,12 +46,6 @@ jobs:
         gradle-version: release-candidate
         build-root-directory: .github/workflow-samples/no-wrapper
         arguments: help
-    - name: Test use defined Gradle executable
-      uses: ./
-      with:
-        gradle-executable: .github/workflow-samples/groovy-dsl/gradlew${{ matrix.script-suffix }}
-        build-root-directory: .github/workflow-samples/no-wrapper
-        arguments: help
 
   gradle-versions:
     strategy:
@@ -68,11 +62,11 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Java
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         distribution: temurin
         java-version: 8
@@ -84,11 +78,11 @@ jobs:
         gradle-version: ${{matrix.gradle}}
         build-root-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
         arguments: help -DgradleVersionCheck=${{matrix.gradle}}
-    - name: Check build scan url
+    - name: Check Build Scan url
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
-          core.setFailed('No build scan detected')    
+          core.setFailed('No Build Scan detected')    
   
    

.github/workflows/integ-test-inject-develocity.yml

@@ -0,0 +1,97 @@
+name: Test develocity injection
+
+on:
+  workflow_call:
+    inputs:
+      cache-key-prefix:
+        type: string
+      runner-os:
+        type: string
+        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+      download-dist:
+        type: boolean
+        default: false
+    secrets:
+      DEVELOCITY_ACCESS_KEY:
+        required: true
+
+env:
+  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: provision-gradle-versions-${{ inputs.cache-key-prefix }}
+  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
+
+jobs:
+  inject-develocity:
+    env:
+      DEVELOCITY_INJECTION_ENABLED: true
+      DEVELOCITY_URL: https://ge.solutions-team.gradle.com
+      DEVELOCITY_PLUGIN_VERSION: 3.16.1
+      DEVELOCITY_CCUD_PLUGIN_VERSION: 1.12.1
+      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} # This env var has not (yet) been renamed/aliased in GE plugin 3.16.1
+    strategy:
+      matrix:
+        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        distribution: temurin
+        java-version: 8
+    - name: Setup Gradle
+      id: setup-gradle
+      uses: ./
+      with:
+        cache-read-only: false # For testing, allow writing cache entries on non-default branches
+        gradle-version: ${{ matrix.gradle }}
+    - name: Run Gradle build
+      id: gradle
+      working-directory: .github/workflow-samples/no-ge
+      run: gradle help
+    - name: Check Build Scan url
+      if: ${{ !steps.gradle.outputs.build-scan-url }}
+      uses: actions/github-script@v7
+      with:
+        script: |
+          core.setFailed('No Build Scan detected')   
+
+  build-scan-publish:
+    strategy:
+      matrix:
+        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        distribution: temurin
+        java-version: 8
+    - name: Setup Gradle
+      id: setup-gradle
+      uses: ./
+      with:
+        cache-read-only: false # For testing, allow writing cache entries on non-default branches
+        gradle-version: ${{ matrix.gradle }}
+        build-scan-publish: true
+        build-scan-terms-of-service-url: "https://gradle.com/terms-of-service"
+        build-scan-terms-of-service-agree: "yes"
+    - name: Run Gradle build
+      id: gradle
+      working-directory: .github/workflow-samples/no-ge
+      run: gradle help
+    - name: Check Build Scan url
+      if: ${{ !steps.gradle.outputs.build-scan-url }}
+      uses: actions/github-script@v7
+      with:
+        script: |
+          core.setFailed('No Build Scan detected')   
+

.github/workflows/integ-test-provision-gradle-versions.yml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle with v6.9
@@ -55,6 +55,17 @@ jobs:
     - name: Test use release-candidate
       working-directory: .github/workflow-samples/no-wrapper
       run: gradle help
+    - name: Setup Gradle with current
+      id: gradle-current
+      uses: ./
+      with:
+        gradle-version: current
+    - name: Check current version output parameter
+      if: ${{ !startsWith(steps.gradle-current.outputs.gradle-version , '8.') }}
+      uses: actions/github-script@v7
+      with:
+        script: |
+          core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.gradle-current.outputs.gradle-version }}"')    
   
   gradle-versions:
     strategy:
@@ -71,28 +82,35 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Java
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         distribution: temurin
         java-version: 8
     - name: Setup Gradle
+      id: setup-gradle
       uses: ./
       with:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
         gradle-version: ${{ matrix.gradle }}
+    - name: Check output parameter
+      if: ${{ steps.setup-gradle.outputs.gradle-version != matrix.gradle }}
+      uses: actions/github-script@v7
+      with:
+        script: |
+          core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.setup-gradle.outputs.gradle-version }}"')    
     - name: Run Gradle build
       id: gradle
       working-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
       run: gradle help "-DgradleVersionCheck=${{matrix.gradle}}"
-    - name: Check build scan url
+    - name: Check Build Scan url
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
-          core.setFailed('No build scan detected')    
+          core.setFailed('No Build Scan detected')    
   
    

.github/workflows/integ-test-restore-configuration-cache.yml

@@ -11,6 +11,9 @@ on:
       download-dist:
         type: boolean
         default: false
+    secrets:
+      GRADLE_ENCRYPTION_KEY:
+        required: true
 
 env:
   DOWNLOAD_DIST: ${{ inputs.download-dist }}
@@ -27,16 +30,23 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
+    - name: Setup Java to ensure consistency
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'liberica'
+        java-version: '21'
     - name: Setup Gradle
       uses: ./
       with:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
+        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+        gradle-version: 8.6-rc-1
     - name: Groovy build with configuration-cache enabled
       working-directory: .github/workflow-samples/groovy-dsl
-      run: ./gradlew test --configuration-cache
+      run: gradle test --configuration-cache
 
   verify-build-groovy:
     env:
@@ -48,19 +58,26 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
+    - name: Setup Java to ensure consistency
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'liberica'
+        java-version: '21'
     - name: Setup Gradle
       uses: ./
       with:
         cache-read-only: true
+        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+        gradle-version: 8.6-rc-1
     - name: Groovy build with configuration-cache enabled
       id: execute
       working-directory: .github/workflow-samples/groovy-dsl
-      run: ./gradlew test --configuration-cache
+      run: gradle test --configuration-cache
     - name: Check that configuration-cache was used
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
           const fs = require('fs')
@@ -79,18 +96,25 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
+    - name: Setup Java to ensure consistency
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'liberica'
+        java-version: '21'
     - name: Setup Gradle with no extracted cache entries restored
       uses: ./
       env: 
         GRADLE_BUILD_ACTION_SKIP_RESTORE: "generated-gradle-jars|wrapper-zips|java-toolchains|instrumented-jars|dependencies|kotlin-dsl"
       with:
         cache-read-only: true
+        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+        gradle-version: 8.6-rc-1
     - name: Check execute Gradle build with configuration cache enabled (but not restored)
       working-directory: .github/workflow-samples/groovy-dsl
-      run: ./gradlew test --configuration-cache
+      run: gradle test --configuration-cache
 
   seed-build-kotlin:
     env:
@@ -101,16 +125,23 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
+    - name: Setup Java to ensure consistency
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'liberica'
+        java-version: '21'
     - name: Setup Gradle
       uses: ./
       with:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
+        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+        gradle-version: 8.6-rc-1
     - name: Execute 'help' with configuration-cache enabled
       working-directory: .github/workflow-samples/kotlin-dsl
-      run: ./gradlew help --configuration-cache
+      run: gradle help --configuration-cache
 
   modify-build-kotlin:
     env:
@@ -122,16 +153,23 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
+    - name: Setup Java to ensure consistency
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'liberica'
+        java-version: '21'
     - name: Setup Gradle
       uses: ./
       with:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
+        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+        gradle-version: 8.6-rc-1
     - name: Execute 'test' with configuration-cache enabled
       working-directory: .github/workflow-samples/kotlin-dsl
-      run: ./gradlew test --configuration-cache
+      run: gradle test --configuration-cache
 
   # Test restore configuration-cache from the third build invocation
   verify-build-kotlin:
@@ -144,19 +182,26 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
+    - name: Setup Java to ensure consistency
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'liberica'
+        java-version: '21'
     - name: Setup Gradle
       uses: ./
       with:
         cache-read-only: true
+        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+        gradle-version: 8.6-rc-1
     - name: Execute 'test' again with configuration-cache enabled
       id: execute
       working-directory: .github/workflow-samples/kotlin-dsl
-      run: ./gradlew test --configuration-cache
+      run: gradle test --configuration-cache
     - name: Check that configuration-cache was used
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
           const fs = require('fs')

.github/workflows/integ-test-restore-containerized-gradle-home.yml

@@ -20,11 +20,11 @@ jobs:
     container: fedora:latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Java
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         java-version: 11
         distribution: temurin
@@ -43,11 +43,11 @@ jobs:
     container: fedora:latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Java
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         java-version: 11
         distribution: temurin

.github/workflows/integ-test-restore-custom-gradle-home.yml

@@ -23,7 +23,7 @@ jobs:
         mkdir -p $GITHUB_WORKSPACE/gradle-user-home
         echo "GRADLE_USER_HOME=$GITHUB_WORKSPACE/gradle-user-home" >> $GITHUB_ENV
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -44,7 +44,7 @@ jobs:
         mkdir -p $GITHUB_WORKSPACE/gradle-user-home
         echo "GRADLE_USER_HOME=$GITHUB_WORKSPACE/gradle-user-home" >> $GITHUB_ENV
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -65,7 +65,7 @@ jobs:
         mkdir -p $GITHUB_WORKSPACE/gradle-user-home
         echo "GRADLE_USER_HOME=$GITHUB_WORKSPACE/gradle-user-home" >> $GITHUB_ENV
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle

.github/workflows/integ-test-restore-gradle-home.yml

@@ -26,7 +26,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -46,7 +46,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -66,7 +66,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -86,7 +86,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle with no extracted cache entries restored
@@ -99,3 +99,40 @@ jobs:
       working-directory: .github/workflow-samples/groovy-dsl
       run: ./gradlew test
 
+  # Test that a pre-existing gradle-user-home can be overwritten by the restored cache
+  pre-existing-gradle-home:
+    needs: seed-build
+    strategy:
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Pre-create Gradle User Home
+      shell: bash
+      run: |
+        mkdir -p ~/.gradle/caches
+        touch ~/.gradle/gradle.properties
+        touch ~/.gradle/caches/dummy.txt
+    - name: Setup Gradle
+      uses: ./
+      with:
+        cache-read-only: true
+        cache-overwrite-existing: true
+    - name: Check that pre-existing content still exists
+      shell: bash
+      run: |
+        if [ ! -e ~/.gradle/caches/dummy.txt ]; then
+          echo "::error ::Should find dummy.txt after cache restore"
+          exit 1
+        fi
+        if [ ! -e ~/.gradle/gradle.properties ]; then
+          echo "::error ::Should find gradle.properties after cache restore"
+          exit 1
+        fi
+    - name: Execute Gradle build with --offline
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: ./gradlew test --offline

.github/workflows/integ-test-restore-java-toolchain.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -45,7 +45,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle

.github/workflows/integ-test-sample-gradle-plugin.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -44,7 +44,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle

.github/workflows/integ-test-sample-kotlin-dsl.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle
@@ -44,7 +44,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Download distribution if required
       uses: ./.github/actions/download-dist
     - name: Setup Gradle

.tool-versions

@@ -1,3 +1,3 @@
 # Configuration file for asdf version manager
-nodejs 16.18.1
-gradle 8.1.1
+nodejs 20.10.0
+gradle 8.5

LICENSE

@@ -1,7 +1,7 @@
 
 The MIT License (MIT)
 
-Copyright (c) 2018 GitHub, Inc. and contributors
+Copyright (c) 2023 Gradle Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

action.yml

@@ -1,5 +1,5 @@
 name: "Gradle Build Action"
-description: 'Configures Gradle for use in GitHub actions, caching useful state in the GitHub actions cache'
+description: 'Configures Gradle for GitHub actions, caching state and generating a dependency graph via Dependency Submission.'
 
 # https://help.github.com/en/articles/metadata-syntax-for-github-actions
 
@@ -8,14 +8,6 @@ inputs:
     description: Gradle version to use. If specified, this Gradle version will be downloaded, added to the PATH and used for invoking Gradle.
     required: false
 
-  gradle-executable:
-    description: Path to the Gradle executable. If specified, this executable will be added to the PATH and used for invoking Gradle.
-    required: false
-
-  build-root-directory:
-    description: Path to the root directory of the build. Default is the root of the GitHub workspace.
-    required: false
-
   cache-disabled:
     description: When 'true', all caching is disabled. No entries will be written to or read from the cache.
     required: false
@@ -35,6 +27,18 @@ inputs:
     required: false
     default: false
 
+  cache-overwrite-existing:
+    description: When 'true', a pre-existing Gradle User Home will not prevent the cache from being restored.
+    required: false
+    default: false
+
+  cache-encryption-key:
+    description: |
+      A base64 encoded AES key used to encrypt the configuration-cache data. The key is exported as 'GRADLE_ENCRYPTION_KEY' for later steps. 
+      A suitable key can be generated with `openssl rand -base64 16`.
+      Configuration-cache data will not be saved/restored without an encryption key being provided.
+    required: false
+
   gradle-home-cache-includes:
     description: Paths within Gradle User Home to cache.
     required: false
@@ -49,14 +53,66 @@ inputs:
   #      gradle-home-cache-excludes: |
   #           caches/build-cache-1
 
+  gradle-home-cache-cleanup:
+    description: When 'true', the action will attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
+    required: false
+    default: false
+
+  add-job-summary:
+    description: Specifies when a Job Summary should be inluded in the action results. Valid values are 'never', 'always' (default), and 'on-failure'.
+    required: false
+    default: 'always'
+
+  add-job-summary-as-pr-comment:
+    description: Specifies when each Job Summary should be added as a PR comment. Valid values are 'never' (default), 'always', and 'on-failure'. No action will be taken if the workflow was not triggered from a pull request.
+    required: false
+    default: 'never'
+
+  dependency-graph:
+    description: Specifies if a GitHub dependency snapshot should be generated for each Gradle build, and if so, how. Valid values are 'disabled' (default), 'generate', 'generate-and-submit', 'generate-and-upload', 'download-and-submit' and 'clear'.
+    required: false
+    default: 'disabled'
+
+  dependency-graph-continue-on-failure:
+    description: When 'false' a failure to generate or submit a dependency graph will fail the Step or Job. When 'true' a warning will be emitted but no failure will result.
+    required: false
+    default: true
+
+  artifact-retention-days:
+    description: Specifies the number of days to retain any artifacts generated by the action. If not set, the default retention settings for the repository will apply.
+    required: false
+
+  build-scan-publish:
+    description: |
+      Set to 'true' to automatically publish build results as a Build Scan on scans.gradle.com.
+      For publication to succeed without user input, you must also provide values for `build-scan-terms-of-service-url` and 'build-scan-terms-of-service-agree'.
+    required: false
+    default: false
+
+  build-scan-terms-of-service-url:
+    description: The URL to the Build Scan® terms of service. This input must be set to 'https://gradle.com/terms-of-service'.
+    required: false
+  
+  build-scan-terms-of-service-agree:
+    description: Indicate that you agree to the Build Scan® terms of service. This input value must be "yes".
+    required: false
+
+  # DEPRECATED ACTION INPUTS
   arguments:
     description: Gradle command line arguments (supports multi-line input)
     required: false
+    deprecation-message: Using the action to execute Gradle directly is deprecated in favor of using the action to setup Gradle, and executing Gradle in a subsequent Step. See https://github.com/gradle/gradle-build-action?tab=readme-ov-file#use-the-action-to-setup-gradle. 
+
+  build-root-directory:
+    description: Path to the root directory of the build. Default is the root of the GitHub workspace.
+    required: false
+    deprecation-message: Using the action to execute Gradle directly is deprecated in favor of using the action to setup Gradle, and executing Gradle in a subsequent Step. See https://github.com/gradle/gradle-build-action?tab=readme-ov-file#use-the-action-to-setup-gradle. 
 
   generate-job-summary:
     description: When 'false', no Job Summary will be generated for the Job.
     required: false
     default: true
+    deprecation-message: Superceded by the new 'add-job-summary' and 'add-job-summary-as-pr-comment' parameters.
 
