Revert "Update gradle-actions-caching library to v0.5.0 (#923)"

This reverts commit 6ac57d8041.

.github/actions/build-dist/action.yml

@@ -3,9 +3,11 @@ name: 'Build and upload distribution'
 runs:
   using: "composite"
   steps: 
-    - uses: actions/setup-node@v4
+    - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
       with:
-        node-version: 20
+        node-version: 24
+        cache: npm
+        cache-dependency-path: sources/package-lock.json
     - name: Build distribution
       shell: bash
       run: |
@@ -14,8 +16,14 @@ runs:
         npm install
         npm run build
       working-directory: sources
+
+    - name: Copy the generated sources/dist directory to the top-level dist
+      shell: bash
+      run: |
+        cp -r sources/dist .
+
     - name: Upload distribution
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
       with:
         name: dist
         path: dist/

.github/actions/download-dist/action.yml

@@ -1,12 +0,0 @@
-name: 'Download dist'
-# Downloads a 'dist' directory artifact that was uploaded in an earlier step
-# We control this with an environment variable to allow for easier global configuration.
-runs:
-  using: "composite"
-  steps: 
-    - name: Download dist
-      if: ${{ env.DOWNLOAD_DIST == 'true' }}
-      uses: actions/download-artifact@v4
-      with:
-        name: dist
-        path: dist/

.github/actions/init-integ-test/action.yml

@@ -0,0 +1,29 @@
+name: 'Initialize integ-test'
+
+inputs:
+  java-version:
+    description: 'Java version to use'
+    required: false
+    default: '17'
+
+runs:
+  using: "composite"
+  steps: 
+    - name: Setup Java
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
+      with:
+        distribution: 'temurin'
+        java-version: ${{ inputs.java-version }}
+
+    - name: Configure environment
+      shell: bash
+      run: |
+        echo "ALLOWED_GRADLE_WRAPPER_CHECKSUMS=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" >> "$GITHUB_ENV"
+
+    # Downloads a 'dist' directory artifact that was uploaded in an earlier 'build-dist' step
+    - name: Download dist
+      if: ${{ env.SKIP_DIST != 'true' && !env.ACT }}
+      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+      with:
+        name: dist
+        path: dist/

.github/dependabot.yml

@@ -5,6 +5,7 @@ registries:
     url: https://plugins.gradle.org/m2
     username: dummy # Required by dependabot
     password: dummy # Required by dependabot
+
 updates:
   - package-ecosystem: "npm"
     directory: "/sources"
@@ -14,27 +15,19 @@ updates:
       npm-dependencies:
         patterns:
         - "*"
-      
+    ignore:
+      # Keep actions/cache and actions/artifact major aligned and force actions/cache version to match patch
+      - dependency-name: "*actions/cache*"
+      - dependency-name: "*actions/artifact*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+
   - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    groups:
-      github-actions:
-        patterns:
-        - "*"
-  # github-actions with directory: "/" only monitors .github/workflows
-  # https://github.com/dependabot/dependabot-core/issues/6345
-  - package-ecosystem: "github-actions"
-    directory: "/.github/actions/build-dist"
-    schedule:
-      interval: "weekly"
-    groups:
-      github-actions:
-        patterns:
-          - "*"
-  - package-ecosystem: "github-actions"
-    directory: "/.github/actions/download-dist"
+    # github-actions with directory: "/" only monitors .github/workflows
+    # https://github.com/dependabot/dependabot-core/issues/6345
+    directories:
+      - "/"
+      - "/.github/actions/build-dist"
+      - "/.github/actions/init-integ-test"
     schedule:
       interval: "weekly"
     groups:
@@ -43,44 +36,19 @@ updates:
           - "*"
 
   - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/gradle-plugin"
+    directories:
+      - ".github/workflow-samples/gradle-plugin"
+      - ".github/workflow-samples/groovy-dsl"
+      - ".github/workflow-samples/java-toolchain"
+      - ".github/workflow-samples/kotlin-dsl"
+      - ".github/workflow-samples/no-wrapper"
+      - ".github/workflow-samples/no-wrapper-gradle-5"
+      - "sources/test/init-scripts"
     registries:
       - gradle-plugin-portal
     schedule:
-      interval: "daily"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/groovy-dsl"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/java-toolchain"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/kotlin-dsl"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/no-wrapper"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "gradle"
-    directory: ".github/workflow-samples/no-wrapper-gradle-5"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "gradle"
-    directory: "sources/test/init-scripts"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "daily"
+      interval: "weekly"
+    groups:
+      gradle:
+        patterns:
+          - "*"

.github/workflow-samples/gradle-plugin/gradle/libs.versions.toml

@@ -0,0 +1,2 @@
+# This file was generated by the Gradle 'init' task.
+# https://docs.gradle.org/current/userguide/platforms.html#sub::toml-dependencies-format

.github/workflow-samples/gradle-plugin/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=544c35d6bd849ae8a5ed0bcea39ba677dc40f49df7d1835561582da2009b961d
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionSha256Sum=2ab2958f2a1e51120c326cad6f385153bb11ee93b3c216c5fccebfdfbb7ec6cb
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/gradle-plugin/gradlew

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/2d6327017519d23b96af35865dc997fcb544fb40/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -112,7 +114,6 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
 
 # Determine the Java command to use to start the JVM.
@@ -170,7 +171,6 @@ fi
 # For Cygwin or MSYS, switch paths to Windows format before running java
 if "$cygwin" || "$msys" ; then
     APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
 
     JAVACMD=$( cygpath --unix "$JAVACMD" )
 
@@ -203,15 +203,14 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 
 # Stop when "xargs" is not available.

.github/workflow-samples/gradle-plugin/gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,22 +59,21 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
 :execute
 @rem Setup the command line
 
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell

.github/workflow-samples/gradle-plugin/plugin/build.gradle

@@ -1,60 +0,0 @@
-/*
- * This file was generated by the Gradle 'init' task.
- *
- * This generated file contains a sample Gradle plugin project to get you started.
- * For more details take a look at the Writing Custom Plugins chapter in the Gradle
- * User Manual available at https://docs.gradle.org/7.3/userguide/custom_plugins.html
- * This project uses @Incubating APIs which are subject to change.
- */
-
-plugins {
-    // Apply the Java Gradle plugin development plugin to add support for developing Gradle plugins
-    id 'java-gradle-plugin'
-}
-
-repositories {
-    // Use Maven Central for resolving dependencies.
-    mavenCentral()
-}
-
-testing {
-    suites {
-        // Configure the built-in test suite
-        test {
-            // Use JUnit Jupiter test framework
-            useJUnitJupiter('5.7.2')
-        }
-
-        // Create a new test suite
-        functionalTest(JvmTestSuite) {
-            dependencies {
-                // functionalTest test suite depends on the production code in tests
-                implementation(project(':plugin'))
-            }
-
-            targets {
-                all {
-                    // This test suite should run after the built-in test suite has run its tests
-                    testTask.configure { shouldRunAfter(test) } 
-                }
-            }
-        }
-    }
-}
-
-gradlePlugin {
-    // Define the plugin
-    plugins {
-        greeting {
-            id = 'org.example.gradle.plugin.greeting'
-            implementationClass = 'org.example.gradle.plugin.GradlePluginPlugin'
-        }
-    }
-}
-
-gradlePlugin.testSourceSets(sourceSets.functionalTest)
-
-tasks.named('check') {
-    // Include functionalTest as part of the check lifecycle
-    dependsOn(testing.suites.functionalTest)
-}

