What's Changed

Breaking Changes

• Upgrade to node 24 by @amyu in #721

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency upgrades

• Bump the github-actions group across 1 directory with 2 updates by @dependabot[bot] in #748

Full Changelog: v4...v5.0.0

What's Changed

• Bump the github-actions group across 2 directories with 3 updates by @dependabot[bot] in #726
• Regenerating package lock by @cdsap in #729
• Update known wrapper checksums by @github-actions[bot] in #730
• Bump the github-actions group across 1 directory with 3 updates by @dependabot[bot] in #735
• Bump the gradle group across 3 directories with 1 update by @dependabot[bot] in #734
• Bump the npm-dependencies group in /sources with 4 updates by @dependabot[bot] in #733
• Bump references to Develocity Gradle plugin from 4.1.1 to 4.2 by @bot-githubaction in #736
• Handle gracefully parse errors in checksum file by @jprinet in #737
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/kotlin-dsl by @bot-githubaction in #742
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/java-toolchain by @bot-githubaction in #741
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/groovy-dsl by @bot-githubaction in #740
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /.github/workflow-samples/gradle-plugin by @bot-githubaction in #739
• Bump Gradle Wrapper from 9.0.0 to 9.1.0 in /sources/test/init-scripts by @bot-githubaction in #738
• Update known wrapper checksums by @github-actions[bot] in #743
• Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by @dependabot[bot] in #746
• Bump the npm-dependencies group in /sources with 5 updates by @dependabot[bot] in #745

Full Changelog: v4...v4.4.4

What's Changed

• Adapt tests to future new Build Scan publication message by @alextu in #708
• Add missing Gradle version input to setup-gradle by @jprinet in #713
• Bump the github-actions group across 2 directories with 4 updates by @dependabot[bot] in #710
• Bump references to Develocity Gradle plugin from 4.1 to 4.1.1 by @bot-githubaction in #712
• Update known wrapper checksums by @github-actions[bot] in #709
• Bump the npm-dependencies group across 1 directory with 4 updates by @dependabot[bot] in #711
• Do not run setup-gradle post action if workflow is cancelled by @jprinet in #716
• Bump the github-actions group across 2 directories with 2 updates by @dependabot[bot] in #715
• Bump the npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #720
• Bump github/codeql-action from 3.29.11 to 3.30.0 in the github-actions group across 1 directory by @dependabot[bot] in #719
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.2 to 2.20.0 in /sources/test/init-scripts in the gradle group across 1 directory by @dependabot[bot] in #718
• Update known wrapper checksums by @github-actions[bot] in #723
• Bump the npm-dependencies group in /sources with 5 updates by @dependabot[bot] in #725

Full Changelog: v4.4.2...v4.4.3

This patch release updates a bunch of dependency versions

What's Changed

• Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group across 1 directory (#703)
• Bumps the npm-dependencies group in /sources with 4 updates (#702)
• Upgrade to gradle 9 in workflows and tests (#704)
• Update known wrapper checksums (#701)
• Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/gradle-plugin (#695)
• Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/groovy-dsl (#696)
• Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/java-toolchain (#697)
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.1 to 2.19.2 in /sources/test/init-scripts in the gradle group across 1 directory (#693)
• Bump github/codeql-action from 3.29.0 to 3.29.4 in the github-actions group across 1 directory (#691)
• Bump the npm-dependencies group in /sources with 5 updates (#692)
• Bump references to Develocity Gradle plugin from 4.0.2 to 4.1 (#685)
• Bump the npm-dependencies group across 1 directory with 8 updates (#684)
• Run Gradle release candidate tests with JDK 17 (#690)
• Update Develocity npm agent to version 1.0.1 (#687)
• Update known wrapper checksums (#688)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/kotlin-dsl (#683
• Bump the github-actions group across 1 directory with 3 updates (#675)
• Bump the gradle group across 3 directories with 2 updates (#674)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /sources/test/init-scripts (#679)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/java-toolchain (#682)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/groovy-dsl (#681)
• Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/gradle-plugin (#680)
• Update known wrapper checksums (#676)

Full Changelog: v4.4.1...v4.4.2

This patch release fixes a bug in Develocity Injection with a custom plugin repository.
The gradle-plugin-repository-* action parameters were not being correctly mapped to environment variables that are read by the Develocity Injection init script.