   # EXPERIMENTAL & INTERNAL ACTION INPUTS
   # The following action properties allow fine-grained tweaking of the action caching behaviour.
@@ -66,21 +122,27 @@ inputs:
     description: When 'true', the action will not attempt to restore the Gradle User Home entries from other Jobs.
     required: false
     default: false
+    
   workflow-job-context:
     description: Used to uniquely identify the current job invocation. Defaults to the matrix values for this job; this should not be overridden by users (INTERNAL).
     required: false
     default: ${{ toJSON(matrix) }}
-  gradle-home-cache-cleanup:
-    description: When 'true', the action will attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
+
+  github-token:
+    description: The GitHub token used to authenticate when submitting via the Dependency Submission API.
+    default: ${{ github.token }}
     required: false
-    default: false
 
 outputs:
   build-scan-url:
-    description: Link to the build scan if any
+    description: Link to the Build Scan® generated by a Gradle build. Note that this output applies to a Step executing Gradle, not to the `gradle-build-action` Step itself.
+  dependency-graph-file:
+    description: Path to the GitHub Dependency Graph snapshot file generated by a Gradle build. Note that this output applies to a Step executing Gradle, not to the `gradle-build-action` Step itself.
+  gradle-version:
+    description: Version of Gradle that was setup by the action
 
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/main/index.js'
   post: 'dist/post/index.js'
 

actions/dependency-graph-generate/action.yml

@@ -1,19 +0,0 @@
-name: "Dependency Graph Generate"
-description: Calculates the complete dependency graph for the repository, saving it as a JSON artifact.
-
-inputs:
-  gradle-version:
-    description: Gradle version to use. If specified, this Gradle version will be downloaded, added to the PATH and used for invoking Gradle.
-    required: false
-
-  gradle-executable:
-    description: Path to the Gradle executable. If specified, this executable will be added to the PATH and used for invoking Gradle.
-    required: false
-
-  build-root-directory:
-    description: Path to the root directory of the build. Default is the root of the GitHub workspace.
-    required: false
-
-runs:
-  using: 'node16'
-  main: '../../dist/dependency-graph-generate/index.js'

actions/dependency-graph-submit/action.yml

@@ -1,12 +0,0 @@
-name: "Dependency Graph Submit"
-description: Retrieves a previously created dependency graph JSON and submits via the GitHub Dependency Submission API.
-
-inputs:
-  github-token:
-    description: The GitHub token used to authenticate when submitting via the Dependency Submission API.
-    default: ${{ github.token }}
-    required: false
-
-runs:
-  using: 'node16'
-  main: '../../dist/dependency-graph-submit/index.js'

package.json

@@ -8,15 +8,11 @@
     "format": "prettier --write **/*.ts",
     "format-check": "prettier --check **/*.ts",
     "lint": "eslint src/**/*.ts",
-
     "compile-main": "ncc build src/main.ts --out dist/main --source-map --no-source-map-register",
     "compile-post": "ncc build src/post.ts --out dist/post --source-map --no-source-map-register",
-    "compile-dependency-graph-generate": "ncc build src/dependency-graph-generate.ts --out dist/dependency-graph-generate --source-map --no-source-map-register",
-    "compile-dependency-graph-submit": "ncc build src/dependency-graph-submit.ts --out dist/dependency-graph-submit --source-map --no-source-map-register",
-    "compile": "npm run compile-main && npm run compile-post && npm run compile-dependency-graph-generate && npm run compile-dependency-graph-submit",
-
+    "compile": "npm-run-all --parallel compile-*",
+    "check": "npm-run-all --parallel format lint",
     "test": "jest",
-    "check": "npm run format && npm run lint",
     "build": "npm run check && npm run compile",
     "all": "npm run build && npm test"
   },
@@ -32,31 +28,35 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@actions/artifact": "1.1.1",
-    "@actions/cache": "3.2.1",
-    "@actions/core": "1.10.0",
+    "@actions/artifact": "2.1.0",
+    "@actions/cache": "3.2.3",
+    "@actions/core": "1.10.1",
     "@actions/exec": "1.1.1",
-    "@actions/github": "5.1.1",
+    "@actions/github": "6.0.0",
     "@actions/glob": "0.4.0",
-    "@actions/http-client": "2.1.0",
+    "@actions/http-client": "2.2.0",
     "@actions/tool-cache": "2.0.1",
-    "@octokit/rest": "19.0.11",
+    "@octokit/rest": "19.0.13",
+    "@octokit/webhooks-types": "7.3.1",
+    "semver": "7.5.4",
     "string-argv": "0.3.2"
   },
   "devDependencies": {
-    "@types/node": "16.11.21",
-    "@types/jest": "29.5.2",
-    "@types/unzipper": "0.10.6",
-    "@typescript-eslint/parser": "5.60.1",
-    "@vercel/ncc": "0.36.1",
-    "eslint": "8.43.0",
-    "eslint-plugin-github": "4.8.0",
-    "eslint-plugin-jest": "27.2.1",
-    "jest": "29.5.0",
+    "@types/jest": "29.5.11",
+    "@types/node": "20.10.0",
+    "@types/unzipper": "0.10.9",
+    "@typescript-eslint/parser": "6.19.1",
+    "@vercel/ncc": "0.38.1",
+    "eslint": "8.56.0",
+    "eslint-plugin-github": "4.10.1",
+    "eslint-plugin-jest": "27.6.3",
+    "eslint-plugin-prettier": "5.1.3",
+    "jest": "29.7.0",
     "js-yaml": "4.1.0",
-    "patch-package": "7.0.0",
-    "prettier": "2.8.8",
-    "ts-jest": "29.1.0",
-    "typescript": "5.1.5"
+    "npm-run-all": "4.1.5",
+    "patch-package": "8.0.0",
+    "prettier": "3.2.4",
+    "ts-jest": "29.1.2",
+    "typescript": "5.3.3"
   }
 }

src/build-scan.ts

@@ -0,0 +1,33 @@
+import * as core from '@actions/core'
+import {
+    getBuildScanPublishEnabled,
+    getBuildScanTermsOfServiceUrl,
+    getBuildScanTermsOfServiceAgree
+} from './input-params'
+
+export function setup(): void {
+    if (getBuildScanPublishEnabled() && verifyTermsOfServiceAgreement()) {
+        maybeExportVariable('DEVELOCITY_INJECTION_ENABLED', 'true')
+        maybeExportVariable('DEVELOCITY_PLUGIN_VERSION', '3.16.1')
+        maybeExportVariable('DEVELOCITY_CCUD_PLUGIN_VERSION', '1.12.1')
+        maybeExportVariable('BUILD_SCAN_TERMS_OF_SERVICE_URL', getBuildScanTermsOfServiceUrl())
+        maybeExportVariable('BUILD_SCAN_TERMS_OF_SERVICE_AGREE', getBuildScanTermsOfServiceAgree())
+    }
+}
+
+function verifyTermsOfServiceAgreement(): boolean {
+    if (
+        getBuildScanTermsOfServiceUrl() !== 'https://gradle.com/terms-of-service' ||
+        getBuildScanTermsOfServiceAgree() !== 'yes'
+    ) {
+        core.warning(`Terms of service must be agreed in order to publish build scans.`)
+        return false
+    }
+    return true
+}
+
+function maybeExportVariable(variableName: string, value: unknown): void {
+    if (!process.env[variableName]) {
+        core.exportVariable(variableName, value)
+    }
+}

src/cache-base.ts

@@ -1,11 +1,13 @@
 import * as core from '@actions/core'
 import * as exec from '@actions/exec'
+import * as glob from '@actions/glob'
+
 import path from 'path'
 import fs from 'fs'
 import * as params from './input-params'
 import {CacheListener} from './cache-reporting'
 import {saveCache, restoreCache, cacheDebug, isCacheDebuggingEnabled, tryDelete, generateCacheKey} from './cache-utils'
-import {GradleHomeEntryExtractor} from './cache-extract-entries'
+import {GradleHomeEntryExtractor, ConfigurationCacheEntryExtractor} from './cache-extract-entries'
 
 const RESTORED_CACHE_KEY_KEY = 'restored-cache-key'
 
@@ -15,22 +17,24 @@ export class GradleStateCache {
     private cacheName: string
     private cacheDescription: string
 
+    protected readonly userHome: string
     protected readonly gradleUserHome: string
 
-    constructor(gradleUserHome: string) {
+    constructor(userHome: string, gradleUserHome: string) {
+        this.userHome = userHome
         this.gradleUserHome = gradleUserHome
         this.cacheName = 'gradle'
         this.cacheDescription = 'Gradle User Home'
     }
 
     init(): void {
-        const actionCacheDir = path.resolve(this.gradleUserHome, '.gradle-build-action')
-        fs.mkdirSync(actionCacheDir, {recursive: true})
+        this.initializeGradleUserHome()
 
-        const initScriptsDir = path.resolve(this.gradleUserHome, 'init.d')
-        fs.mkdirSync(initScriptsDir, {recursive: true})
-
-        this.initializeGradleUserHome(this.gradleUserHome, initScriptsDir)
+        // Export the GRADLE_ENCRYPTION_KEY variable if provided
+        const encryptionKey = params.getCacheEncryptionKey()
+        if (encryptionKey) {
+            core.exportVariable('GRADLE_ENCRYPTION_KEY', encryptionKey)
+        }
     }
 
     cacheOutputExists(): boolean {
@@ -79,7 +83,7 @@ export class GradleStateCache {
     async afterRestore(listener: CacheListener): Promise<void> {
         await this.debugReportGradleUserHomeSize('as restored from cache')
         await new GradleHomeEntryExtractor(this.gradleUserHome).restore(listener)
-        // await new ConfigurationCacheEntryExtractor(this.gradleUserHome).restore(listener)
+        await new ConfigurationCacheEntryExtractor(this.gradleUserHome).restore(listener)
         await this.debugReportGradleUserHomeSize('after restoring common artifacts')
     }
 
@@ -127,10 +131,10 @@ export class GradleStateCache {
      */
     async beforeSave(listener: CacheListener): Promise<void> {
         await this.debugReportGradleUserHomeSize('before saving common artifacts')
-        this.deleteExcludedPaths()
+        await this.deleteExcludedPaths()
         await Promise.all([
-            new GradleHomeEntryExtractor(this.gradleUserHome).extract(listener)
-            // new ConfigurationCacheEntryExtractor(this.gradleUserHome).extract(listener)
+            new GradleHomeEntryExtractor(this.gradleUserHome).extract(listener),
+            new ConfigurationCacheEntryExtractor(this.gradleUserHome).extract(listener)
         ])
         await this.debugReportGradleUserHomeSize(
             "after extracting common artifacts (only 'caches' and 'notifications' will be stored)"
@@ -140,13 +144,21 @@ export class GradleStateCache {
     /**
      * Delete any file paths that are excluded by the `gradle-home-cache-excludes` parameter.
      */
-    private deleteExcludedPaths(): void {
+    private async deleteExcludedPaths(): Promise<void> {
         const rawPaths: string[] = params.getCacheExcludes()
+        rawPaths.push('caches/*/cc-keystore')
         const resolvedPaths = rawPaths.map(x => path.resolve(this.gradleUserHome, x))
 
         for (const p of resolvedPaths) {
-            cacheDebug(`Deleting excluded path: ${p}`)
-            tryDelete(p)
+            cacheDebug(`Removing excluded path: ${p}`)
+            const globber = await glob.create(p, {
+                implicitDescendants: false
+            })
+
+            for (const toDelete of await globber.glob()) {
+                cacheDebug(`Removing excluded file: ${toDelete}`)
+                await tryDelete(toDelete)
+            }
         }
     }
 
@@ -171,18 +183,59 @@ export class GradleStateCache {
         return path.resolve(this.gradleUserHome, rawPath)
     }
 
-    private initializeGradleUserHome(gradleUserHome: string, initScriptsDir: string): void {
-        const initScriptFilenames = ['build-result-capture.init.gradle', 'build-result-capture-service.plugin.groovy']
+    private initializeGradleUserHome(): void {
+        // Create a directory for storing action metadata
+        const actionCacheDir = path.resolve(this.gradleUserHome, '.gradle-build-action')
+        fs.mkdirSync(actionCacheDir, {recursive: true})
+
+        this.copyInitScripts()
+
+        // Copy the default toolchain definitions to `~/.m2/toolchains.xml`
+        this.registerToolchains()
+    }
+
+    private copyInitScripts(): void {
+        // Copy init scripts from src/resources to Gradle UserHome
+        const initScriptsDir = path.resolve(this.gradleUserHome, 'init.d')
+        fs.mkdirSync(initScriptsDir, {recursive: true})
+        const initScriptFilenames = [
+            'gradle-build-action.build-result-capture.init.gradle',
+            'gradle-build-action.build-result-capture-service.plugin.groovy',
+            'gradle-build-action.github-dependency-graph.init.gradle',
+            'gradle-build-action.github-dependency-graph-gradle-plugin-apply.groovy',
+            'gradle-build-action.inject-develocity.init.gradle'
+        ]
         for (const initScriptFilename of initScriptFilenames) {
-            const initScriptContent = this.readInitScriptAsString(initScriptFilename)
+            const initScriptContent = this.readResourceFileAsString('init-scripts', initScriptFilename)
             const initScriptPath = path.resolve(initScriptsDir, initScriptFilename)
             fs.writeFileSync(initScriptPath, initScriptContent)
         }
     }
 