.github/workflow-samples/gradle-plugin/plugin/build.gradle.kts

@@ -0,0 +1,40 @@
+plugins {
+    `java-gradle-plugin`
+}
+
+repositories {
+    mavenCentral()
+}
+
+testing {
+    suites {
+        val test by getting(JvmTestSuite::class) {
+            useJUnitJupiter()
+        }
+
+        val functionalTest by registering(JvmTestSuite::class) {
+            dependencies {
+                implementation(project())
+            }
+
+            targets {
+                all {
+                    testTask.configure { shouldRunAfter(test) } 
+                }
+            }
+        }
+    }
+}
+
+gradlePlugin {
+    val greeting by plugins.creating {
+        id = "org.example.greeting"
+        implementationClass = "org.example.GradlePluginPlugin"
+    }
+}
+
+gradlePlugin.testSourceSets.add(sourceSets["functionalTest"])
+
+tasks.named<Task>("check") {
+    dependsOn(testing.suites.named("functionalTest"))
+}

.github/workflow-samples/gradle-plugin/plugin/src/functionalTest/java/org/example/GradlePluginPluginFunctionalTest.java

@@ -1,7 +1,7 @@
 /*
- * This Java source file was generated by the Gradle 'init' task.
+ * This source file was generated by the Gradle 'init' task
  */
-package org.example.gradle.plugin;
+package org.example;
 
 import java.io.File;
 import java.io.IOException;
@@ -15,7 +15,7 @@ import org.junit.jupiter.api.io.TempDir;
 import static org.junit.jupiter.api.Assertions.*;
 
 /**
- * A simple functional test for the 'org.example.gradle.plugin.greeting' plugin.
+ * A simple functional test for the 'org.example.greeting' plugin.
  */
 class GradlePluginPluginFunctionalTest {
     @TempDir
@@ -29,24 +29,23 @@ class GradlePluginPluginFunctionalTest {
         return new File(projectDir, "settings.gradle");
     }
 
-    @Test void canRunTaskWithGradle691() throws IOException {
+    @Test void canRunTask() throws IOException {
         writeString(getSettingsFile(), "");
         writeString(getBuildFile(),
             "plugins {" +
-            "  id('org.example.gradle.plugin.greeting')" +
+            "  id('org.example.greeting')" +
             "}");
 
         // Run the build
         GradleRunner runner = GradleRunner.create();
         runner.forwardOutput();
-        runner.withGradleVersion("6.9.1");
         runner.withPluginClasspath();
         runner.withArguments("greeting");
         runner.withProjectDir(projectDir);
         BuildResult result = runner.build();
 
         // Verify the result
-        assertTrue(result.getOutput().contains("Hello from plugin 'org.example.gradle.plugin.greeting'"));
+        assertTrue(result.getOutput().contains("Hello from plugin 'org.example.greeting'"));
     }
 
     private void writeString(File file, String string) throws IOException {

.github/workflow-samples/gradle-plugin/plugin/src/main/java/org/example/GradlePluginPlugin.java

@@ -1,7 +1,7 @@
 /*
- * This Java source file was generated by the Gradle 'init' task.
+ * This source file was generated by the Gradle 'init' task
  */
-package org.example.gradle.plugin;
+package org.example;
 
 import org.gradle.api.Project;
 import org.gradle.api.Plugin;
@@ -13,7 +13,7 @@ public class GradlePluginPlugin implements Plugin<Project> {
     public void apply(Project project) {
         // Register a task
         project.getTasks().register("greeting", task -> {
-            task.doLast(s -> System.out.println("Hello from plugin 'org.example.gradle.plugin.greeting'"));
+            task.doLast(s -> System.out.println("Hello from plugin 'org.example.greeting'"));
         });
     }
 }

.github/workflow-samples/gradle-plugin/plugin/src/test/java/org/example/GradlePluginPluginTest.java

@@ -1,7 +1,7 @@
 /*
- * This Java source file was generated by the Gradle 'init' task.
+ * This source file was generated by the Gradle 'init' task
  */
-package org.example.gradle.plugin;
+package org.example;
 
 import org.gradle.testfixtures.ProjectBuilder;
 import org.gradle.api.Project;
@@ -9,13 +9,13 @@ import org.junit.jupiter.api.Test;
 import static org.junit.jupiter.api.Assertions.*;
 
 /**
- * A simple unit test for the 'org.example.gradle.plugin.greeting' plugin.
+ * A simple unit test for the 'org.example.greeting' plugin.
  */
 class GradlePluginPluginTest {
     @Test void pluginRegistersATask() {
         // Create a test project and apply the plugin
         Project project = ProjectBuilder.builder().build();
-        project.getPlugins().apply("org.example.gradle.plugin.greeting");
+        project.getPlugins().apply("org.example.greeting");
 
         // Verify the result
         assertNotNull(project.getTasks().findByName("greeting"));

.github/workflow-samples/gradle-plugin/settings.gradle

@@ -1,12 +0,0 @@
-/*
- * This file was generated by the Gradle 'init' task.
- *
- * The settings file is used to specify which projects to include in your build.
- *
- * Detailed information about configuring a multi-project build in Gradle can be found
- * in the user manual at https://docs.gradle.org/7.3/userguide/multi_project_builds.html
- * This project uses @Incubating APIs which are subject to change.
- */
-
-rootProject.name = 'gradle-plugin'
-include('plugin')

.github/workflow-samples/gradle-plugin/settings.gradle.kts

@@ -0,0 +1,2 @@
+rootProject.name = "gradle-plugin-2"
+include("plugin")

.github/workflow-samples/groovy-dsl/build.gradle

@@ -6,8 +6,12 @@ repositories {
     mavenCentral()
 }
 
-dependencies {
-    testImplementation('junit:junit:4.13.2')
+testing {
+    suites {
+        test {
+            useJUnit()
+        }
+    }
 }
 
 tasks.named("test").configure {

.github/workflow-samples/groovy-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=544c35d6bd849ae8a5ed0bcea39ba677dc40f49df7d1835561582da2009b961d
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionSha256Sum=2ab2958f2a1e51120c326cad6f385153bb11ee93b3c216c5fccebfdfbb7ec6cb
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/groovy-dsl/gradlew

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/2d6327017519d23b96af35865dc997fcb544fb40/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -112,7 +114,6 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
 
 # Determine the Java command to use to start the JVM.
@@ -170,7 +171,6 @@ fi
 # For Cygwin or MSYS, switch paths to Windows format before running java
 if "$cygwin" || "$msys" ; then
     APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
 
     JAVACMD=$( cygpath --unix "$JAVACMD" )
 
@@ -203,15 +203,14 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 
 # Stop when "xargs" is not available.