This issue has been fixed by setting the correct environment variables:

• gradle-plugin-repository-url is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_URL
• gradle-plugin-repository-username is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_USERNAME
• gradle-plugin-repository-password is mapped to DEVELOCITY_INJECTION_PLUGIN_REPOSITORY_PASSWORD

Additionally, these parameters can now be used to configure a custom plugin repository for the GitHub Dependency Graph Gradle Plugin, required for dependency submission.

What's Changed

• Dependency updates by @bigdaz in #667
• Fix plugin repository env vars by @bigdaz in #669

Full Changelog: v4.4.0...v4.4.1

This release updates 2 downstream components:

• Develocity injection has been updated to v2.0
  • Some environment variables related to Develocity injection have been renamed. All vars now being with DEVELOCITY_INJECTION_. Check the docs for more details.
• Dependency-graph plugin has been updated to v1.4.0
  • The 'detector' values included in the generated graph can now be configured via environment variables.

What's Changed

• Update develocity-injection init script to v1.3 by @bot-githubaction in #592
• Update develocity-injection init script to v2.0 by @bot-githubaction in #593
• [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #597
• Use v1.4.0 of dependency graph plugin by @bigdaz in #638

New Contributors

• @step-security-bot made their first contribution in #597

Full Changelog: v4.3.1...v4.4.0

This release fixes a couple of minor issues, as well as keeping dependencies up to date.

Fixed issues

• The develocity-allow-untrusted-server parameter should be honoured when fetching short-lived access tokens #583
• Build summary may incorrectly report build success #415

What's Changed

• Update develocity-injection init script to v1.1.1 by @bot-githubaction in #545
• Bump the github-actions group across 2 directories with 3 updates by @dependabot in #547
• Bump the npm-dependencies group in /sources with 2 updates by @dependabot in #548
• Update develocity-injection init script to v1.2 by @bot-githubaction in #550
• Bump the github-actions group across 1 directory with 2 updates by @dependabot in #552
• Bump the npm-dependencies group across 1 directory with 5 updates by @dependabot in #558
• Update known wrapper checksums by @github-actions in #560
• Bump references to Develocity Gradle plugin from 3.19.1 to 3.19.2 by @bot-githubaction in #561
• Catch more build failures in job summary by @bigdaz in #571
• Scope captured build failures by @erichaagdev in #574
• Ignore SSL certificate validation when fetching Develocity short-lived access token if develocity-allow-untrusted-server is enabled by @remcomokveld in #575
• Dependency updates by @bigdaz in #579
• Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre in /.github/workflow-samples/kotlin-dsl in the gradle group across 1 directory by @dependabot in #580
• Bump the github-actions group across 2 directories with 2 updates by @dependabot in #582

New Contributors

• @erichaagdev made their first contribution in #574
• @remcomokveld made their first contribution in #575

Full Changelog: v4.3.0...v4.3.1

This release brings some significant improvements to cache-cleanup and dependency-submission:

• Cleanup cache entries written by newly released Gradle versions (#436)
• Use existing Gradle wrapper distribution for cache-cleanup where possible (#515)
• Automatically save each dependency-graph that is submitted by dependency-submission (#519)
• Fix deprecation warnings emitted by Gradle 8.12+ when:
  • Using build-scan-publish: true or Develocity injection (#543)
  • Using dependency-submission with an authenticated plugin repository with Gradle (#541)
• Fix warning when using toolchain support with Gradle 7.x (#511)