-    private readInitScriptAsString(resource: string): string {
+    private registerToolchains(): void {
+        const preInstalledToolchains = this.readResourceFileAsString('toolchains.xml')
+        const m2dir = path.resolve(this.userHome, '.m2')
+        const toolchainXmlTarget = path.resolve(m2dir, 'toolchains.xml')
+        if (!fs.existsSync(toolchainXmlTarget)) {
+            // Write a new toolchains.xml file if it doesn't exist
+            fs.mkdirSync(m2dir, {recursive: true})
+            fs.writeFileSync(toolchainXmlTarget, preInstalledToolchains)
+
+            core.info(`Wrote default JDK locations to ${toolchainXmlTarget}`)
+        } else {
+            // Merge into an existing toolchains.xml file
+            const existingToolchainContent = fs.readFileSync(toolchainXmlTarget, 'utf8')
+            const appendedContent = preInstalledToolchains.split('<toolchains>').pop()!
+            const mergedContent = existingToolchainContent.replace('</toolchains>', appendedContent)
+
+            fs.writeFileSync(toolchainXmlTarget, mergedContent)
+            core.info(`Merged default JDK locations into ${toolchainXmlTarget}`)
+        }
+    }
+
+    private readResourceFileAsString(...paths: string[]): string {
         // Resolving relative to __dirname will allow node to find the resource at runtime
-        const absolutePath = path.resolve(__dirname, '..', '..', 'src', 'resources', 'init-scripts', resource)
+        const absolutePath = path.resolve(__dirname, '..', '..', 'src', 'resources', ...paths)
         return fs.readFileSync(absolutePath, 'utf8')
     }
 

src/cache-cleaner.ts

@@ -42,7 +42,8 @@ export class CacheCleaner {
         )
         fs.writeFileSync(path.resolve(cleanupProjectDir, 'build.gradle'), 'task("noop") {}')
 
-        await exec.exec(`gradle -g ${this.gradleUserHome} --no-daemon --build-cache --no-scan --quiet noop`, [], {
+        const gradleCommand = `gradle -g ${this.gradleUserHome} --no-daemon --build-cache --no-scan --quiet -DGITHUB_DEPENDENCY_GRAPH_ENABLED=false noop`
+        await exec.exec(gradleCommand, [], {
             cwd: cleanupProjectDir
         })
     }

src/cache-extract-entries.ts

@@ -2,13 +2,14 @@ import path from 'path'
 import fs from 'fs'
 import * as core from '@actions/core'
 import * as glob from '@actions/glob'
+import * as semver from 'semver'
 
 import * as params from './input-params'
 
 import {META_FILE_DIR} from './cache-base'
 import {CacheEntryListener, CacheListener} from './cache-reporting'
 import {cacheDebug, getCacheKeyPrefix, hashFileNames, restoreCache, saveCache, tryDelete} from './cache-utils'
-import {loadBuildResults} from './build-results'
+import {BuildResult, loadBuildResults} from './build-results'
 
 const SKIP_RESTORE_VAR = 'GRADLE_BUILD_ACTION_SKIP_RESTORE'
 
@@ -46,6 +47,7 @@ class ExtractedCacheEntryDefinition {
     pattern: string
     bundle: boolean
     uniqueFileNames = true
+    notCacheableReason: string | undefined
 
     constructor(artifactType: string, pattern: string, bundle: boolean) {
         this.artifactType = artifactType
@@ -53,10 +55,24 @@ class ExtractedCacheEntryDefinition {
         this.bundle = bundle
     }
 
+    /**
+     * Indicate that the file names matching the cache entry pattern are NOT sufficient to uniquely identify the contents.
+     * If the file names are sufficient, then we use a hash of the file names to identify the entry.
+     * With non-unique-file-names, we hash the file contents to identify the cache entry.
+     */
     withNonUniqueFileNames(): ExtractedCacheEntryDefinition {
         this.uniqueFileNames = false
         return this
     }
+
+    /**
+     * Specify that the cache entry, should not be saved for some reason, even though the contents exist.
+     * This is used to prevent configuration-cache entries being cached when they were generated by Gradle < 8.6,
+     */
+    notCacheableBecause(reason: string): ExtractedCacheEntryDefinition {
+        this.notCacheableReason = reason
+        return this
+    }
 }
 
 /**
@@ -142,6 +158,11 @@ abstract class AbstractEntryExtractor {
             const artifactType = cacheEntryDefinition.artifactType
             const pattern = cacheEntryDefinition.pattern
 
+            if (cacheEntryDefinition.notCacheableReason) {
+                listener.entry(pattern).markNotSaved(cacheEntryDefinition.notCacheableReason)
+                continue
+            }
+
             // Find all matching files for this cache entry definition
             const globber = await glob.create(pattern, {
                 implicitDescendants: false
@@ -256,7 +277,7 @@ abstract class AbstractEntryExtractor {
         }
 
         const filedata = fs.readFileSync(cacheMetadataFile, 'utf-8')
-        cacheDebug(`Loaded cache metadata: ${filedata}`)
+        cacheDebug(`Loaded cache metadata for ${this.extractorName}: ${filedata}`)
         const extractedCacheEntryMetadata = JSON.parse(filedata) as ExtractedCacheEntryMetadata
         return extractedCacheEntryMetadata.entries
     }
@@ -264,12 +285,12 @@ abstract class AbstractEntryExtractor {
     /**
      * Saves information about the extracted cache entries into the 'cache-metadata.json' file.
      */
-    private saveMetadataForCacheResults(results: ExtractedCacheEntry[]): void {
+    protected saveMetadataForCacheResults(results: ExtractedCacheEntry[]): void {
         const extractedCacheEntryMetadata = new ExtractedCacheEntryMetadata()
         extractedCacheEntryMetadata.entries = results.filter(x => x.cacheKey !== undefined)
 
         const filedata = JSON.stringify(extractedCacheEntryMetadata)
-        cacheDebug(`Saving cache metadata: ${filedata}`)
+        cacheDebug(`Saving cache metadata for ${this.extractorName}: ${filedata}`)
 
         fs.writeFileSync(this.getCacheMetadataFile(), filedata, 'utf-8')
     }
@@ -351,37 +372,96 @@ export class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
      * entry is not reusable.
      */
     async restore(listener: CacheListener): Promise<void> {
-        if (listener.fullyRestored) {
-            return super.restore(listener)
+        if (!listener.fullyRestored) {
+            this.markNotRestored(listener, 'Gradle User Home was not fully restored')
+            return
         }
 
-        core.info('Not restoring configuration-cache state, as Gradle User Home was not fully restored')
-        for (const cacheEntry of this.loadExtractedCacheEntries()) {
-            listener.entry(cacheEntry.pattern).markRequested('NOT_RESTORED')
+        if (!params.getCacheEncryptionKey()) {
+            this.markNotRestored(listener, 'Encryption Key was not provided')
+            return
         }
+
+        return await super.restore(listener)
+    }
+
+    private markNotRestored(listener: CacheListener, reason: string): void {
+        const cacheEntries = this.loadExtractedCacheEntries()
+        if (cacheEntries.length > 0) {
+            core.info(`Not restoring configuration-cache state, as ${reason}`)
+            for (const cacheEntry of cacheEntries) {
+                listener.entry(cacheEntry.pattern).markNotRestored(reason)
+            }
+
+            // Update the results file based on no entries restored
+            this.saveMetadataForCacheResults([])
+        }
+    }
+
+    async extract(listener: CacheListener): Promise<void> {
+        if (!params.getCacheEncryptionKey()) {
+            const cacheEntryDefinitions = this.getExtractedCacheEntryDefinitions()
+            if (cacheEntryDefinitions.length > 0) {
+                core.info('Not saving configuration-cache state, as no encryption key was provided')
+                for (const cacheEntry of cacheEntryDefinitions) {
+                    listener.entry(cacheEntry.pattern).markNotSaved('No encryption key provided')
+                }
+            }
+            return
+        }
+
+        await super.extract(listener)
     }
 
     /**
      * Extract cache entries for the configuration cache in each project.
      */
     protected getExtractedCacheEntryDefinitions(): ExtractedCacheEntryDefinition[] {
-        return this.getProjectRoots().map(projectRoot => {
-            const configCachePath = path.resolve(projectRoot, '.gradle/configuration-cache')
-            return new ExtractedCacheEntryDefinition(
+        // Group BuildResult by existing configCacheDir
+        const groupedResults = this.getConfigCacheDirectoriesWithAssociatedBuildResults()
+
+        return Object.entries(groupedResults).map(([configCachePath, pathResults]) => {
+            // Create a entry definition for each unique configuration cache directory
+            const definition = new ExtractedCacheEntryDefinition(
                 'configuration-cache',
                 configCachePath,
                 true
             ).withNonUniqueFileNames()
+
+            // If any associated build result used Gradle < 8.6, then mark it as not cacheable
+            if (
+                pathResults.find(result => {
+                    const gradleVersion = semver.coerce(result.gradleVersion)
+                    return gradleVersion && semver.lt(gradleVersion, '8.6.0')
+                })
+            ) {
+                core.info(
+                    `Not saving config-cache data for ${configCachePath}. Configuration cache data is only saved for Gradle 8.6+`
+                )
+                definition.notCacheableBecause('Configuration cache data only saved for Gradle 8.6+')
+            }
+            return definition
         })
     }
 
-    /**
-     * For every Gradle invocation, we record the project root directory. This method returns the entire
-     * set of project roots, to allow saving of configuration-cache entries for each.
-     */
-    private getProjectRoots(): string[] {
-        const buildResults = loadBuildResults()
-        const projectRootDirs = buildResults.map(x => x.rootProjectDir)
-        return [...new Set(projectRootDirs)] // Remove duplicates
+    private getConfigCacheDirectoriesWithAssociatedBuildResults(): Record<string, BuildResult[]> {
+        return loadBuildResults().reduce(
+            (acc, buildResult) => {
+                // For each build result, find the config-cache dir
+                const configCachePath = path.resolve(buildResult.rootProjectDir, '.gradle/configuration-cache')
+                // Ignore case where config-cache dir doesn't exist
+                if (!fs.existsSync(configCachePath)) {
+                    return acc
+                }
+
+                // Group by unique config cache directories and collect associated build results
+                if (!acc[configCachePath]) {
+                    acc[configCachePath] = []
+                }
+                acc[configCachePath].push(buildResult)
+                return acc
+            },
+            {} as Record<string, BuildResult[]>
+        )
     }
 }

src/cache-reporting.ts

@@ -1,4 +1,3 @@
-import * as core from '@actions/core'
 import * as cache from '@actions/cache'
 
 /**
@@ -10,6 +9,7 @@ export class CacheListener {
     cacheReadOnly = false
     cacheWriteOnly = false
     cacheDisabled = false
+    cacheDisabledReason = 'disabled'
 
     get fullyRestored(): boolean {
         return this.cacheEntries.every(x => !x.wasRequestedButNotRestored())
@@ -17,7 +17,7 @@ export class CacheListener {
 
     get cacheStatus(): string {
         if (!cache.isFeatureAvailable()) return 'not available'
-        if (this.cacheDisabled) return 'disabled'
+        if (this.cacheDisabled) return this.cacheDisabledReason
         if (this.cacheWriteOnly) return 'write-only'
         if (this.cacheReadOnly) return 'read-only'
         return 'enabled'
@@ -111,47 +111,36 @@ export class CacheEntryListener {
     }
 }
 
-export function writeCachingReport(listener: CacheListener): void {
+export function generateCachingReport(listener: CacheListener): string {
     const entries = listener.cacheEntries
 
-    core.summary.addRaw(
-        `\n<details><summary><h4>Caching for gradle-build-action was ${listener.cacheStatus} - expand for details</h4></summary>\n`
-    )
+    return `
+<details>
+<summary><h4>Caching for gradle-build-action was ${listener.cacheStatus} - expand for details</h4></summary>
+${renderEntryTable(entries)}
 
-    core.summary.addTable([
-        [
-            {data: '', header: true},
-            {data: 'Count', header: true},
-            {data: 'Total Size (Mb)', header: true}
-        ],
-        ['Entries Restored', `${getCount(entries, e => e.restoredSize)}`, `${getSize(entries, e => e.restoredSize)}`],
-        ['Entries Saved', `${getCount(entries, e => e.savedSize)}`, `${getSize(entries, e => e.savedSize)}`]
-    ])
-
-    core.summary.addHeading('Cache Entry Details', 5)
-
-    const entryDetails = renderEntryDetails(listener)
-    core.summary.addRaw(`<pre>
-${entryDetails}
+<h5>Cache Entry Details</h5>
+<pre>
+    ${renderEntryDetails(listener)}
 </pre>
 </details>
-`)
+    `
 }
 
-export function logCachingReport(listener: CacheListener): void {
-    const entries = listener.cacheEntries
-
-    core.startGroup(`Caching for gradle-build-action was ${listener.cacheStatus} - expand for details`)
-
-    core.info(
-        `Entries Restored: ${getCount(entries, e => e.restoredSize)} (${getSize(entries, e => e.restoredSize)} Mb)`
-    )
-    core.info(`Entries Saved   : ${getCount(entries, e => e.savedSize)} (${getSize(entries, e => e.savedSize)} Mb)`)
-
-    core.info(`Cache Entry Details`)
-    core.info(renderEntryDetails(listener))
-
-    core.endGroup()
+function renderEntryTable(entries: CacheEntryListener[]): string {
+    return `
+<table>
+    <tr><td></td><th>Count</th><th>Total Size (Mb)</th></tr>
+    <tr><td>Entries Restored</td>
+        <td>${getCount(entries, e => e.restoredSize)}</td>
+        <td>${getSize(entries, e => e.restoredSize)}</td>
+    </tr>
+    <tr><td>Entries Saved</td>
+        <td>${getCount(entries, e => e.savedSize)}</td>
+        <td>${getSize(entries, e => e.savedSize)}</td>
+    </tr>
+</table>
+    `
 }
 
 function renderEntryDetails(listener: CacheListener): string {
@@ -197,6 +186,9 @@ function getSavedMessage(entry: CacheEntryListener, cacheReadOnly: boolean): str
         if (cacheReadOnly) {
             return '(Entry not saved: cache is read-only)'
         }
+        if (entry.notRestored) {
+            return '(Entry not saved: not restored)'
+        }
         return '(Entry not saved: reason unknown)'
     }
     if (entry.savedSize === 0) {

src/cache-utils.ts

@@ -11,7 +11,7 @@ import * as params from './input-params'
 
 import {CacheEntryListener} from './cache-reporting'
 