.github/workflow-samples/groovy-dsl/gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,22 +59,21 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
 :execute
 @rem Setup the command line
 
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell

.github/workflow-samples/groovy-dsl/settings.gradle

@@ -1,6 +1,6 @@
 plugins {
-    id "com.gradle.develocity" version "3.17"
-    id "com.gradle.common-custom-user-data-gradle-plugin" version "1.13"
+    id "com.gradle.develocity" version "4.4.0"
+    id "com.gradle.common-custom-user-data-gradle-plugin" version "2.4.0"
 }
 
 develocity {

.github/workflow-samples/java-toolchain/build.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id 'java'
+    java
 }
 
 java {
@@ -12,6 +12,10 @@ repositories {
     mavenCentral()
 }
 
-dependencies {
-    testImplementation('junit:junit:4.13.2')
-}
+testing {
+    suites {
+        val test by getting(JvmTestSuite::class) {
+            useJUnit()
+        }
+    }
+}

.github/workflow-samples/java-toolchain/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=544c35d6bd849ae8a5ed0bcea39ba677dc40f49df7d1835561582da2009b961d
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionSha256Sum=2ab2958f2a1e51120c326cad6f385153bb11ee93b3c216c5fccebfdfbb7ec6cb
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/java-toolchain/gradlew

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/2d6327017519d23b96af35865dc997fcb544fb40/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -112,7 +114,6 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
 
 # Determine the Java command to use to start the JVM.
@@ -170,7 +171,6 @@ fi
 # For Cygwin or MSYS, switch paths to Windows format before running java
 if "$cygwin" || "$msys" ; then
     APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
 
     JAVACMD=$( cygpath --unix "$JAVACMD" )
 
@@ -203,15 +203,14 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 
 # Stop when "xargs" is not available.

.github/workflow-samples/java-toolchain/gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,22 +59,21 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
 :execute
 @rem Setup the command line
 
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell

.github/workflow-samples/java-toolchain/settings.gradle

@@ -1,5 +0,0 @@
-plugins {
-    id("org.gradle.toolchains.foojay-resolver-convention") version("0.7.0")
-}
-
-rootProject.name = 'basic'

.github/workflow-samples/java-toolchain/settings.gradle.kts

@@ -0,0 +1,6 @@
+plugins {
+    // Apply the foojay-resolver plugin to allow automatic download of JDKs
+    id("org.gradle.toolchains.foojay-resolver-convention") version "1.0.0"
+}
+
+rootProject.name = "java-toolchains"

.github/workflow-samples/kotlin-dsl/build.gradle.kts

@@ -8,13 +8,15 @@ repositories {
 
 dependencies {
     api("org.apache.commons:commons-math3:3.6.1")
-    implementation("com.google.guava:guava:33.1.0-jre")
-
-    testImplementation("org.junit.jupiter:junit-jupiter:5.10.2")
+    implementation("com.google.guava:guava:33.5.0-jre")
 }
 
-tasks.test {
-    useJUnitPlatform()
+testing {
+    suites { 
+       val test by getting(JvmTestSuite::class) { 
+            useJUnitJupiter() 
+        }
+    }
 }
 
 tasks.named("test").configure {

.github/workflow-samples/kotlin-dsl/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=544c35d6bd849ae8a5ed0bcea39ba677dc40f49df7d1835561582da2009b961d
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionSha256Sum=2ab2958f2a1e51120c326cad6f385153bb11ee93b3c216c5fccebfdfbb7ec6cb
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/kotlin-dsl/gradlew

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/2d6327017519d23b96af35865dc997fcb544fb40/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -112,7 +114,6 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
 
 # Determine the Java command to use to start the JVM.
@@ -170,7 +171,6 @@ fi
 # For Cygwin or MSYS, switch paths to Windows format before running java
 if "$cygwin" || "$msys" ; then
     APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
 
     JAVACMD=$( cygpath --unix "$JAVACMD" )
 
@@ -203,15 +203,14 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 
 # Stop when "xargs" is not available.

.github/workflow-samples/kotlin-dsl/gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,22 +59,21 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
 :execute
 @rem Setup the command line
 
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell

.github/workflow-samples/kotlin-dsl/settings.gradle.kts

@@ -1,6 +1,6 @@
 plugins {
-    id("com.gradle.develocity") version "3.17"
-    id("com.gradle.common-custom-user-data-gradle-plugin") version "1.13"
+    id("com.gradle.develocity") version "4.4.0"
+    id("com.gradle.common-custom-user-data-gradle-plugin") version "2.4.0"
 }
 
 develocity {

.github/workflow-samples/no-wrapper-gradle-5/build.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17" 
+    id "com.gradle.develocity" version "4.4.0" 
 }
 
 develocity {

.github/workflow-samples/no-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17"
+    id "com.gradle.develocity" version "4.4.0"
 }
 
 develocity {

.github/workflow-samples/non-executable-wrapper/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionSha256Sum=544c35d6bd849ae8a5ed0bcea39ba677dc40f49df7d1835561582da2009b961d
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionSha256Sum=57dafb5c2622c6cc08b993c85b7c06956a2f53536432a30ead46166dbca0f1e9
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

.github/workflow-samples/non-executable-wrapper/gradlew

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum

.github/workflow-samples/non-executable-wrapper/gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 

.github/workflow-samples/non-executable-wrapper/settings.gradle

@@ -1,5 +1,5 @@
 plugins {
-    id "com.gradle.develocity" version "3.17"
+    id "com.gradle.develocity" version "4.4.0"
 }
 
 develocity {

.github/workflows/ci-check-and-unit-test.yml

@@ -0,0 +1,62 @@
+name: CI-check-and-unit-test
+
+on:
+  push:
+    branches:
+    - 'main'
+    - 'release/**'
+    paths-ignore:
+    - 'dist/**'
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  check-format-and-unit-test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      with:
+        node-version: 20
+        cache: npm
+        cache-dependency-path: sources/package-lock.json
+    - name: Setup Gradle
+      # Use a released version to avoid breakages
+      uses: gradle/actions/setup-gradle@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1
+      env:
+        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
+      with:
+        gradle-version: '8.14.2'
+
+    - name: Install Develocity npm agent
+      run: |
+        npm exec -y -- pacote extract @gradle-tech/develocity-agent@3.0.1 ~/.node_libraries/@gradle-tech/develocity-agent
+
+    - name: Install npm dependencies
+      run: |
+        npm clean-install
+      working-directory: sources
+      env:
+        NODE_OPTIONS: '-r @gradle-tech/develocity-agent/preload'
+        DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'
+
+    - name: Check formatting and compile
+      run: |
+        npm run check
+        npm run compile
+      working-directory: sources
+      env:
+        NODE_OPTIONS: '-r @gradle-tech/develocity-agent/preload'
+        DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'
+
+    - name: Run unit tests
+      run: |
+        npm test
+      working-directory: sources
+      env:
+        NODE_OPTIONS: '-r @gradle-tech/develocity-agent/preload'
+        DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'