What's Changed

• Update known wrapper checksums by @github-actions in #493
• Fix typo in cache-reporting.ts by @SimonMarquis in #492
• Bump Gradle Wrappers by @github-actions in #499
• Bump the github-actions group across 3 directories with 7 updates by @dependabot in #510
• Bump the npm-dependencies group across 1 directory with 6 updates by @dependabot in #512
• Clean-up missing imports for tests by @bigdaz in #513
• Bump the npm-dependencies group in /sources with 3 updates by @dependabot in #521
• Add npm build scans by @bigdaz in #517
• Avoid env-var interpolation in toolchains.xml by @bigdaz in #518
• Avoid saving build-results for cache cleanup by @bigdaz in #520
• Save dependency graph as workflow artifact by @bigdaz in #522
• Update to CCUDGP 2.1 by @bigdaz in #524
• Bump references to Develocity Gradle plugin from 3.19 to 3.19.1 by @bot-githubaction in #527
• Choose best Gradle version to use for cache cleanup by @bigdaz in #526
• Uppercase cache-encryption-key by @Goooler in #528
• Attempt to use gradle wrapper for cache cleanup by @bigdaz in #525
• Document GRADLE_ACTIONS_SKIP_BUILD_RESULT_CAPTURE by @bigdaz in #529
• Update known wrapper checksums by @github-actions in #509
• Bump Gradle Wrappers by @github-actions in #535
• Bump the github-actions group across 2 directories with 2 updates by @dependabot in #538
• Update undici to resolve vulnerability by @bigdaz in #536
• Bump the npm-dependencies group across 1 directory with 2 updates by @dependabot in #539
• Update docs for dependency review by @bigdaz in #540
• Fix space assignment deprecations in init-scripts by @bigdaz in #542

New Contributors

• @SimonMarquis made their first contribution in #492

Full Changelog: v4.2.2...v4.3.0

This patch release updates a bunch of dependency versions and fixes a deprecation warning emitted with Gradle 8.12.

What's Changed

• Bump cross-spawn in /sources by @dependabot in #455
• Update known wrapper checksums by @github-actions in #462
• Bump the github-actions group across 1 directory with 2 updates by @dependabot in #474
• Update @actions/cache4.0.0 and patch by @amyu in #479
• Update develocity-injection init script to v1.1 by @bot-githubaction in #471
• Dependency updates by @bigdaz in #480
• Bump references to Develocity Gradle plugin from 3.18.2 to 3.19 by @bot-githubaction in #483
• Update known wrapper checksums by @github-actions in #484
• Bump the gradle group across 1 directory with 2 updates by @dependabot in #485
• Attempt to limit failures in wrapper-validation tests by @bigdaz in #490
• Update known wrapper checksums by @github-actions in #488
• Remove deprecation warning from init-script by @bigdaz in #491
• Use latest dependency-graph plugin by @bigdaz in #489

New Contributors

• @sebastian-dyroff made their first contribution in #465
• @amyu made their first contribution in #479

Full Changelog: v4.2.1...v4.2.2

This patch release fixes some issues with Develocity and Build Scan integration:

• Build scan links not captured in project using plugin com.gradle.enteprise:3.18.2 (#449)
• Enabling build-scan-publish causes some Develocity injection parameters to be ignored (#447)
• Setting develocity-ccud-plugin-version parameter is ignored (#446)

What's Changed

• Do not fail wrapper-validation on filename with illegal characters #438
• Bump references to Develocity Gradle plugin from 3.18.1 to 3.18.2 by @bot-githubaction in #441
• Bump Gradle from 8.10.2 to 8.11 in #443
• Develocity injection fixes in #448
• Adapt build-result-capture script for GE plugin 3.17+ in #450
• ci: add scorecard by @nitrocode in #384

New Contributors

• @nitrocode made their first contribution in #384

Full Changelog: v4.2.0...v4.2.1