-const CACHE_PROTOCOL_VERSION = 'v8-'
+const CACHE_PROTOCOL_VERSION = 'v9-'
 
 const CACHE_KEY_PREFIX_VAR = 'GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX'
 const CACHE_KEY_OS_VAR = 'GRADLE_BUILD_ACTION_CACHE_KEY_ENVIRONMENT'
@@ -37,6 +37,10 @@ export function isCacheWriteOnly(): boolean {
     return params.isCacheWriteOnly()
 }
 
+export function isCacheOverwriteExisting(): boolean {
+    return params.isCacheOverwriteExisting()
+}
+
 export function isCacheDebuggingEnabled(): boolean {
     return params.isCacheDebuggingEnabled()
 }
@@ -66,7 +70,7 @@ export class CacheKey {
  * - The cache protocol version
  * - The name of the cache
  * - The runner operating system
- * - The name of the Job being executed
+ * - The name of the workflow and Job being executed
  * - The matrix values for the Job being executed (job context)
  * - The SHA of the commit being executed
  *
@@ -82,10 +86,10 @@ export function generateCacheKey(cacheName: string): CacheKey {
     // At the most general level, share caches for all executions on the same OS
     const cacheKeyForEnvironment = `${cacheKeyBase}|${getCacheKeyEnvironment()}`
 
-    // Prefer caches that run this job
+    // Then prefer caches that run job with the same ID
     const cacheKeyForJob = `${cacheKeyForEnvironment}|${getCacheKeyJob()}`
 
-    // Prefer (even more) jobs that run this job with the same context (matrix)
+    // Prefer (even more) jobs that run this job in the same workflow with the same context (matrix)
     const cacheKeyForJobContext = `${cacheKeyForJob}[${getCacheKeyJobInstance()}]`
 
     // Exact match on Git SHA
@@ -109,12 +113,7 @@ function getCacheKeyEnvironment(): string {
 }
 
 function getCacheKeyJob(): string {
-    return process.env[CACHE_KEY_JOB_VAR] || getCacheKeyForJob(github.context.workflow, github.context.job)
-}
-
-export function getCacheKeyForJob(workflowName: string, jobId: string): string {
-    const sanitizedWorkflow = workflowName.replace(/,/g, '').toLowerCase()
-    return `${sanitizedWorkflow}-${jobId}`
+    return process.env[CACHE_KEY_JOB_VAR] || github.context.job
 }
 
 function getCacheKeyJobInstance(): string {
@@ -123,10 +122,11 @@ function getCacheKeyJobInstance(): string {
         return override
     }
 
-    // By default, we hash the full `matrix` data for the run, to uniquely identify this job invocation
+    // By default, we hash the workflow name and the full `matrix` data for the run, to uniquely identify this job invocation
     // The only way we can obtain the `matrix` data is via the `workflow-job-context` parameter in action.yml.
-    const workflowJobContext = params.getJobContext()
-    return hashStrings([workflowJobContext])
+    const workflowName = github.context.workflow
+    const workflowJobContext = params.getJobMatrix()
+    return hashStrings([workflowName, workflowJobContext])
 }
 
 function getCacheKeyJobExecution(): string {

src/caches.ts

@@ -1,5 +1,11 @@
 import * as core from '@actions/core'
-import {isCacheCleanupEnabled, isCacheDisabled, isCacheReadOnly, isCacheWriteOnly} from './cache-utils'
+import {
+    isCacheCleanupEnabled,
+    isCacheDisabled,
+    isCacheReadOnly,
+    isCacheWriteOnly,
+    isCacheOverwriteExisting
+} from './cache-utils'
 import {CacheListener} from './cache-reporting'
 import {DaemonController} from './daemon-controller'
 import {GradleStateCache} from './cache-base'
@@ -7,7 +13,7 @@ import {CacheCleaner} from './cache-cleaner'
 
 const CACHE_RESTORED_VAR = 'GRADLE_BUILD_ACTION_CACHE_RESTORED'
 
-export async function restore(gradleUserHome: string, cacheListener: CacheListener): Promise<void> {
+export async function restore(userHome: string, gradleUserHome: string, cacheListener: CacheListener): Promise<void> {
     // Bypass restore cache on all but first action step in workflow.
     if (process.env[CACHE_RESTORED_VAR]) {
         core.info('Cache only restored on first action step.')
@@ -15,7 +21,7 @@ export async function restore(gradleUserHome: string, cacheListener: CacheListen
     }
     core.exportVariable(CACHE_RESTORED_VAR, true)
 
-    const gradleStateCache = new GradleStateCache(gradleUserHome)
+    const gradleStateCache = new GradleStateCache(userHome, gradleUserHome)
 
     if (isCacheDisabled()) {
         core.info('Cache is disabled: will not restore state from previous builds.')
@@ -26,11 +32,16 @@ export async function restore(gradleUserHome: string, cacheListener: CacheListen
     }
 
     if (gradleStateCache.cacheOutputExists()) {
+        if (!isCacheOverwriteExisting()) {
             core.info('Gradle User Home already exists: will not restore from cache.')
             // Initialize pre-existing Gradle User Home.
             gradleStateCache.init()
+            cacheListener.cacheDisabled = true
+            cacheListener.cacheDisabledReason = 'disabled due to pre-existing Gradle User Home'
             return
         }
+        core.info('Gradle User Home already exists: will overwrite with cached contents.')
+    }
 
     gradleStateCache.init()
     // Mark the state as restored so that post-action will perform save.
@@ -54,6 +65,7 @@ export async function restore(gradleUserHome: string, cacheListener: CacheListen
 }
 
 export async function save(
+    userHome: string,
     gradleUserHome: string,
     cacheListener: CacheListener,
     daemonController: DaemonController
@@ -79,10 +91,14 @@ export async function save(
     if (isCacheCleanupEnabled()) {
         core.info('Forcing cache cleanup.')
         const cacheCleaner = new CacheCleaner(gradleUserHome, process.env['RUNNER_TEMP']!)
+        try {
             await cacheCleaner.forceCleanup()
+        } catch (e) {
+            core.warning(`Cache cleanup failed. Will continue. ${String(e)}`)
+        }
     }
 
     await core.group('Caching Gradle state', async () => {
-        return new GradleStateCache(gradleUserHome).save(cacheListener)
+        return new GradleStateCache(userHome, gradleUserHome).save(cacheListener)
     })
 }

src/dependency-graph-generate.ts

@@ -1,24 +0,0 @@
-import * as core from '@actions/core'
-
-import * as provisioner from './provision'
-import * as dependencyGraph from './dependency-graph'
-
-/**
- * The main entry point for the action, called by Github Actions for the step.
- */
-export async function run(): Promise<void> {
-    try {
-        // Download and install Gradle if required
-        const executable = await provisioner.provisionGradle()
-
-        // Generate and upload dependency graph artifact
-        await dependencyGraph.generateDependencyGraph(executable)
-    } catch (error) {
-        core.setFailed(String(error))
-        if (error instanceof Error && error.stack) {
-            core.info(error.stack)
-        }
-    }
-}
-
-run()

src/dependency-graph-submit.ts

@@ -1,16 +0,0 @@
-import * as core from '@actions/core'
-import * as dependencyGraph from './dependency-graph'
-
-export async function run(): Promise<void> {
-    try {
-        // Retrieve the dependency graph artifact and submit via Dependency Submission API
-        await dependencyGraph.submitDependencyGraph()
-    } catch (error) {
-        core.setFailed(String(error))
-        if (error instanceof Error && error.stack) {
-            core.info(error.stack)
-        }
-    }
-}
-
-run()

src/dependency-graph.ts

@@ -1,66 +1,135 @@
 import * as core from '@actions/core'
-import * as artifact from '@actions/artifact'
 import * as github from '@actions/github'
 import * as glob from '@actions/glob'
-import * as toolCache from '@actions/tool-cache'
-import {Octokit} from '@octokit/rest'
+import {DefaultArtifactClient} from '@actions/artifact'
+import {GitHub} from '@actions/github/lib/utils'
+import {RequestError} from '@octokit/request-error'
+import type {PullRequestEvent} from '@octokit/webhooks-types'
 
 import * as path from 'path'
 import fs from 'fs'
 
-import * as execution from './execution'
 import * as layout from './repository-layout'
+import {PostActionJobFailure} from './errors'
+import {
+    DependencyGraphOption,
+    getDependencyGraphContinueOnFailure,
+    getJobMatrix,
+    getArtifactRetentionDays
+} from './input-params'
 
-const DEPENDENCY_GRAPH_ARTIFACT = 'dependency-graph'
-const DEPENDENCY_GRAPH_FILE = 'dependency-graph.json'
+const DEPENDENCY_GRAPH_PREFIX = 'dependency-graph_'
 
-export async function generateDependencyGraph(executable: string | undefined): Promise<void> {
-    const workspaceDirectory = layout.workspaceDirectory()
-    const buildRootDirectory = layout.buildRootDirectory()
-    const buildPath = getRelativePathFromWorkspace(buildRootDirectory)
+export async function setup(option: DependencyGraphOption): Promise<void> {
+    if (option === DependencyGraphOption.Disabled) {
+        return
+    }
+    // Download and submit early, for compatability with dependency review.
+    if (option === DependencyGraphOption.DownloadAndSubmit) {
+        await downloadAndSubmitDependencyGraphs()
+        return
+    }
 
-    const initScript = path.resolve(
-        __dirname,
-        '..',
-        '..',
-        'src',
-        'resources',
-        'init-scripts',
-        'github-dependency-graph.init.gradle'
-    )
-    const args = [
-        `-Dorg.gradle.github.env.GRADLE_BUILD_PATH=${buildPath}`,
-        '--init-script',
-        initScript,
-        ':GitHubDependencyGraphPlugin_generateDependencyGraph'
-    ]
-
-    await execution.executeGradleBuild(executable, buildRootDirectory, args)
-    const dependencyGraphJson = copyDependencyGraphToBuildRoot(buildRootDirectory)
-
-    const artifactClient = artifact.create()
-    artifactClient.uploadArtifact(DEPENDENCY_GRAPH_ARTIFACT, [dependencyGraphJson], workspaceDirectory)
-}
-
-function copyDependencyGraphToBuildRoot(buildRootDirectory: string): string {
-    const sourceFile = path.resolve(
-        buildRootDirectory,
-        'build',
-        'reports',
-        'github-dependency-graph-plugin',
-        'github-dependency-snapshot.json'
+    core.info('Enabling dependency graph generation')
+    maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_ENABLED', 'true')
+    maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_CONTINUE_ON_FAILURE', getDependencyGraphContinueOnFailure())
+    maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR', getJobCorrelator())
+    maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_ID', github.context.runId)
+    maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_REF', github.context.ref)
+    maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_SHA', getShaFromContext())
+    maybeExportVariable('GITHUB_DEPENDENCY_GRAPH_WORKSPACE', layout.workspaceDirectory())
+    maybeExportVariable(
+        'DEPENDENCY_GRAPH_REPORT_DIR',
+        path.resolve(layout.workspaceDirectory(), 'dependency-graph-reports')
     )
 
-    const destFile = path.resolve(buildRootDirectory, DEPENDENCY_GRAPH_FILE)
-    fs.copyFileSync(sourceFile, destFile)
-    return destFile
+    // To clear the dependency graph, we generate an empty graph by excluding all projects and configurations
+    if (option === DependencyGraphOption.Clear) {
+        core.exportVariable('DEPENDENCY_GRAPH_INCLUDE_PROJECTS', '')
+        core.exportVariable('DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS', '')
+    }
 }
 
-export async function submitDependencyGraph(): Promise<void> {
-    const workspaceDirectory = layout.workspaceDirectory()
-    const octokit: Octokit = getOctokit()
+function maybeExportVariable(variableName: string, value: unknown): void {
+    if (!process.env[variableName]) {
+        core.exportVariable(variableName, value)
+    }
+}
 
-    for (const jsonFile of await retrieveDependencyGraphs(octokit, workspaceDirectory)) {
+export async function complete(option: DependencyGraphOption): Promise<void> {
+    try {
+        switch (option) {
+            case DependencyGraphOption.Disabled:
+            case DependencyGraphOption.Generate: // Performed via init-script: nothing to do here
+            case DependencyGraphOption.DownloadAndSubmit: // Performed in setup
+                return
+            case DependencyGraphOption.GenerateAndSubmit:
+            case DependencyGraphOption.Clear: // Submit the empty dependency graph
+                await submitDependencyGraphs(await findGeneratedDependencyGraphFiles())
+                return
+            case DependencyGraphOption.GenerateAndUpload:
+                await uploadDependencyGraphs(await findGeneratedDependencyGraphFiles())
+        }
+    } catch (e) {
+        warnOrFail(option, e)
+    }
+}
+
+async function findGeneratedDependencyGraphFiles(): Promise<string[]> {
+    const workspaceDirectory = layout.workspaceDirectory()
+    return await findDependencyGraphFiles(workspaceDirectory)
+}
+
+async function uploadDependencyGraphs(dependencyGraphFiles: string[]): Promise<void> {
+    const workspaceDirectory = layout.workspaceDirectory()
+
+    const artifactClient = new DefaultArtifactClient()
+    for (const dependencyGraphFile of dependencyGraphFiles) {
+        const relativePath = getRelativePathFromWorkspace(dependencyGraphFile)
+        core.info(`Uploading dependency graph file: ${relativePath}`)
+        const artifactName = `${DEPENDENCY_GRAPH_PREFIX}${path.basename(dependencyGraphFile)}`
+        await artifactClient.uploadArtifact(artifactName, [dependencyGraphFile], workspaceDirectory, {
+            retentionDays: getArtifactRetentionDays()
+        })
+    }
+}
+
+async function downloadAndSubmitDependencyGraphs(): Promise<void> {
+    try {
+        await submitDependencyGraphs(await downloadDependencyGraphs())
+    } catch (e) {
+        warnOrFail(DependencyGraphOption.DownloadAndSubmit, e)
+    }
+}
+
+async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<void> {
+    for (const jsonFile of dependencyGraphFiles) {
+        try {
+            await submitDependencyGraphFile(jsonFile)
+        } catch (error) {
+            if (error instanceof RequestError) {
+                throw new Error(translateErrorMessage(jsonFile, error))
+            } else {
+                throw error
+            }
+        }
+    }
+}
+
+function translateErrorMessage(jsonFile: string, error: RequestError): string {
+    const relativeJsonFile = getRelativePathFromWorkspace(jsonFile)
+    const mainWarning = `Dependency submission failed for ${relativeJsonFile}.\n${String(error)}`
+    if (error.message === 'Resource not accessible by integration') {
+        return `${mainWarning}
+Please ensure that the 'contents: write' permission is available for the workflow job.
+Note that this permission is never available for a 'pull_request' trigger from a repository fork.
+        `
+    }
+    return mainWarning
+}
+
+async function submitDependencyGraphFile(jsonFile: string): Promise<void> {
+    const octokit = getOctokit()
     const jsonContent = fs.readFileSync(jsonFile, 'utf8')
 