.github/workflows/ci-check-no-dist-update.yml

@@ -0,0 +1,40 @@
+name: CI-check-no-dist-update
+
+# Prohibit any change to 'dist/**' on a non-release branch
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - 'dist/**'
+
+permissions:
+  contents: read
+
+jobs:
+  fail-on-dist-update:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      with:
+        fetch-depth: 0
+
+    - name: Get changed files
+      id: changed-files
+      uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
+      with:
+        files: |
+          dist/**
+
+    - name: Print changes to dist directory
+      env:
+        ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
+      run: |
+        for file in ${ALL_CHANGED_FILES}; do
+          echo "$file was changed"
+        done
+
+    - run: |
+        echo "The 'dist' directory is automatically updated by the release process."
+        echo "It should not be updated manually in a non-release branch or a pull request."
+        exit 1

.github/workflows/ci-codeql.yml

@@ -2,12 +2,19 @@ name: CI-codeql
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+    - 'main'
+    - 'release/**'
+    - 'dev/**' # Allow running Code QL on dev branches without a PR
   pull_request:
-    branches: [ "main" ]
+    branches:
+    - 'main'
   schedule:
     - cron: '25 23 * * 2'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
@@ -24,11 +31,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v3.29.5
       with:
         languages: ${{ matrix.language }}
         config: |
@@ -36,4 +43,4 @@ jobs:
           - sources/src
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v3.29.5

.github/workflows/ci-dependency-review.yml

@@ -1,20 +0,0 @@
-# Dependency Review Action
-#
-# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
-#
-# Source repository: https://github.com/actions/dependency-review-action
-# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
-name: CI-dependency-review
-on: [pull_request]
-
-permissions:
-  contents: read
-
-jobs:
-  dependency-review:
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout Repository'
-        uses: actions/checkout@v4
-      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v4

.github/workflows/ci-full-check.yml

@@ -1,108 +0,0 @@
-name: CI-full-check
-
-on:
-  workflow_dispatch:
-  pull_request:
-    types:
-      - assigned
-      - review_requested
-  push:
-    branches: 
-      - main
-      - release/**
-    paths:
-      - '.github/**'
-      - 'dist/**'
-      - '**/action.yml'
-
-jobs:
-  action-inputs:
-    uses: ./.github/workflows/integ-test-action-inputs.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  cache-cleanup:
-    uses: ./.github/workflows/integ-test-cache-cleanup.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  caching-config:
-    uses: ./.github/workflows/integ-test-caching-config.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  dependency-graph:
-    uses: ./.github/workflows/integ-test-dependency-graph.yml
-    permissions:
-      contents: write
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  dependency-graph-failures:
-    uses: ./.github/workflows/integ-test-dependency-graph-failures.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  execution-with-caching:
-    uses: ./.github/workflows/integ-test-execution-with-caching.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  execution:
-    uses: ./.github/workflows/integ-test-execution.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  develocity-injection:
-    uses: ./.github/workflows/integ-test-inject-develocity.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-    secrets:
-      DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_SOLUTIONS_ACCESS_TOKEN }}
-
-  provision-gradle-versions:
-    uses: ./.github/workflows/integ-test-provision-gradle-versions.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  restore-configuration-cache:
-    uses: ./.github/workflows/integ-test-restore-configuration-cache.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-    secrets:
-      GRADLE_ENCRYPTION_KEY: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-
-  restore-custom-gradle-home:
-    uses: ./.github/workflows/integ-test-restore-custom-gradle-home.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  restore-containerized-gradle-home:
-    uses: ./.github/workflows/integ-test-restore-containerized-gradle-home.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  restore-gradle-home:
-    uses: ./.github/workflows/integ-test-restore-gradle-home.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  restore-java-toolchain:
-    uses: ./.github/workflows/integ-test-restore-java-toolchain.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  sample-kotlin-dsl:
-    uses: ./.github/workflows/integ-test-sample-kotlin-dsl.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  sample-gradle-plugin:
-    uses: ./.github/workflows/integ-test-sample-gradle-plugin.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-
-
-  toolchain-detection:
-    uses: ./.github/workflows/integ-test-detect-java-toolchains.yml
-    with:
-      cache-key-prefix: ${{github.run_number}}-

.github/workflows/ci-init-script-check.yml

@@ -2,25 +2,37 @@ name: CI-init-script-check
 
 on:
   push:
+    branches:
+    - 'main'
+    - 'release/**'
+    paths-ignore:
+    - 'dist/**'
+  pull_request:
     paths:
       - '.github/workflows/ci-init-script-check.yml'
       - 'sources/src/resources/init-scripts/**'
       - 'sources/test/init-scripts/**'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   test-init-scripts:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: Setup Java
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
       with:
         distribution: temurin
-        java-version: 8
+        java-version: 17
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3 # Use a released version to avoid breakages
+      # Use a released version to avoid breakages
+      uses: gradle/actions/setup-gradle@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1
+      env:
+        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
     - name: Run integration tests
       working-directory: sources/test/init-scripts
       run: ./gradlew check

.github/workflows/ci-integ-test-full.yml

@@ -0,0 +1,37 @@
+name: CI-integ-test-full
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+    - 'main'
+    - 'bot/gradle-actions-caching'
+    paths:
+    - 'dist/**'
+    - 'sources/vendor/gradle-actions-caching/**'
+
+permissions:
+  contents: read
+
+jobs:
+  caching-integ-tests:
+    uses: ./.github/workflows/suite-integ-test-caching.yml
+    concurrency:
+      group: CI-integ-test-full
+      cancel-in-progress: false
+    with:
+      runner-os: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+      skip-dist: true
+    secrets: inherit
+
+  other-integ-tests:
+    permissions:
+      contents: write
+    uses: ./.github/workflows/suite-integ-test-other.yml
+    concurrency:
+      group: CI-integ-test-full
+      cancel-in-progress: false
+    with:
+      runner-os: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+      skip-dist: true
+    secrets: inherit

.github/workflows/ci-integ-test.yml

@@ -0,0 +1,47 @@
+name: CI-integ-test
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+    - 'main'
+    - 'release/**'
+    - 'dev/**' # Allow running tests on dev branches without a PR
+    paths-ignore:
+    - 'dist/**'
+
+permissions:
+  contents: read
+
+jobs:
+  build-distribution:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Build and upload distribution
+      if: ${{ needs.determine-suite.outputs.suite != 'full' }}
+      uses: ./.github/actions/build-dist
+
+  caching-integ-tests:
+    needs: build-distribution
+    uses: ./.github/workflows/suite-integ-test-caching.yml
+    concurrency:
+      group: CI-integ-test
+      cancel-in-progress: false
+    with:
+      skip-dist: false
+    secrets: inherit
+
+  other-integ-tests:
+    permissions:
+      contents: write
+    needs: build-distribution
+    uses: ./.github/workflows/suite-integ-test-other.yml
+    concurrency:
+      group: CI-integ-test
+      cancel-in-progress: false
+    with:
+      skip-dist: false
+    secrets: inherit

.github/workflows/ci-ossf-scorecard.yml

@@ -0,0 +1,51 @@
+name: CI-ossf-scorecard
+on:
+  schedule:
+    - cron: '0 5 * * 1'
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+
+    steps:
+      - name: 'Checkout code'
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+          show-progress: false
+
+      - name: 'Run analysis'
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: 'Upload artifact'
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5

.github/workflows/ci-quick-check.yml

@@ -1,156 +0,0 @@
-name: CI-quick-check
-
-on:
-  workflow_dispatch:
-  push:
-    branches-ignore: 
-    - main
-    - release/**
-
-jobs:
-  build-distribution:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Build and upload distribution
-      uses: ./.github/actions/build-dist
-
-  run-unit-tests:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Configure Gradle as default for unit test
-      uses: ./setup-gradle
-      with:
-        gradle-version: 8.7
-    - name: Run tests
-      run: |
-        npm install
-        npm run all
-      working-directory: sources
-
-  action-inputs:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-action-inputs.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  cache-cleanup:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-cache-cleanup.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-      cache-key-prefix: ${{github.run_number}}- # Requires a fresh cache entry each run
-
-  caching-config:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-caching-config.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  dependency-graph:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-dependency-graph.yml
-    permissions:
-      contents: write
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  dependency-graph-failures:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-dependency-graph-failures.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  execution-with-caching:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-execution-with-caching.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  execution:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-execution.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  develocity-injection:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-inject-develocity.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-    secrets:
-      DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_SOLUTIONS_ACCESS_TOKEN }}
-
-  provision-gradle-versions:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-provision-gradle-versions.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  restore-configuration-cache:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-restore-configuration-cache.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-    secrets:
-      GRADLE_ENCRYPTION_KEY: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-
-  restore-containerized-gradle-home:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-restore-containerized-gradle-home.yml
-    with:
-      download-dist: true
-
-  restore-custom-gradle-home:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-restore-custom-gradle-home.yml
-    with:
-      download-dist: true
-
-  restore-gradle-home:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-restore-gradle-home.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  restore-java-toolchain:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-restore-java-toolchain.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  sample-kotlin-dsl:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-sample-kotlin-dsl.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  sample-gradle-plugin:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-sample-gradle-plugin.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true
-
-  toolchain-detection:
-    needs: build-distribution
-    uses: ./.github/workflows/integ-test-detect-java-toolchains.yml
-    with:
-      runner-os: '["ubuntu-latest"]'
-      download-dist: true

.github/workflows/ci-update-dist.yml

@@ -0,0 +1,82 @@
+name: CI-update-dist
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+    - 'main'
+    - 'prerelease/**'
+    - 'release/**'
+    paths-ignore:
+    - 'dist/**'
+
+permissions:
+  contents: read
+
+jobs:
+  update-dist:
+    # Only run for the Gradle repository; otherwise when users create pull requests from their `main` branch
+    # it would erroneously update `dist` on their branch (and the pull request)
+    if: github.repository == 'gradle/actions'
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      with:
+        token: ${{ secrets.BOT_GITHUB_TOKEN }}
+
+    - name: Set up Node.js
+      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      with:
+        node-version: 20
+        cache: npm
+        cache-dependency-path: sources/package-lock.json
+
+    - name: Install Develocity npm agent
+      run: |
+        npm exec -y -- pacote extract @gradle-tech/develocity-agent@3.0.1 ~/.node_libraries/@gradle-tech/develocity-agent
+
+    - name: Install npm dependencies
+      run: |
+        npm clean-install
+      working-directory: sources
+      env:
+        NODE_OPTIONS: '-r @gradle-tech/develocity-agent/preload'
+        DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'
+
+    - name: Build distribution
+      run: |
+        npm run check
+        npm run compile
+      working-directory: sources
+      env:
+        NODE_OPTIONS: '-r @gradle-tech/develocity-agent/preload'
+        DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
+        DEVELOCITY_ACCESS_KEY: '${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}'
+
+    - name: Copy the generated sources/dist directory to the top-level dist
+      run: |
+        cp -r sources/dist .
+
+    - name: Import GPG key to sign commits
+      uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
+      with:
+        gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }}
+        passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}
+        git_user_signingkey: true
+        git_commit_gpgsign: true
+        git_config_global: true
+
+    # Commit and push changes; has no effect if the files did not change
+    # Important: The push event will not trigger any other workflows, see
+    # https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
+    - name: Commit & push changes
+      uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
+      with:
+        commit_author: bot-githubaction <bot-githubaction@gradle.com>
+        commit_user_name: bot-githubaction
+        commit_user_email: bot-githubaction@gradle.com
+        commit_message: '[bot] Update dist directory'
+        file_pattern: dist

.github/workflows/ci-validate-typings.yml

@@ -0,0 +1,24 @@
+name: ci-validate-typings.yml
+on:
+  push:
+    branches:
+    - 'main'
+    - 'release/**'
+    paths-ignore:
+    - 'dist/**'
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  validate-typings:
+    runs-on: "ubuntu-latest"
+    steps:
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: typesafegithub/github-actions-typing@9ddf35b71a482be7d8922b28e8d00df16b77e315 # v2.2.2
+      with:
+        ignored-action-files: |
+          .github/actions/build-dist/action.yml
+          .github/actions/init-integ-test/action.yml
+          action.yml

.github/workflows/ci-validate-wrappers.yml

@@ -0,0 +1,17 @@
+name: CI-validate-wrappers
+
+on:
+  push:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  validation:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: gradle/actions/wrapper-validation@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1
+        with:
+          allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

.github/workflows/ci-verify-outputs.yml

@@ -1,45 +0,0 @@
-name: CI-verify-outputs
-
-on:
-  pull_request:
-    types:
-      - assigned
-      - review_requested
-  push:
-    branches: 
-      - main
-      - release/**
-      - dependabot/**
-
-jobs:
-  check:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
-      with:
-        node-version: 20
-    - name: Build
-      run: |
-        npm -v
-        node -v
-        npm install
-        npm run build
-      working-directory: sources
-
-    - name: Compare the expected and actual dist/ directories
-      run: |
-        if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
-          echo "Detected uncommitted changes after build.  See status below:"
-          git diff
-          exit 1
-        fi
-      id: diff
-
-    # If index.js was different than expected, upload the expected version as an artifact
-    - uses: actions/upload-artifact@v4
-      if: ${{ failure() && steps.diff.conclusion == 'failure' }}
-      with:
-        name: dist
-        path: dist/

.github/workflows/demo-failure-cases.yml

@@ -1,43 +0,0 @@
-name: demo-failure-cases
-
-on:
-  workflow_dispatch:
-
-jobs:
-
-  failing-build:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Test build failure
-      uses: ./setup-gradle
-      continue-on-error: true
-      with:
-        build-root-directory: .github/workflow-samples/kotlin-dsl
-        arguments: not-a-valid-task
-
-  wrapper-missing:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Test wrapper missing
-      uses: ./setup-gradle
-      continue-on-error: true
-      with:
-        build-root-directory: .github/workflow-samples/no-wrapper
-        arguments: help
-
-  bad-configuration:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Test bad config value
-      uses: ./setup-gradle
-      continue-on-error: true
-      with:
-        build-root-directory: .github/workflow-samples/no-wrapper
-        arguments: help
-        cache-disabled: yes