     const jsonObject = JSON.parse(jsonContent)
@@ -69,80 +138,58 @@ export async function submitDependencyGraph(): Promise<void> {
     const response = await octokit.request('POST /repos/{owner}/{repo}/dependency-graph/snapshots', jsonObject)
 
     const relativeJsonFile = getRelativePathFromWorkspace(jsonFile)
-        core.info(`Submitted ${relativeJsonFile}: ${JSON.stringify(response)}`)
     core.notice(`Submitted ${relativeJsonFile}: ${response.data.message}`)
+}
+
+async function downloadDependencyGraphs(): Promise<string[]> {
+    const workspaceDirectory = layout.workspaceDirectory()
+
+    const findBy = github.context.payload.workflow_run
+        ? {
+              token: getGithubToken(),
+              workflowRunId: github.context.payload.workflow_run.id,
+              repositoryName: github.context.repo.repo,
+              repositoryOwner: github.context.repo.owner
           }
+        : undefined
+
+    const artifactClient = new DefaultArtifactClient()
+    const downloadPath = path.resolve(workspaceDirectory, 'dependency-graph')
+
+    const dependencyGraphArtifacts = (
+        await artifactClient.listArtifacts({
+            latest: true,
+            findBy
+        })
+    ).artifacts.filter(candidate => candidate.name.startsWith(DEPENDENCY_GRAPH_PREFIX))
+
+    for (const artifact of dependencyGraphArtifacts) {
+        const downloadedArtifact = await artifactClient.downloadArtifact(artifact.id, {
+            path: downloadPath,
+            findBy
+        })
+        core.info(`Downloading dependency-graph artifact ${artifact.name} to ${downloadedArtifact.downloadPath}`)
+    }
+
+    return findDependencyGraphFiles(downloadPath)
 }
 
 async function findDependencyGraphFiles(dir: string): Promise<string[]> {
-    const globber = await glob.create(`${dir}/**/${DEPENDENCY_GRAPH_FILE}`)
+    const globber = await glob.create(`${dir}/dependency-graph-reports/*.json`)
     const graphFiles = globber.glob()
-    core.info(`Found graph files in ${dir}: ${graphFiles}`)
     return graphFiles
 }
 
-async function retrieveDependencyGraphs(octokit: Octokit, workspaceDirectory: string): Promise<string[]> {
-    if (github.context.payload.workflow_run) {
-        return await retrieveDependencyGraphsForWorkflowRun(
-            github.context.payload.workflow_run.id,
-            octokit,
-            workspaceDirectory
-        )
-    }
-    return retrieveDependencyGraphsForCurrentWorkflow(workspaceDirectory)
-}
-
-async function retrieveDependencyGraphsForWorkflowRun(
-    runId: number,
-    octokit: Octokit,
-    workspaceDirectory: string
-): Promise<string[]> {
-    // Find the workflow run artifacts named "dependency-graph"
-    const artifacts = await octokit.rest.actions.listWorkflowRunArtifacts({
-        owner: github.context.repo.owner,
-        repo: github.context.repo.repo,
-        run_id: runId
-    })
-
-    const matchArtifact = artifacts.data.artifacts.find(candidate => {
-        return candidate.name === DEPENDENCY_GRAPH_ARTIFACT
-    })
-
-    if (matchArtifact === undefined) {
-        throw new Error(`Dependency graph artifact not found. Has it been generated by workflow run '${runId}'?`)
+function warnOrFail(option: String, error: unknown): void {
+    if (!getDependencyGraphContinueOnFailure()) {
+        throw new PostActionJobFailure(error)
     }
 
-    // Download the dependency-graph artifact
-    const download = await octokit.rest.actions.downloadArtifact({
-        owner: github.context.repo.owner,
-        repo: github.context.repo.repo,
-        artifact_id: matchArtifact.id,
-        archive_format: 'zip'
-    })
-
-    const downloadBuffer = download.data as ArrayBuffer
-    const downloadZip = path.resolve(workspaceDirectory, 'dependency-graph.zip')
-    fs.writeFileSync(downloadZip, Buffer.from(downloadBuffer))
-
-    // Expance the dependency-graph zip and locate each dependency-graph JSON file
-    const extractDir = path.resolve(workspaceDirectory, 'dependency-graph')
-    const extracted = await toolCache.extractZip(downloadZip, extractDir)
-    core.info(`Extracted dependency graph artifacts to ${extracted}: ${fs.readdirSync(extracted)}`)
-
-    return findDependencyGraphFiles(extracted)
+    core.warning(`Failed to ${option} dependency graph. Will continue.\n${String(error)}`)
 }
 
-async function retrieveDependencyGraphsForCurrentWorkflow(workspaceDirectory: string): Promise<string[]> {
-    const artifactClient = artifact.create()
-    const downloadPath = path.resolve(workspaceDirectory, 'dependency-graph')
-    await artifactClient.downloadArtifact(DEPENDENCY_GRAPH_ARTIFACT, downloadPath)
-    return await findDependencyGraphFiles(downloadPath)
-}
-
-function getOctokit(): Octokit {
-    return new Octokit({
-        auth: getGithubToken()
-    })
+function getOctokit(): InstanceType<typeof GitHub> {
+    return github.getOctokit(getGithubToken())
 }
 
 function getGithubToken(): string {
@@ -153,3 +200,48 @@ function getRelativePathFromWorkspace(file: string): string {
     const workspaceDirectory = layout.workspaceDirectory()
     return path.relative(workspaceDirectory, file)
 }
+
+function getShaFromContext(): string {
+    const context = github.context
+    const pullRequestEvents = [
+        'pull_request',
+        'pull_request_comment',
+        'pull_request_review',
+        'pull_request_review_comment'
+        // Note that pull_request_target is omitted here.
+        // That event runs in the context of the base commit of the PR,
+        // so the snapshot should not be associated with the head commit.
+    ]
+    if (pullRequestEvents.includes(context.eventName)) {
+        const pr = (context.payload as PullRequestEvent).pull_request
+        return pr.head.sha
+    } else {
+        return context.sha
+    }
+}
+
+function getJobCorrelator(): string {
+    return constructJobCorrelator(github.context.workflow, github.context.job, getJobMatrix())
+}
+
+export function constructJobCorrelator(workflow: string, jobId: string, matrixJson: string): string {
+    const matrixString = describeMatrix(matrixJson)
+    const label = matrixString ? `${workflow}-${jobId}-${matrixString}` : `${workflow}-${jobId}`
+    return sanitize(label)
+}
+
+function describeMatrix(matrixJson: string): string {
+    core.debug(`Got matrix json: ${matrixJson}`)
+    const matrix = JSON.parse(matrixJson)
+    if (matrix) {
+        return Object.values(matrix).join('-')
+    }
+    return ''
+}
+
+function sanitize(value: string): string {
+    return value
+        .replace(/[^a-zA-Z0-9_-\s]/g, '')
+        .replace(/\s+/g, '_')
+        .toLowerCase()
+}

src/errors.ts

@@ -0,0 +1,11 @@
+export class PostActionJobFailure extends Error {
+    constructor(error: unknown) {
+        if (error instanceof Error) {
+            super(error.message)
+            this.name = error.name
+            this.stack = error.stack
+        } else {
+            super(String(error))
+        }
+    }
+}

src/execution.ts

@@ -1,12 +1,11 @@
 import * as core from '@actions/core'
 import * as exec from '@actions/exec'
-import fs from 'fs'
 import * as gradlew from './gradlew'
 
 export async function executeGradleBuild(executable: string | undefined, root: string, args: string[]): Promise<void> {
     // Use the provided executable, or look for a Gradle wrapper script to run
-    const toExecute = executable ?? gradlew.locateGradleWrapperScript(root)
-    verifyIsExecutableScript(toExecute)
+    const toExecute = executable ?? gradlew.gradleWrapperScript(root)
+
     const status: number = await exec.exec(toExecute, args, {
         cwd: root,
         ignoreReturnCode: true
@@ -16,11 +15,3 @@ export async function executeGradleBuild(executable: string | undefined, root: s
         core.setFailed(`Gradle build failed: see console output for details`)
     }
 }
-
-function verifyIsExecutableScript(toExecute: string): void {
-    try {
-        fs.accessSync(toExecute, fs.constants.X_OK)
-    } catch (err) {
-        throw new Error(`Gradle script '${toExecute}' is not executable.`)
-    }
-}

src/gradlew.ts

@@ -4,23 +4,39 @@ import fs from 'fs'
 const IS_WINDOWS = process.platform === 'win32'
 
 export function wrapperScriptFilename(): string {
-    return IS_WINDOWS ? 'gradlew.bat' : 'gradlew'
+    return IS_WINDOWS ? './gradlew.bat' : './gradlew'
 }
 
 export function installScriptFilename(): string {
     return IS_WINDOWS ? 'gradle.bat' : 'gradle'
 }
 
-export function locateGradleWrapperScript(buildRootDirectory: string): string {
+export function gradleWrapperScript(buildRootDirectory: string): string {
     validateGradleWrapper(buildRootDirectory)
-    return path.resolve(buildRootDirectory, wrapperScriptFilename())
+    return wrapperScriptFilename()
 }
 
 function validateGradleWrapper(buildRootDirectory: string): void {
+    const wrapperScript = path.resolve(buildRootDirectory, wrapperScriptFilename())
+    verifyExists(wrapperScript, 'Gradle Wrapper script')
+    verifyIsExecutableScript(wrapperScript)
+
     const wrapperProperties = path.resolve(buildRootDirectory, 'gradle/wrapper/gradle-wrapper.properties')
-    if (!fs.existsSync(wrapperProperties)) {
+    verifyExists(wrapperProperties, 'Gradle wrapper properties file')
+}
+
+function verifyExists(file: string, description: string): void {
+    if (!fs.existsSync(file)) {
         throw new Error(
-            `Cannot locate a Gradle wrapper properties file at '${wrapperProperties}'. Specify 'gradle-version' or 'gradle-executable' for projects without Gradle wrapper configured.`
+            `Cannot locate ${description} at '${file}'. Specify 'gradle-version' for projects without Gradle wrapper configured.`
         )
     }
 }
+
+function verifyIsExecutableScript(toExecute: string): void {
+    try {
+        fs.accessSync(toExecute, fs.constants.X_OK)
+    } catch (err) {
+        throw new Error(`Gradle script '${toExecute}' is not executable.`)
+    }
+}

src/input-params.ts

@@ -13,6 +13,10 @@ export function isCacheWriteOnly(): boolean {
     return getBooleanInput('cache-write-only')
 }
 
+export function isCacheOverwriteExisting(): boolean {
+    return getBooleanInput('cache-overwrite-existing')
+}
+
 export function isCacheStrictMatch(): boolean {
     return getBooleanInput('gradle-home-cache-strict-match')
 }
@@ -25,6 +29,10 @@ export function isCacheCleanupEnabled(): boolean {
     return getBooleanInput('gradle-home-cache-cleanup')
 }
 
+export function getCacheEncryptionKey(): string {
+    return core.getInput('cache-encryption-key')
+}
+
 export function getCacheIncludes(): string[] {
     return core.getMultilineInput('gradle-home-cache-includes')
 }
@@ -41,17 +49,13 @@ export function getGradleVersion(): string {
     return core.getInput('gradle-version')
 }
 
-export function getGradleExecutable(): string {
-    return core.getInput('gradle-executable')
-}
-
 export function getArguments(): string[] {
     const input = core.getInput('arguments')
     return parseArgsStringToArgv(input)
 }
 
 // Internal parameters
-export function getJobContext(): string {
+export function getJobMatrix(): string {
     return core.getInput('workflow-job-context')
 }
 
@@ -63,6 +67,81 @@ export function isJobSummaryEnabled(): boolean {
     return getBooleanInput('generate-job-summary', true)
 }
 
+export function getJobSummaryOption(): JobSummaryOption {
+    return parseJobSummaryOption('add-job-summary')
+}
+
+export function getPRCommentOption(): JobSummaryOption {
+    return parseJobSummaryOption('add-job-summary-as-pr-comment')
+}
+
+export function getBuildScanPublishEnabled(): boolean {
+    return getBooleanInput('build-scan-publish')
+}
+
+export function getBuildScanTermsOfServiceUrl(): string {
+    return core.getInput('build-scan-terms-of-service-url')
+}
+
+export function getBuildScanTermsOfServiceAgree(): string {
+    return core.getInput('build-scan-terms-of-service-agree')
+}
+
+function parseJobSummaryOption(paramName: string): JobSummaryOption {
+    const val = core.getInput(paramName)
+    switch (val.toLowerCase().trim()) {
+        case 'never':
+            return JobSummaryOption.Never
+        case 'always':
+            return JobSummaryOption.Always
+        case 'on-failure':
+            return JobSummaryOption.OnFailure
+    }
+    throw TypeError(`The value '${val}' is not valid for ${paramName}. Valid values are: [never, always, on-failure].`)
+}
+
+export function getDependencyGraphOption(): DependencyGraphOption {
+    const val = core.getInput('dependency-graph')
+    switch (val.toLowerCase().trim()) {
+        case 'disabled':
+            return DependencyGraphOption.Disabled
+        case 'generate':
+            return DependencyGraphOption.Generate
+        case 'generate-and-submit':
+            return DependencyGraphOption.GenerateAndSubmit
+        case 'generate-and-upload':
+            return DependencyGraphOption.GenerateAndUpload
+        case 'download-and-submit':
+            return DependencyGraphOption.DownloadAndSubmit
+        case 'clear':
+            return DependencyGraphOption.Clear
+    }
+    throw TypeError(
+        `The value '${val}' is not valid for 'dependency-graph'. Valid values are: [disabled, generate, generate-and-submit, generate-and-upload, download-and-submit, clear]. The default value is 'disabled'.`
+    )
+}
+
+export function getDependencyGraphContinueOnFailure(): boolean {
+    return getBooleanInput('dependency-graph-continue-on-failure', true)
+}
+
+export function getArtifactRetentionDays(): number {
+    const val = core.getInput('artifact-retention-days')
+    return parseNumericInput('artifact-retention-days', val, 0)
+    // Zero indicates that the default repository settings should be used
+}
+
+export function parseNumericInput(paramName: string, paramValue: string, paramDefault: number): number {
+    if (paramValue.length === 0) {
+        return paramDefault
+    }
+    const numericValue = parseInt(paramValue)
+    if (isNaN(numericValue)) {
+        throw TypeError(`The value '${paramValue}' is not a valid numeric value for '${paramName}'.`)
+    }
+    return numericValue
+}
+
 function getBooleanInput(paramName: string, paramDefault = false): boolean {
     const paramValue = core.getInput(paramName)
     switch (paramValue.toLowerCase().trim()) {
@@ -75,3 +154,18 @@ function getBooleanInput(paramName: string, paramDefault = false): boolean {
     }
     throw TypeError(`The value '${paramValue} is not valid for '${paramName}. Valid values are: [true, false]`)
 }
+
+export enum DependencyGraphOption {
+    Disabled = 'disabled',
+    Generate = 'generate',
+    GenerateAndSubmit = 'generate-and-submit',
+    GenerateAndUpload = 'generate-and-upload',
+    DownloadAndSubmit = 'download-and-submit',
+    Clear = 'clear'
+}
+
+export enum JobSummaryOption {
+    Never = 'never',
+    Always = 'always',
+    OnFailure = 'on-failure'
+}

src/job-summary.ts

@@ -1,45 +1,94 @@
 import * as core from '@actions/core'
+import * as github from '@actions/github'
+import {SUMMARY_ENV_VAR} from '@actions/core/lib/summary'
+import {RequestError} from '@octokit/request-error'
+
+import * as params from './input-params'
 import {BuildResult} from './build-results'
-import {writeCachingReport, CacheListener, logCachingReport} from './cache-reporting'
+import {CacheListener, generateCachingReport} from './cache-reporting'
 