.github/workflows/demo-job-summary.yml

@@ -2,22 +2,33 @@ name: Demo Job Summary, for Gradle builds
 
 on:
   workflow_dispatch:
-  push:
+
+permissions:
+  contents: read
 
 jobs:
-  many-gradle-builds:
+  build-distribution:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Build distribution
-      shell: bash
-      run: |
-        npm install
-        npm run build
-      working-directory: sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Build and upload distribution
+      uses: ./.github/actions/build-dist
+
+  many-gradle-builds:
+    needs: build-distribution
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
+      with:
+        cache-read-only: false
+        cache-cleanup: 'on-success'
     - name: Build kotlin-dsl project
       working-directory: .github/workflow-samples/kotlin-dsl
       run: ./gradlew assemble
@@ -40,18 +51,21 @@ jobs:
       working-directory: .github/workflow-samples/groovy-dsl
       continue-on-error: true
       run: ./gradlew not-a-real-task
+    - name: Dependency submission
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+        dependency-graph: generate-and-upload
 
   successful-builds-with-no-summary:
+    needs: build-distribution
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Build distribution
-      shell: bash
-      run: |
-        npm install
-        npm run build
-      working-directory: sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -64,16 +78,14 @@ jobs:
       run: ./gradlew assemble check --no-scan
 
   pre-existing-gradle-home:
+    needs: build-distribution
     runs-on: ubuntu-latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Build distribution
-      shell: bash
-      run: |
-        npm install
-        npm run build
-      working-directory: sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Pre-create Gradle User Home
       shell: bash
       run: |
@@ -85,3 +97,72 @@ jobs:
     - name: Run build
       working-directory: .github/workflow-samples/groovy-dsl
       run: ./gradlew assemble
+
+  cache-read-only:
+    needs: build-distribution
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Setup Gradle
+      uses: ./setup-gradle
+      with:
+        cache-read-only: true
+    - name: Build kotlin-dsl project
+      working-directory: .github/workflow-samples/kotlin-dsl
+      run: ./gradlew assemble
+
+  cache-disabled:
+    needs: build-distribution
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Setup Gradle
+      uses: ./setup-gradle
+      with:
+        cache-disabled: true
+    - name: Build kotlin-dsl project
+      working-directory: .github/workflow-samples/kotlin-dsl
+      run: ./gradlew assemble
+
+  terms-of-use-accepted:
+    needs: build-distribution
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Setup Gradle
+      uses: ./setup-gradle
+      with:
+        build-scan-terms-of-use-url: https://gradle.com/help/legal-terms-of-use
+        build-scan-terms-of-use-agree: yes
+    - name: Build kotlin-dsl project
+      working-directory: .github/workflow-samples/kotlin-dsl
+      run: ./gradlew assemble
+
+  develocity-access-key-set:
+    needs: build-distribution
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Setup Gradle
+      uses: ./setup-gradle
+      with:
+        develocity-access-key: ${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}
+    - name: Build kotlin-dsl project
+      working-directory: .github/workflow-samples/kotlin-dsl
+      run: ./gradlew assemble

.github/workflows/demo-pr-build-scan-comment.yml

@@ -4,14 +4,28 @@ on:
     types: [assigned, review_requested]
 
 permissions:
-  pull-requests: write
+  contents: read
 
 jobs:
-  successful-build-with-always-comment:
+  build-distribution:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout project sources
-      uses: actions/checkout@v4
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Build and upload distribution
+      uses: ./.github/actions/build-dist
+
+  successful-build-with-always-comment:
+    permissions:
+      pull-requests: write
+    needs: build-distribution
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -22,10 +36,16 @@ jobs:
       run: ./gradlew build --scan
 
   successful-build-with-comment-on-failure:
+    permissions:
+      pull-requests: write
+    needs: build-distribution
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout project sources
-      uses: actions/checkout@v4
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -36,10 +56,16 @@ jobs:
       run: ./gradlew build --scan
 
   failing-build-with-comment-on-failure:
+    permissions:
+      pull-requests: write
+    needs: build-distribution
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout project sources
-      uses: actions/checkout@v4
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:

.github/workflows/dependency-submission-save.yml

@@ -1,22 +0,0 @@
-name: Test dependency-submission save
-
-on:
-  workflow_dispatch:
-  push:
-
-permissions:
-  contents: read
-
-jobs:
-  dependency-submission-save:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Generate and save dependency graph
-      uses: ./dependency-submission
-      with:
-        build-root-directory: .github/workflow-samples/groovy-dsl
-        dependency-graph: generate-and-upload
-      env:
-        GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository

.github/workflows/dependency-submission-submit.yml

@@ -1,20 +0,0 @@
-name: Test dependency-submission submit
-
-on:
-  workflow_run:
-    workflows: ['Test dependency-submission save']
-    types: [completed]
-
-permissions:
-  contents: write
-
-jobs:
-  dependency-submission-submit:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download and submit dependency graph
-      uses: ./dependency-submission
-      with:
-        dependency-graph: download-and-submit

.github/workflows/dependency-submission.yml

@@ -1,61 +0,0 @@
-name: Test dependency-submission
-
-on:
-  workflow_dispatch:
-  push:
-
-permissions:
-  contents: write
-
-jobs:
-  test-dependency-submission:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Generate and submit dependencies
-      uses: ./dependency-submission
-      with:
-        build-root-directory: .github/workflow-samples/groovy-dsl
-      env:
-        GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository
-
-  test-gradle-versions:
-    strategy:
-      matrix:
-        gradle: [8.0.2, 7.6.4, 7.1.1, 6.9.4, 6.0.1, 5.6.4, 5.2.1]
-        include:
-          - gradle: 5.6.4
-            build-root-suffix: -gradle-5
-          - gradle: 5.2.1
-            build-root-suffix: -gradle-5
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Generate and submit dependencies
-      uses: ./dependency-submission
-      with:
-        gradle-version: ${{ matrix.gradle }}
-        build-root-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
-      env:
-        GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository
-
-  test-after-setup-gradle:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Setup Gradle
-      uses: ./setup-gradle
-    - name: Generate and submit dependencies
-      id: dependency-submission
-      uses: ./dependency-submission
-      continue-on-error: true
-      with:
-        build-root-directory: .github/workflow-samples/groovy-dsl
-    - name: Assert step failure
-      if: steps.dependency-submission.outcome != 'failure'
-      run: |
-        echo "Dependency submission step should fail after setup-gradle"
-        exit 1

.github/workflows/integ-test-action-inputs.yml

@@ -1,40 +0,0 @@
-name: Test action inputs
-
-on:
-  workflow_call:
-    inputs:
-      cache-key-prefix:
-        type: string
-      runner-os:
-        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
-        type: boolean
-        default: false
-
-env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: action-inputs-${{ inputs.cache-key-prefix }}
-
-jobs:
-  action-inputs:
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Invoke with multi-line arguments
-      uses: ./setup-gradle
-      with:
-        build-root-directory: .github/workflow-samples/groovy-dsl
-        arguments: |
-            --configuration-cache
-            --build-cache
-            -DsystemProperty=FOO
-            -PgradleProperty=BAR
-            test
-            jar