-export async function writeJobSummary(buildResults: BuildResult[], cacheListener: CacheListener): Promise<void> {
-    core.info('Writing job summary')
+export async function generateJobSummary(buildResults: BuildResult[], cacheListener: CacheListener): Promise<void> {
+    const summaryTable = renderSummaryTable(buildResults)
+    const cachingReport = generateCachingReport(cacheListener)
 
-    if (buildResults.length === 0) {
-        core.debug('No Gradle build results found. Summary table will not be generated.')
-    } else {
-        writeSummaryTable(buildResults)
-    }
-
-    writeCachingReport(cacheListener)
+    if (shouldGenerateJobSummary(buildResults)) {
+        core.info('Generating Job Summary')
 
+        core.summary.addRaw(summaryTable)
+        core.summary.addRaw(cachingReport)
         await core.summary.write()
-}
-
-export async function logJobSummary(buildResults: BuildResult[], cacheListener: CacheListener): Promise<void> {
-    if (buildResults.length === 0) {
-        core.debug('No Gradle build results found. Summary table will not be logged.')
     } else {
-        logSummaryTable(buildResults)
+        core.info('============================')
+        core.info(summaryTable)
+        core.info('============================')
+        core.info(cachingReport)
+        core.info('============================')
     }
 
-    logCachingReport(cacheListener)
+    if (shouldAddPRComment(buildResults)) {
+        await addPRComment(summaryTable)
+    }
 }
 
-function writeSummaryTable(results: BuildResult[]): void {
-    core.summary.addHeading('Gradle Builds', 3)
+async function addPRComment(jobSummary: string): Promise<void> {
+    const context = github.context
+    if (context.payload.pull_request == null) {
+        core.info('No pull_request trigger: not adding PR comment')
+        return
+    }
 
-    core.summary.addRaw(`
+    const pull_request_number = context.payload.pull_request.number
+    core.info(`Adding Job Summary as comment to PR #${pull_request_number}.`)
+
+    const prComment = `<h3>Job Summary for gradle-build-action</h3>
+<h5>${github.context.workflow} :: <em>${github.context.job}</em></h5>
+
+${jobSummary}`
+
+    const github_token = params.getGithubToken()
+    const octokit = github.getOctokit(github_token)
+    try {
+        await octokit.rest.issues.createComment({
+            ...context.repo,
+            issue_number: pull_request_number,
+            body: prComment
+        })
+    } catch (error) {
+        if (error instanceof RequestError) {
+            core.warning(buildWarningMessage(error))
+        } else {
+            throw error
+        }
+    }
+}
+
+function buildWarningMessage(error: RequestError): string {
+    const mainWarning = `Failed to generate PR comment.\n${String(error)}`
+    if (error.message === 'Resource not accessible by integration') {
+        return `${mainWarning}
+Please ensure that the 'pull-requests: write' permission is available for the workflow job.
+Note that this permission is never available for a workflow triggered from a repository fork.
+        `
+    }
+    return mainWarning
+}
+
+function renderSummaryTable(results: BuildResult[]): string {
+    if (results.length === 0) {
+        return 'No Gradle build results detected.'
+    }
+
+    return `
 <table>
     <tr>
-        <th>Root Project</th>
+        <th>Gradle Root Project</th>
         <th>Requested Tasks</th>
         <th>Gradle Version</th>
         <th>Build Outcome</th>
-        <th>Build Scan™</th>
+        <th>Build Scan®</th>
     </tr>${results.map(result => renderBuildResultRow(result)).join('')}
 </table>
-    `)
+    `
 }
 
 function renderBuildResultRow(result: BuildResult): string {
@@ -72,23 +121,37 @@ function renderBuildScan(result: BuildResult): string {
 }
 
 function renderBuildScanBadge(outcomeText: string, outcomeColor: string, targetUrl: string): string {
-    const badgeUrl = `https://img.shields.io/badge/Build%20Scan%E2%84%A2-${outcomeText}-${outcomeColor}?logo=Gradle`
+    const badgeUrl = `https://img.shields.io/badge/Build%20Scan%C2%AE-${outcomeText}-${outcomeColor}?logo=Gradle`
     const badgeHtml = `<img src="${badgeUrl}" alt="Build Scan ${outcomeText}" />`
     return `<a href="${targetUrl}" rel="nofollow">${badgeHtml}</a>`
 }
 
-function logSummaryTable(results: BuildResult[]): void {
-    core.info('============================')
-    core.info('Gradle Builds')
-    core.info('----------------------------')
-    core.info('Root Project | Requested Tasks | Gradle Version | Build Outcome | Build Scan™')
-    core.info('----------------------------')
-    for (const result of results) {
-        core.info(
-            `${result.rootProjectName} | ${result.requestedTasks} | ${result.gradleVersion} | ${
-                result.buildFailed ? 'FAILED' : 'SUCCESS'
-            } | ${result.buildScanFailed ? 'Publish failed' : result.buildScanUri}`
-        )
+function shouldGenerateJobSummary(buildResults: BuildResult[]): boolean {
+    // Check if Job Summary is supported on this platform
+    if (!process.env[SUMMARY_ENV_VAR]) {
+        return false
+    }
+
+    // Check if Job Summary is disabled using the deprecated input
+    if (!params.isJobSummaryEnabled()) {
+        return false
+    }
+
+    return shouldAddJobSummary(params.getJobSummaryOption(), buildResults)
+}
+
+function shouldAddPRComment(buildResults: BuildResult[]): boolean {
+    return shouldAddJobSummary(params.getPRCommentOption(), buildResults)
+}
+
+function shouldAddJobSummary(option: params.JobSummaryOption, buildResults: BuildResult[]): boolean {
+    switch (option) {
+        case params.JobSummaryOption.Always:
+            return true
+        case params.JobSummaryOption.Never:
+            return false
+        case params.JobSummaryOption.OnFailure:
+            core.info(`Got these build results: ${JSON.stringify(buildResults)}`)
+            return buildResults.some(result => result.buildFailed)
     }
-    core.info('============================')
 }

src/main.ts

@@ -29,6 +29,9 @@ export async function run(): Promise<void> {
             core.info(error.stack)
         }
     }
+
+    // Explicit process.exit() to prevent waiting for hanging promises.
+    process.exit()
 }
 
 run()

src/post.ts

@@ -1,5 +1,6 @@
 import * as core from '@actions/core'
 import * as setupGradle from './setup-gradle'
+import {PostActionJobFailure} from './errors'
 
 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
 // @actions/toolkit when a failed upload closes the file descriptor causing any in-process reads to
@@ -13,8 +14,15 @@ export async function run(): Promise<void> {
     try {
         await setupGradle.complete()
     } catch (error) {
+        if (error instanceof PostActionJobFailure) {
+            core.setFailed(String(error))
+        } else {
             handleFailure(error)
         }
+    }
+
+    // Explicit process.exit() to prevent waiting for promises left hanging by `@actions/cache` on save.
+    process.exit()
 }
 
 function handleFailure(error: unknown): void {

src/provision.ts

@@ -8,7 +8,6 @@ import * as toolCache from '@actions/tool-cache'
 
 import * as gradlew from './gradlew'
 import * as params from './input-params'
-import * as layout from './repository-layout'
 import {handleCacheFailure, isCacheDisabled, isCacheReadOnly} from './cache-utils'
 
 const gradleVersionsBaseUrl = 'https://services.gradle.org/versions'
@@ -20,13 +19,7 @@ const gradleVersionsBaseUrl = 'https://services.gradle.org/versions'
 export async function provisionGradle(): Promise<string | undefined> {
     const gradleVersion = params.getGradleVersion()
     if (gradleVersion !== '' && gradleVersion !== 'wrapper') {
-        return addToPath(path.resolve(await installGradle(gradleVersion)))
-    }
-
-    const gradleExecutable = params.getGradleExecutable()
-    if (gradleExecutable !== '') {
-        const workspaceDirectory = layout.workspaceDirectory()
-        return addToPath(path.resolve(workspaceDirectory, gradleExecutable))
+        return addToPath(await installGradle(gradleVersion))
     }
 
     return undefined
@@ -38,6 +31,12 @@ async function addToPath(executable: string): Promise<string> {
 }
 
 async function installGradle(version: string): Promise<string> {
+    const versionInfo = await resolveGradleVersion(version)
+    core.setOutput('gradle-version', versionInfo.version)
+    return installGradleVersion(versionInfo)
+}
+
+async function resolveGradleVersion(version: string): Promise<GradleVersionInfo> {
     switch (version) {
         case 'current':
             return gradleCurrent()
@@ -55,36 +54,33 @@ async function installGradle(version: string): Promise<string> {
     }
 }
 
-async function gradleCurrent(): Promise<string> {
-    const versionInfo = await gradleVersionDeclaration(`${gradleVersionsBaseUrl}/current`)
-    return installGradleVersion(versionInfo)
+async function gradleCurrent(): Promise<GradleVersionInfo> {
+    return await gradleVersionDeclaration(`${gradleVersionsBaseUrl}/current`)
 }
 
-async function gradleReleaseCandidate(): Promise<string> {
+async function gradleReleaseCandidate(): Promise<GradleVersionInfo> {
     const versionInfo = await gradleVersionDeclaration(`${gradleVersionsBaseUrl}/release-candidate`)
     if (versionInfo && versionInfo.version && versionInfo.downloadUrl) {
-        return installGradleVersion(versionInfo)
+        return versionInfo
     }
     core.info('No current release-candidate found, will fallback to current')
     return gradleCurrent()
 }
 
-async function gradleNightly(): Promise<string> {
-    const versionInfo = await gradleVersionDeclaration(`${gradleVersionsBaseUrl}/nightly`)
-    return installGradleVersion(versionInfo)
+async function gradleNightly(): Promise<GradleVersionInfo> {
+    return await gradleVersionDeclaration(`${gradleVersionsBaseUrl}/nightly`)
 }
 
-async function gradleReleaseNightly(): Promise<string> {
-    const versionInfo = await gradleVersionDeclaration(`${gradleVersionsBaseUrl}/release-nightly`)
-    return installGradleVersion(versionInfo)
+async function gradleReleaseNightly(): Promise<GradleVersionInfo> {
+    return await gradleVersionDeclaration(`${gradleVersionsBaseUrl}/release-nightly`)
 }
 
-async function gradle(version: string): Promise<string> {
+async function gradle(version: string): Promise<GradleVersionInfo> {
     const versionInfo = await findGradleVersionDeclaration(version)
     if (!versionInfo) {
         throw new Error(`Gradle version ${version} does not exists`)
     }
-    return installGradleVersion(versionInfo)
+    return versionInfo
 }
 
 async function gradleVersionDeclaration(url: string): Promise<GradleVersionInfo> {

src/resources/init-scripts/github-dependency-graph.init.gradle

@@ -1,12 +0,0 @@
-import org.gradle.github.GitHubDependencyGraphPlugin
-initscript {
-  repositories {
-    maven {
-      url = uri("https://plugins.gradle.org/m2/")
-    }
-  }
-  dependencies {
-    classpath("org.gradle:github-dependency-graph-gradle-plugin:+")
-  }
-}
-apply plugin: GitHubDependencyGraphPlugin

src/resources/init-scripts/gradle-build-action.build-result-capture-service.plugin.groovy

@@ -51,11 +51,15 @@ abstract class BuildResultsRecorder implements BuildService<BuildResultsRecorder
             return
         }
 
+        try {
             def buildResultsDir = new File(runnerTempDir, ".build-results")
             buildResultsDir.mkdirs()
             def buildResultsFile = new File(buildResultsDir, githubActionStep + getParameters().getInvocationId().get() + ".json")
             if (!buildResultsFile.exists()) {
                 buildResultsFile << groovy.json.JsonOutput.toJson(buildResults)
             }
+        } catch (Exception e) {
+            println "\ngradle-build-action failed to write build-results file. Will continue.\n> ${e.getLocalizedMessage()}"
+        }
     }
 }

src/resources/init-scripts/gradle-build-action.build-result-capture.init.gradle

@@ -23,7 +23,7 @@ if (isTopLevelBuild) {
                 captureUsingBuildFinished(gradle, invocationId)
             }
             
-            // The `buildScanPublished` hook allows the capture of the build scan URI.
+            // The `buildScanPublished` hook allows the capture of the Build Scan URI.
             // Results captured this way will overwrite any results from the other mechanism.
             settings.pluginManager.withPlugin("com.gradle.enterprise") {
                 captureUsingBuildScanPublished(settings.extensions["gradleEnterprise"].buildScan, settings.rootProject, invocationId)
@@ -34,7 +34,7 @@ if (isTopLevelBuild) {
             // By default, use 'buildFinished' to capture build results
             captureUsingBuildFinished(gradle, invocationId)
 
-            // The `buildScanPublished` hook allows the capture of the build scan URI.
+            // The `buildScanPublished` hook allows the capture of the Build Scan URI.
             // Results captured this way will overwrite any results from 'buildFinished'.
             gradle.rootProject.pluginManager.withPlugin("com.gradle.build-scan") {
                 captureUsingBuildScanPublished(gradle.rootProject.extensions["buildScan"], gradle.rootProject, invocationId)
@@ -82,7 +82,7 @@ def captureUsingBuildFinished(gradle, invocationId) {
 
 def captureUsingBuildService(settings, invocationId) {
     gradle.ext.invocationId = invocationId
-    apply from: 'build-result-capture-service.plugin.groovy'
+    apply from: 'gradle-build-action.build-result-capture-service.plugin.groovy'
 }
 
 class BuildResults {
@@ -122,6 +122,7 @@ class BuildResults {
             return
         }
 
+        try {
             def buildResultsDir = new File(runnerTempDir, ".build-results")
             buildResultsDir.mkdirs()
             def buildResultsFile = new File(buildResultsDir, githubActionStep + invocationId + ".json")
@@ -134,5 +135,9 @@ class BuildResults {
             } else {
                 buildResultsFile << groovy.json.JsonOutput.toJson(buildResults)
             }
+
+        } catch (Exception e) {
+            println "\ngradle-build-action failed to write build-results file. Will continue.\n> ${e.getLocalizedMessage()}"
+        }
     }
 }

src/resources/init-scripts/gradle-build-action.github-dependency-graph-gradle-plugin-apply.groovy

@@ -0,0 +1,15 @@
+buildscript {
+  def getInputParam = { String name ->
+      def envVarName = name.toUpperCase().replace('.', '_').replace('-', '_')
+      return System.getProperty(name) ?: System.getenv(envVarName)
+  }
+  def pluginRepositoryUrl = getInputParam('gradle.plugin-repository.url') ?: 'https://plugins.gradle.org/m2'
+
+  repositories {
+    maven { url pluginRepositoryUrl }
+  }
+  dependencies {
+    classpath "org.gradle:github-dependency-graph-gradle-plugin:1.1.1"
+  }
+}
+apply plugin: org.gradle.github.GitHubDependencyGraphPlugin

src/resources/init-scripts/gradle-build-action.github-dependency-graph.init.gradle

@@ -0,0 +1,65 @@
+import org.gradle.util.GradleVersion
+
+// Only run when dependency graph is explicitly enabled
+if (getVariable('GITHUB_DEPENDENCY_GRAPH_ENABLED') != "true") {
+  return
+}
+
+// Do not run for unsupported versions of Gradle
+def gradleVersion = GradleVersion.current().baseVersion
+if (gradleVersion < GradleVersion.version("5.2") ||
+    (gradleVersion >= GradleVersion.version("7.0") && gradleVersion < GradleVersion.version("7.1"))) {
+  if (getVariable('GITHUB_DEPENDENCY_GRAPH_CONTINUE_ON_FAILURE') != "true") {
+    throw new GradleException("Dependency Graph is not supported for ${gradleVersion}. No dependency snapshot will be generated.")
+  }
+  println "::warning::Dependency Graph is not supported for ${gradleVersion}. No dependency snapshot will be generated."
+  return
+}
+
+// Attempt to find a unique job correlator to use based on the environment variable
+// This is only required for top-level builds
+def isTopLevelBuild = gradle.getParent() == null
+if (isTopLevelBuild) {
+  def reportFile = getUniqueReportFile(getVariable('GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR'))
+
+  if (reportFile == null) {
+    println "::warning::No dependency snapshot generated for step. Could not determine unique job correlator - specify GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR var for this step."
+    return
+  }
+
+  println "Generating dependency graph into '${reportFile}'"
+}
+
+apply from: 'gradle-build-action.github-dependency-graph-gradle-plugin-apply.groovy'
+
+/**
+ * Using the supplied jobCorrelator value:
+ * - Checks if report file already exists
+ * - If so, tries to find a unique value that does not yet have a corresponding report file.
+ * - When found, this value is set as a System property override.
+ */
+File getUniqueReportFile(String jobCorrelator) {
+    def reportDir = getVariable('DEPENDENCY_GRAPH_REPORT_DIR')
+    def reportFile = new File(reportDir, jobCorrelator + ".json")
+    if (!reportFile.exists()) return reportFile
+
+    // Try at most 100 suffixes
+    for (int i = 1; i < 100; i++) {
+        def candidateCorrelator = jobCorrelator + "-" + i
+        def candidateFile = new File(reportDir, candidateCorrelator + ".json")
+        if (!candidateFile.exists()) {
+           System.properties['GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR'] = candidateCorrelator
+           return candidateFile
+        }
+    }
+
+    // Could not determine unique job correlator
+    return null
+}
+
+/**
+* Return the environment variable value, or equivalent system property (if set)
+*/
+String getVariable(String name) {
+  return System.properties[name] ?: System.getenv(name)
+}

src/resources/init-scripts/gradle-build-action.inject-develocity.init.gradle

@@ -0,0 +1,211 @@
+import org.gradle.util.GradleVersion
+
+// note that there is no mechanism to share code between the initscript{} block and the main script, so some logic is duplicated
+
+// conditionally apply the GE / Build Scan plugin to the classpath so it can be applied to the build further down in this script
+initscript {
+    def isTopLevelBuild = !gradle.parent
+    if (!isTopLevelBuild) {
+        return
+    }
+
+    def getInputParam = { String name ->
+        def envVarName = name.toUpperCase().replace('.', '_').replace('-', '_')
+        return System.getProperty(name) ?: System.getenv(envVarName)
+    }
+
+    // finish early if injection is disabled
+    def gradleInjectionEnabled = getInputParam("develocity.injection-enabled")
+    if (gradleInjectionEnabled != "true") {
+        return
+    }
+
+    def pluginRepositoryUrl = getInputParam('gradle.plugin-repository.url')
+    def gePluginVersion = getInputParam('develocity.plugin.version')
+    def ccudPluginVersion = getInputParam('develocity.ccud-plugin.version')
+
+    def atLeastGradle5 = GradleVersion.current() >= GradleVersion.version('5.0')
+    def atLeastGradle4 = GradleVersion.current() >= GradleVersion.version('4.0')
+
+    if (gePluginVersion || ccudPluginVersion && atLeastGradle4) {
+        pluginRepositoryUrl = pluginRepositoryUrl ?: 'https://plugins.gradle.org/m2'
+        logger.quiet("Develocity plugins resolution: $pluginRepositoryUrl")
+
+        repositories {
+            maven { url pluginRepositoryUrl }
+        }
+    }
+
+    dependencies {
+        if (gePluginVersion) {
+            classpath atLeastGradle5 ?
+                "com.gradle:gradle-enterprise-gradle-plugin:$gePluginVersion" :
+                "com.gradle:build-scan-plugin:1.16"
+        }
+
+        if (ccudPluginVersion && atLeastGradle4) {
+            classpath "com.gradle:common-custom-user-data-gradle-plugin:$ccudPluginVersion"
+        }
+    }
+}
+
+def BUILD_SCAN_PLUGIN_ID = 'com.gradle.build-scan'
+def BUILD_SCAN_PLUGIN_CLASS = 'com.gradle.scan.plugin.BuildScanPlugin'
+
+def DEVELOCITY_PLUGIN_ID = 'com.gradle.enterprise'
+def DEVELOCITY_PLUGIN_CLASS = 'com.gradle.enterprise.gradleplugin.GradleEnterprisePlugin'
+def DEVELOCITY_EXTENSION_CLASS = 'com.gradle.enterprise.gradleplugin.GradleEnterpriseExtension'
+def CI_AUTO_INJECTION_CUSTOM_VALUE_NAME = 'CI auto injection'
+def CI_AUTO_INJECTION_CUSTOM_VALUE_VALUE = 'gradle-build-action'
+def CCUD_PLUGIN_ID = 'com.gradle.common-custom-user-data-gradle-plugin'
+def CCUD_PLUGIN_CLASS = 'com.gradle.CommonCustomUserDataGradlePlugin'
+
+def isTopLevelBuild = !gradle.parent
+if (!isTopLevelBuild) {
+    return
+}
+
+def getInputParam = { String name ->
+    def envVarName = name.toUpperCase().replace('.', '_').replace('-', '_')
+    return System.getProperty(name) ?: System.getenv(envVarName)
+}
+
+// finish early if injection is disabled
+def gradleInjectionEnabled = getInputParam("develocity.injection-enabled")
+if (gradleInjectionEnabled != "true") {
+    return
+}
+
+def geUrl = getInputParam('develocity.url')
+def geAllowUntrustedServer = Boolean.parseBoolean(getInputParam('develocity.allow-untrusted-server'))
+def geEnforceUrl = Boolean.parseBoolean(getInputParam('develocity.enforce-url'))
+def buildScanUploadInBackground = Boolean.parseBoolean(getInputParam('develocity.build-scan.upload-in-background'))
+def gePluginVersion = getInputParam('develocity.plugin.version')
+def ccudPluginVersion = getInputParam('develocity.ccud-plugin.version')
+def buildScanTermsOfServiceUrl = getInputParam('build-scan.terms-of-service.url')
+def buildScanTermsOfServiceAgree = getInputParam('build-scan.terms-of-service.agree')
+
+def atLeastGradle4 = GradleVersion.current() >= GradleVersion.version('4.0')
+
+// finish early if configuration parameters passed in via system properties are not valid/supported
+if (ccudPluginVersion && isNotAtLeast(ccudPluginVersion, '1.7')) {
+    logger.warn("Common Custom User Data Gradle plugin must be at least 1.7. Configured version is $ccudPluginVersion.")
+    return
+}
+
+// register buildScanPublished listener and optionally apply the GE / Build Scan plugin
+if (GradleVersion.current() < GradleVersion.version('6.0')) {
+    rootProject {
+        buildscript.configurations.getByName("classpath").incoming.afterResolve { ResolvableDependencies incoming ->
+            def resolutionResult = incoming.resolutionResult
+
+            if (gePluginVersion) {
+                def scanPluginComponent = resolutionResult.allComponents.find {
+                    it.moduleVersion.with { group == "com.gradle" && (name == "build-scan-plugin" || name == "gradle-enterprise-gradle-plugin") }
+                }
+                if (!scanPluginComponent) {
+                    logger.quiet("Applying $BUILD_SCAN_PLUGIN_CLASS via init script")
+                    applyPluginExternally(pluginManager, BUILD_SCAN_PLUGIN_CLASS)
+                    if (geUrl) {
+                        logger.quiet("Connection to Develocity: $geUrl, allowUntrustedServer: $geAllowUntrustedServer")
+                        buildScan.server = geUrl
+                        buildScan.allowUntrustedServer = geAllowUntrustedServer
+                    }
+                    buildScan.publishAlways()
+                    if (buildScan.metaClass.respondsTo(buildScan, 'setUploadInBackground', Boolean)) buildScan.uploadInBackground = buildScanUploadInBackground  // uploadInBackground not available for build-scan-plugin 1.16
+                    buildScan.value CI_AUTO_INJECTION_CUSTOM_VALUE_NAME, CI_AUTO_INJECTION_CUSTOM_VALUE_VALUE
+                }
+
+                if (geUrl && geEnforceUrl) {
+                    pluginManager.withPlugin(BUILD_SCAN_PLUGIN_ID) {
+                        afterEvaluate {
+                            logger.quiet("Enforcing Develocity: $geUrl, allowUntrustedServer: $geAllowUntrustedServer")
+                            buildScan.server = geUrl
+                            buildScan.allowUntrustedServer = geAllowUntrustedServer
+                        }
+                    }
+                }
+
+                if (buildScanTermsOfServiceUrl && buildScanTermsOfServiceAgree) {
+                    buildScan.termsOfServiceUrl = buildScanTermsOfServiceUrl
+                    buildScan.termsOfServiceAgree = buildScanTermsOfServiceAgree
+                }
+            }
+
+            if (ccudPluginVersion && atLeastGradle4) {
+                def ccudPluginComponent = resolutionResult.allComponents.find {
+                    it.moduleVersion.with { group == "com.gradle" && name == "common-custom-user-data-gradle-plugin" }
+                }
+                if (!ccudPluginComponent) {
+                    logger.quiet("Applying $CCUD_PLUGIN_CLASS via init script")
+                    pluginManager.apply(initscript.classLoader.loadClass(CCUD_PLUGIN_CLASS))
+                }
+            }
+        }
+    }
+} else {
+    gradle.settingsEvaluated { settings ->
+        if (gePluginVersion) {
+            if (!settings.pluginManager.hasPlugin(DEVELOCITY_PLUGIN_ID)) {
+                logger.quiet("Applying $DEVELOCITY_PLUGIN_CLASS via init script")
+                applyPluginExternally(settings.pluginManager, DEVELOCITY_PLUGIN_CLASS)
+                eachDevelocityExtension(settings, DEVELOCITY_EXTENSION_CLASS) { ext ->
+                    if (geUrl) {
+                        logger.quiet("Connection to Develocity: $geUrl, allowUntrustedServer: $geAllowUntrustedServer")
+                        ext.server = geUrl
+                        ext.allowUntrustedServer = geAllowUntrustedServer
+                    }
+                    ext.buildScan.publishAlways()
+                    ext.buildScan.uploadInBackground = buildScanUploadInBackground
+                    ext.buildScan.value CI_AUTO_INJECTION_CUSTOM_VALUE_NAME, CI_AUTO_INJECTION_CUSTOM_VALUE_VALUE
+                }
+            }
+
+            if (geUrl && geEnforceUrl) {
+                eachDevelocityExtension(settings, DEVELOCITY_EXTENSION_CLASS) { ext ->
+                    logger.quiet("Enforcing Develocity: $geUrl, allowUntrustedServer: $geAllowUntrustedServer")
+                    ext.server = geUrl
+                    ext.allowUntrustedServer = geAllowUntrustedServer
+                }
+            }
+
+            if (buildScanTermsOfServiceUrl && buildScanTermsOfServiceAgree) {
+                eachDevelocityExtension(settings, DEVELOCITY_EXTENSION_CLASS) { ext ->
+                    ext.buildScan.termsOfServiceUrl = buildScanTermsOfServiceUrl
+                    ext.buildScan.termsOfServiceAgree = buildScanTermsOfServiceAgree
+                }
+            }
+        }
+
+        if (ccudPluginVersion) {
+            if (!settings.pluginManager.hasPlugin(CCUD_PLUGIN_ID)) {
+                logger.quiet("Applying $CCUD_PLUGIN_CLASS via init script")
+                settings.pluginManager.apply(initscript.classLoader.loadClass(CCUD_PLUGIN_CLASS))
+            }
+        }
+    }
+}
+
+void applyPluginExternally(def pluginManager, String pluginClassName) {
+    def externallyApplied = 'develocity.externally-applied'
+    def oldValue = System.getProperty(externallyApplied)
+    System.setProperty(externallyApplied, 'true')
+    try {
+        pluginManager.apply(initscript.classLoader.loadClass(pluginClassName))
+    } finally {
+        if (oldValue == null) {
+            System.clearProperty(externallyApplied)
+        } else {
+            System.setProperty(externallyApplied, oldValue)
+        }
+    }
+}
+
+static def eachDevelocityExtension(def settings, def publicType, def action) {
+    settings.extensions.extensionsSchema.elements.findAll { it.publicType.concreteClass.name == publicType }
+        .collect { settings[it.name] }.each(action)
+}
+
+static boolean isNotAtLeast(String versionUnderTest, String referenceVersion) {
+    GradleVersion.version(versionUnderTest) < GradleVersion.version(referenceVersion)
+}