.github/workflows/integ-test-build-scan-publish.yml

@@ -0,0 +1,69 @@
+name: Test develocity injection
+
+on:
+  workflow_call:
+    inputs:
+      cache-key-prefix:
+        type: string
+        default: '0'
+      runner-os:
+        type: string
+        default: '["ubuntu-latest"]'
+      skip-dist:
+        type: boolean
+        default: false
+
+env:
+  SKIP_DIST: ${{ inputs.skip-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: build-scan-publish-${{ inputs.cache-key-prefix }}
+
+permissions:
+  contents: read
+
+jobs:
+  build-scan-publish:
+    strategy:
+      fail-fast: false
+      matrix:
+        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
+        os: ${{fromJSON(inputs.runner-os)}}
+        include:
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '7.6.2'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
+
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+      with:
+        java-version: ${{ matrix.java-version }}
+
+    - name: Setup Gradle
+      id: setup-gradle
+      uses: ./setup-gradle
+      with:
+        cache-read-only: false # For testing, allow writing cache entries on non-default branches
+        gradle-version: ${{ matrix.gradle }}
+        build-scan-publish: true
+        build-scan-terms-of-use-url: 'https://gradle.com/terms-of-service'
+        build-scan-terms-of-use-agree: 'yes'
+    - name: Run Gradle build
+      id: gradle
+      working-directory: .github/workflow-samples/no-ge
+      run: gradle help
+    - name: Check Build Scan url
+      if: ${{ !steps.gradle.outputs.build-scan-url }}
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      with:
+        script: |
+          core.setFailed('No Build Scan detected')   
+

.github/workflows/integ-test-cache-cleanup.yml

@@ -5,82 +5,109 @@ on:
     inputs:
       cache-key-prefix:
         type: string
+        default: '0'
       runner-os:
         type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
+        default: '["ubuntu-latest"]'
+      skip-dist:
         type: boolean
         default: false
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: integ-test-cache-cleanup-${{ inputs.cache-key-prefix }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
+  # Requires a fresh cache entry each run
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: cache-cleanup-${{ inputs.cache-key-prefix }}-${{github.run_number}}
+  GRADLE_BUILD_ACTION_CACHE_KEY_JOB: cache-cleanup
+
+permissions:
+  contents: read
 
 jobs:
-  full-build:
+  cache-cleanup-full-build:
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
     - name: Build with 3.1
-      working-directory: sources/test/jest/resources/cache-cleanup
-      run: gradle --no-daemon --build-cache -Dcommons_math3_version="3.1" build
+      working-directory: .github/workflow-samples/cache-cleanup
+      run: ./gradlew --no-daemon --build-cache -Dcommons_math3_version="3.1" build
 
   # Second build will use the cache from the first build, but cleanup should remove unused artifacts
-  assemble-build:
-    needs: full-build
+  cache-cleanup-assemble-build:
+    env:
+      GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_1
+    needs: cache-cleanup-full-build
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
         cache-read-only: false
-        gradle-home-cache-cleanup: true
+        cache-cleanup: 'on-success'
     - name: Build with 3.1.1
-      working-directory: sources/test/jest/resources/cache-cleanup
-      run: gradle --no-daemon --build-cache -Dcommons_math3_version="3.1.1" build
+      working-directory: .github/workflow-samples/cache-cleanup
+      run: ./gradlew --no-daemon --build-cache -Dcommons_math3_version="3.1.1" build
 
-  check-clean-cache:
-    needs: assemble-build
+  # Third build will restore cache entry from second, and verify stale content removed
+  cache-cleanup-check-clean-cache:
+    env:
+      GRADLE_BUILD_ACTION_CACHE_KEY_JOB_EXECUTION: ${{github.sha}}_1
+    needs: cache-cleanup-assemble-build
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
         cache-read-only: true
     - name: Report Gradle User Home
-      run: du -hc ~/.gradle/caches/modules-2
+      shell: bash
+      run: |
+        du -hc $GRADLE_USER_HOME/caches/modules-2
+        du -hc $GRADLE_USER_HOME/wrapper/dists
     - name: Verify cleaned cache
       shell: bash
       run: |
-        if [ ! -e ~/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-math3/3.1.1 ]; then
+        if [ ! -e $GRADLE_USER_HOME/caches/modules-2/files-2.1/org.apache.commons/commons-math3/3.1.1 ]; then
           echo "::error ::Should find commons-math3 3.1.1 in cache"
           exit 1
         fi
-        if [ -e ~/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-math3/3.1 ]; then
+        if [ -e $GRADLE_USER_HOME/caches/modules-2/files-2.1/org.apache.commons/commons-math3/3.1 ]; then
           echo "::error ::Should NOT find commons-math3 3.1 in cache"
           exit 1
         fi
+        if [ ! -e $GRADLE_USER_HOME/wrapper/dists/gradle-8.0.2-bin ]; then
+          echo "::error ::Should find gradle-8.0.2 in wrapper/dists"
+          exit 1
+        fi

.github/workflows/integ-test-caching-config.yml

@@ -5,28 +5,36 @@ on:
     inputs:
       cache-key-prefix:
         type: string
+        default: '0'
       runner-os:
         type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
+        default: '["ubuntu-latest"]'
+      skip-dist:
         type: boolean
         default: false
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: action-inputs-caching-${{ inputs.cache-key-prefix }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: caching-config-${{ inputs.cache-key-prefix }}
+
+permissions:
+  contents: read
 
 jobs:
-  seed-build:
+  caching-config-seed-build:
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -44,17 +52,20 @@ jobs:
       run: ./gradlew test
 
   # Test that the gradle-user-home cache will cache dependencies, by running build with --offline
-  verify-build:
-    needs: seed-build
+  caching-config-verify-build:
+    needs: caching-config-seed-build
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -71,67 +82,74 @@ jobs:
       run: ./gradlew test --offline
 
   # Test that build scans are captured when caching is explicitly disabled
-  cache-disabled:
+  caching-config-cache-disabled:
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
         cache-disabled: true
-    - name: Run Gradle build
+    - name: Build using Gradle wrapper
       id: gradle
-      working-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
-      run: gradle help "-DgradleVersionCheck=${{matrix.gradle}}"
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: ./gradlew help
     - name: Check Build Scan url is captured
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v7
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('No Build Scan detected')
 
   # Test that build scans are captured when caching is disabled because Gradle User Home already exists
-  cache-disabled-pre-existing-gradle-home:
-    runs-on: ubuntu-latest
+  caching-config-cache-disabled-pre-existing-gradle-home:
+    runs-on: ubuntu-latest # This test only runs on Ubuntu
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Create dummy Gradle User Home
       run: mkdir -p ~/.gradle/caches
     - name: Setup Gradle
       uses: ./setup-gradle
-    - name: Run Gradle build
+    - name: Build using Gradle wrapper
       id: gradle
-      working-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
-      run: gradle help "-DgradleVersionCheck=${{matrix.gradle}}"
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: ./gradlew help
     - name: Check Build Scan url is captured
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v7
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('No Build Scan detected')
 
   # Test seed the cache with cache-write-only and verify with cache-read-only
-  seed-build-write-only:
+  caching-config-seed-write-only:
     env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: ${{ inputs.cache-key-prefix }}-write-only-
+      GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: caching-config-write-only-${{ inputs.cache-key-prefix }}
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -140,19 +158,22 @@ jobs:
       working-directory: .github/workflow-samples/groovy-dsl
       run: ./gradlew test
 