src/resources/toolchains.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<toolchains>
+  <!-- JDK Toolchains installed by default on GitHub-hosted runners -->
+  <toolchain>
+    <type>jdk</type>
+    <provides>
+      <version>8</version>
+      <vendor>Eclipse Temurin</vendor>
+    </provides>
+    <configuration>
+      <jdkHome>${env.JAVA_HOME_8_X64}</jdkHome>
+    </configuration>
+  </toolchain>
+  <toolchain>
+    <type>jdk</type>
+    <provides>
+      <version>11</version>
+      <vendor>Eclipse Temurin</vendor>
+    </provides>
+    <configuration>
+      <jdkHome>${env.JAVA_HOME_11_X64}</jdkHome>
+    </configuration>
+  </toolchain>
+  <toolchain>
+    <type>jdk</type>
+    <provides>
+      <version>17</version>
+      <vendor>Eclipse Temurin</vendor>
+    </provides>
+    <configuration>
+      <jdkHome>${env.JAVA_HOME_17_X64}</jdkHome>
+    </configuration>
+  </toolchain>
+  <toolchain>
+    <type>jdk</type>
+    <provides>
+      <version>21</version>
+      <vendor>Eclipse Temurin</vendor>
+    </provides>
+    <configuration>
+      <jdkHome>${env.JAVA_HOME_21_X64}</jdkHome>
+    </configuration>
+  </toolchain>
+</toolchains>

src/setup-gradle.ts

@@ -1,22 +1,25 @@
 import * as core from '@actions/core'
 import * as exec from '@actions/exec'
-import {SUMMARY_ENV_VAR} from '@actions/core/lib/summary'
 import * as path from 'path'
 import * as os from 'os'
 import * as caches from './caches'
 import * as layout from './repository-layout'
 import * as params from './input-params'
+import * as dependencyGraph from './dependency-graph'
+import * as jobSummary from './job-summary'
+import * as buildScan from './build-scan'
 
-import {logJobSummary, writeJobSummary} from './job-summary'
 import {loadBuildResults} from './build-results'
 import {CacheListener} from './cache-reporting'
 import {DaemonController} from './daemon-controller'
 
 const GRADLE_SETUP_VAR = 'GRADLE_BUILD_ACTION_SETUP_COMPLETED'
+const USER_HOME = 'USER_HOME'
 const GRADLE_USER_HOME = 'GRADLE_USER_HOME'
 const CACHE_LISTENER = 'CACHE_LISTENER'
 
 export async function setup(): Promise<void> {
+    const userHome = await determineUserHome()
     const gradleUserHome = await determineGradleUserHome()
 
     // Bypass setup on all but first action step in workflow.
@@ -29,13 +32,18 @@ export async function setup(): Promise<void> {
     // Record setup complete: visible in post-action, to control action completion
     core.saveState(GRADLE_SETUP_VAR, true)
 
-    // Save the Gradle User Home for use in the post-action step.
+    // Save the User Home and Gradle User Home for use in the post-action step.
+    core.saveState(USER_HOME, userHome)
     core.saveState(GRADLE_USER_HOME, gradleUserHome)
 
     const cacheListener = new CacheListener()
-    await caches.restore(gradleUserHome, cacheListener)
+    await caches.restore(userHome, gradleUserHome, cacheListener)
 
     core.saveState(CACHE_LISTENER, cacheListener.stringify())
+
+    await dependencyGraph.setup(params.getDependencyGraphOption())
+
+    buildScan.setup()
 }
 
 export async function complete(): Promise<void> {
@@ -43,21 +51,22 @@ export async function complete(): Promise<void> {
         core.info('Gradle setup post-action only performed for first gradle-build-action step in workflow.')
         return
     }
-    core.info('In final post-action step, saving state and writing summary')
+    core.info('In post-action step')
 
     const buildResults = loadBuildResults()
 
+    const userHome = core.getState(USER_HOME)
     const gradleUserHome = core.getState(GRADLE_USER_HOME)
     const cacheListener: CacheListener = CacheListener.rehydrate(core.getState(CACHE_LISTENER))
     const daemonController = new DaemonController(buildResults)
 
-    await caches.save(gradleUserHome, cacheListener, daemonController)
+    await caches.save(userHome, gradleUserHome, cacheListener, daemonController)
 
-    if (shouldGenerateJobSummary()) {
-        await writeJobSummary(buildResults, cacheListener)
-    } else {
-        logJobSummary(buildResults, cacheListener)
-    }
+    await jobSummary.generateJobSummary(buildResults, cacheListener)
+
+    await dependencyGraph.complete(params.getDependencyGraphOption())
+
+    core.info('Completed post-action step')
 }
 
 async function determineGradleUserHome(): Promise<string> {
@@ -86,12 +95,3 @@ async function determineUserHome(): Promise<string> {
     core.debug(`Determined user.home from java -version output: '${userHome}'`)
     return userHome
 }
-
-function shouldGenerateJobSummary(): boolean {
-    // Check if Job Summary is supported on this platform
-    if (!process.env[SUMMARY_ENV_VAR]) {
-        return false
-    }
-
-    return params.isJobSummaryEnabled()
-}

test/init-scripts/build.gradle

@@ -20,7 +20,7 @@ dependencies {
     testImplementation ('io.ratpack:ratpack-groovy-test:1.9.0') {
         exclude group: 'org.codehaus.groovy', module: 'groovy-all'
     }
-    testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.15.2'
+    testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.16.0'
 }
 
 test {

test/init-scripts/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=e111cb9948407e26351227dabce49822fb88c37ee72f1d1582a69c68af2e702f
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionSha256Sum=591855b517fc635b9e04de1d05d5e76ada3f89f5fc76f87978d1b245b4f69225
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

test/init-scripts/gradlew

@@ -83,7 +83,8 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -130,10 +131,13 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.

test/init-scripts/settings.gradle

@@ -1,6 +1,6 @@
 plugins {
-    id "com.gradle.enterprise" version "3.13.4"
-    id "com.gradle.common-custom-user-data-gradle-plugin" version "1.11"
+    id "com.gradle.enterprise" version "3.16.1"
+    id "com.gradle.common-custom-user-data-gradle-plugin" version "1.12.1"
 }
 
 gradleEnterprise {

test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy

@@ -16,14 +16,18 @@ import java.nio.file.Files
 import java.util.zip.GZIPOutputStream
 
 class BaseInitScriptTest extends Specification {
+    static final String DEVELOCITY_PLUGIN_VERSION = '3.16.1'
+    static final String CCUD_PLUGIN_VERSION = '1.12.1'
 
     static final TestGradleVersion GRADLE_3_X = new TestGradleVersion(GradleVersion.version('3.5.1'), 7, 9)
     static final TestGradleVersion GRADLE_4_X = new TestGradleVersion(GradleVersion.version('4.10.3'), 7, 10)
     static final TestGradleVersion GRADLE_5_X = new TestGradleVersion(GradleVersion.version('5.6.4'), 8, 12)
     static final TestGradleVersion GRADLE_6_NO_BUILD_SERVICE = new TestGradleVersion(GradleVersion.version('6.5.1'), 8, 14)
     static final TestGradleVersion GRADLE_6_X = new TestGradleVersion(GradleVersion.version('6.9.4'), 8, 15)
-    static final TestGradleVersion GRADLE_7_X = new TestGradleVersion(GradleVersion.version('7.6.1'), 8, 19)
-    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.0.2'), 8, 19)
+    static final TestGradleVersion GRADLE_7_1 = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
+    static final TestGradleVersion GRADLE_7_X = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
+    static final TestGradleVersion GRADLE_8_0 = new TestGradleVersion(GradleVersion.version('8.0.2'), 8, 19)
+    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.5'), 8, 19)
 
     static final List<TestGradleVersion> ALL_VERSIONS = [
         GRADLE_3_X, // First version where TestKit supports environment variables
@@ -32,14 +36,15 @@ class BaseInitScriptTest extends Specification {
         GRADLE_6_NO_BUILD_SERVICE, // Last version without build service support
         GRADLE_6_X,
         GRADLE_7_X,
+        GRADLE_8_0,
         GRADLE_8_X,
     ]
 
     static final List<TestGradleVersion> CONFIGURATION_CACHE_VERSIONS =
-        [GRADLE_7_X, GRADLE_8_X]
+        [GRADLE_7_X, GRADLE_8_0, GRADLE_8_X]
 
     static final List<TestGradleVersion> SETTINGS_PLUGIN_VERSIONS =
-        [GRADLE_6_X, GRADLE_7_X, GRADLE_8_X]
+        [GRADLE_6_X, GRADLE_7_X, GRADLE_8_0, GRADLE_8_X]
 
     static final String PUBLIC_BUILD_SCAN_ID = 'i2wepy2gr7ovw'
     static final String DEFAULT_SCAN_UPLOAD_TOKEN = 'scan-upload-token'
@@ -124,12 +129,17 @@ class BaseInitScriptTest extends Specification {
         buildFile << ''
     }
 
-    def declareGePluginApplication(GradleVersion gradleVersion) {
-        settingsFile.text = maybeAddPluginsToSettings(gradleVersion) + settingsFile.text
-        buildFile.text = maybeAddPluginsToRootProject(gradleVersion) + buildFile.text
+    def declareGePluginApplication(GradleVersion gradleVersion, URI serverUrl = mockScansServer.address) {
+        settingsFile.text = maybeAddPluginsToSettings(gradleVersion, null, serverUrl) + settingsFile.text
+        buildFile.text = maybeAddPluginsToRootProject(gradleVersion, null, serverUrl) + buildFile.text
     }
 
-    String maybeAddPluginsToSettings(GradleVersion gradleVersion) {
+    def declareGePluginAndCcudPluginApplication(GradleVersion gradleVersion, URI serverUrl = mockScansServer.address) {
+        settingsFile.text = maybeAddPluginsToSettings(gradleVersion, CCUD_PLUGIN_VERSION, serverUrl) + settingsFile.text
+        buildFile.text = maybeAddPluginsToRootProject(gradleVersion, CCUD_PLUGIN_VERSION, serverUrl) + buildFile.text
+    }
+
+    String maybeAddPluginsToSettings(GradleVersion gradleVersion, String ccudPluginVersion, URI serverUri) {
         if (gradleVersion < GradleVersion.version('5.0')) {
             '' // applied in build.gradle
         } else if (gradleVersion < GradleVersion.version('6.0')) {
@@ -137,10 +147,11 @@ class BaseInitScriptTest extends Specification {
         } else {
             """
               plugins {
-                id 'com.gradle.enterprise' version '3.13.4'
+                id 'com.gradle.enterprise' version '${DEVELOCITY_PLUGIN_VERSION}'
+                ${ccudPluginVersion ? "id 'com.gradle.common-custom-user-data-gradle-plugin' version '$ccudPluginVersion'" : ""}
               }
               gradleEnterprise {
-                server = '$mockScansServer.address'
+                server = '$serverUri'
                 buildScan {
                   publishAlways()
                 }
@@ -149,24 +160,26 @@ class BaseInitScriptTest extends Specification {
         }
     }
 
-    String maybeAddPluginsToRootProject(GradleVersion gradleVersion) {
+    String maybeAddPluginsToRootProject(GradleVersion gradleVersion, String ccudPluginVersion, URI serverUrl) {
         if (gradleVersion < GradleVersion.version('5.0')) {
             """
               plugins {
                 id 'com.gradle.build-scan' version '1.16'
+                ${ccudPluginVersion ? "id 'com.gradle.common-custom-user-data-gradle-plugin' version '$ccudPluginVersion'" : ""}
               }
               buildScan {
-                server = '$mockScansServer.address'
+                server = '$serverUrl'
                 publishAlways()
               }
             """
         } else if (gradleVersion < GradleVersion.version('6.0')) {
             """
               plugins {
-                id 'com.gradle.build-scan' version '3.13.4'
+                id 'com.gradle.build-scan' version '${DEVELOCITY_PLUGIN_VERSION}'
+                ${ccudPluginVersion ? "id 'com.gradle.common-custom-user-data-gradle-plugin' version '$ccudPluginVersion'" : ""}
               }
               gradleEnterprise {
-                server = '$mockScansServer.address'
+                server = '$serverUrl'
                 buildScan {
                   publishAlways()
                 }

test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestBuildResultRecorder.groovy

@@ -5,7 +5,7 @@ import groovy.json.JsonSlurper
 import static org.junit.Assume.assumeTrue
 
 class TestBuildResultRecorder extends BaseInitScriptTest {
-    def initScript = 'build-result-capture.init.gradle'
+    def initScript = 'gradle-build-action.build-result-capture.init.gradle'
 
     def "produces build results file for build with #testGradleVersion"() {
         assumeTrue testGradleVersion.compatibleWithCurrentJvm
@@ -148,13 +148,30 @@ class TestBuildResultRecorder extends BaseInitScriptTest {
         testGradleVersion << ALL_VERSIONS
     }
 
+    def "produces no build results file when RUNNER_TEMP dir is not a writable directory with #testGradleVersion"() {
+        assumeTrue testGradleVersion.compatibleWithCurrentJvm
+
+        when:
+        def invalidDir = new File(testProjectDir, 'invalid-runner-temp')
+        invalidDir.createNewFile()
+
+        run(['help'], initScript, testGradleVersion.gradleVersion, [], [RUNNER_TEMP: invalidDir.absolutePath])
+
+        then:
+        def buildResultsDir = new File(testProjectDir, '.build-results')
+        assert !buildResultsDir.exists()
+
+        where:
+        testGradleVersion << ALL_VERSIONS
+    }
+
     def "produces build results file with build scan when GE plugin is applied in settingsEvaluated"() {
         assumeTrue testGradleVersion.compatibleWithCurrentJvm
 
         when:
         settingsFile.text = """
             plugins {
-                id 'com.gradle.enterprise' version '3.13.4' apply(false)
+                id 'com.gradle.enterprise' version '3.16.1' apply(false)
             }
             gradle.settingsEvaluated {
                 apply plugin: 'com.gradle.enterprise'