-  verify-write-only-build:
+  caching-config-verify-write-only:
     env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: ${{ inputs.cache-key-prefix }}-write-only-
-    needs: seed-build-write-only
+      GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: caching-config-write-only-${{ inputs.cache-key-prefix }}
+    needs: caching-config-seed-write-only
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:

.github/workflows/integ-test-dependency-graph-failures.yml

@@ -1,128 +0,0 @@
-name: Test dependency graph
-
-on:
-  workflow_call:
-    inputs:
-      cache-key-prefix:
-        type: string
-      runner-os:
-        type: string
-        default: '["ubuntu-latest"]'
-      download-dist:
-        type: boolean
-        default: false
-
-env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-graph-${{ inputs.cache-key-prefix }}
-
-jobs:
-  failing-build:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Gradle for dependency-graph generate
-      uses: ./setup-gradle
-      with:
-        dependency-graph: generate
-        dependency-graph-continue-on-failure: true
-    - name: Run build that will fail
-      id: gradle-build
-      continue-on-error: true
-      run: ./gradlew build fail
-      working-directory: .github/workflow-samples/groovy-dsl
-    - name: Check no dependency graph is generated
-      shell: bash
-      run: |
-        if [ ! -z "$(ls -A dependency-graph-reports)" ]; then
-            echo "Expected no dependency graph files to be generated"
-            ls -l dependency-graph-reports
-            exit 1
-        fi        
-
-  unsupported-gradle-version-warning:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Gradle for dependency-graph generate
-      uses: ./setup-gradle
-      with:
-        gradle-version: 7.0.1
-        dependency-graph: generate
-        dependency-graph-continue-on-failure: true
-    - name: Run with unsupported Gradle version
-      working-directory: .github/workflow-samples/groovy-dsl
-      run: |
-        if gradle help | grep -q 'warning::Dependency Graph is not supported for Gradle 7.0.1. No dependency snapshot will be generated.';
-        then
-          echo "Got the expected warning"
-        else
-          echo "Did not get the expected warning"
-          exit 1
-        fi
-
-  unsupported-gradle-version-failure:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Gradle for dependency-graph generate
-      uses: ./setup-gradle
-      with:
-        gradle-version: 7.0.1
-        dependency-graph: generate
-        dependency-graph-continue-on-failure: false
-    - name: Run with unsupported Gradle version
-      working-directory: .github/workflow-samples/groovy-dsl
-      run: |
-        if gradle help; then
-          echo "Expected build to fail with Gradle 7.0.1"
-          exit 1
-        fi
-
-  insufficient-permissions-warning:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Gradle for dependency-graph generate
-      uses: ./setup-gradle
-      with:
-        dependency-graph: generate-and-submit
-        dependency-graph-continue-on-failure: true
-    - name: Run with insufficient permissions
-      working-directory: .github/workflow-samples/groovy-dsl
-      run: ./gradlew help
-      # This test is primarily for demonstration: it's unclear how to check for warnings emitted in the post-action
-
-  SHOULD_FAIL-insufficient-permissions-failure:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    continue-on-error: true
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Gradle for dependency-graph generate
-      uses: ./setup-gradle
-      with:
-        dependency-graph: generate-and-submit
-        dependency-graph-continue-on-failure: false
-    - name: Run with insufficient permissions
-      working-directory: .github/workflow-samples/groovy-dsl
-      run: ./gradlew help
-      # This test is primarily for demonstration: it's unclear how to check for a failure in the post-action

.github/workflows/integ-test-dependency-graph.yml

@@ -5,31 +5,31 @@ on:
     inputs:
       cache-key-prefix:
         type: string
+        default: '0'
       runner-os:
         type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
+        default: '["ubuntu-latest"]'
+      skip-dist:
         type: boolean
         default: false
 
-permissions:
-  contents: write
-
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-graph-${{ inputs.cache-key-prefix }}
+  GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository
+
+permissions:
+  contents: read
 
 jobs:
-  groovy-generate:
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
+  dependency-graph-groovy-upload:
+    runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle for dependency-graph generate
       uses: ./setup-gradle
       with:
@@ -38,16 +38,34 @@ jobs:
       run: ./gradlew build
       working-directory: .github/workflow-samples/groovy-dsl
 
-  kotlin-generate:
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
+  dependency-graph-groovy-submit:
+    permissions:
+      contents: write
+    needs: [dependency-graph-groovy-upload]
+    runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Submit dependency graphs
+      uses: ./setup-gradle
+      with:
+        dependency-graph: download-and-submit
+      env:
+        DEPENDENCY_GRAPH_DOWNLOAD_ARTIFACT_NAME: groovy-upload
+
+  dependency-graph-kotlin-generate-and-submit:
+    permissions:
+      contents: write
+    runs-on: "ubuntu-latest"
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle for dependency-graph generate
       uses: ./setup-gradle
       with:
@@ -55,30 +73,17 @@ jobs:
     - name: Run gradle build
       run: ./gradlew build
       working-directory: .github/workflow-samples/kotlin-dsl
-  
-  submit:
-    needs: [groovy-generate]
+
+  dependency-graph-multiple-builds:
+    permissions:
+      contents: write
     runs-on: "ubuntu-latest"
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Submit dependency graphs
-      uses: ./setup-gradle
-      with:
-        dependency-graph: download-and-submit
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
 
-  multiple-builds:
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
     - name: Setup Gradle for dependency-graph generate
       uses: ./setup-gradle
       with:
@@ -112,13 +117,16 @@ jobs:
             exit 1
         fi
         
-  config-cache:
-    runs-on: ubuntu-latest
+  dependency-graph-config-cache:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest # Test is not compatible with Windows
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle for dependency-graph generate
       uses: ./setup-gradle
       with:
@@ -145,3 +153,40 @@ jobs:
             ls -l dependency-graph-reports
             exit 1
         fi        
+
+  dependency-graph-generate-submit-and-upload:
+    permissions:
+      contents: write
+    runs-on: "ubuntu-latest"
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./setup-gradle
+      with:
+        dependency-graph: generate-submit-and-upload
+    - name: Run gradle build
+      id: gradle-build
+      run: ./gradlew build
+      working-directory: .github/workflow-samples/groovy-dsl
+
+  dependency-graph-generate-submit-and-upload-check:
+    needs: [dependency-graph-generate-submit-and-upload]
+    runs-on: "ubuntu-latest"
+    steps:
+    - name: Download dependency-graph artifact
+      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+      with:
+        path: downloaded-dependency-graphs
+        pattern: dependency-graph_*dependency-graph-generate-submit-and-upload.json
+    - name: Check for downloaded dependency graphs
+      shell: bash
+      run: |
+        ls -A "${{ github.workspace }}/downloaded-dependency-graphs"
+        if [ -z "$(ls -A "${{ github.workspace }}/downloaded-dependency-graphs")" ]; then
+          echo "No dependency graph files found"
+          exit 1
+        fi

.github/workflows/integ-test-dependency-submission-failures.yml

@@ -0,0 +1,103 @@
+name: Test dependency submission failures
+
+on:
+  workflow_call:
+    inputs:
+      cache-key-prefix:
+        type: string
+        default: '0'
+      runner-os:
+        type: string
+        default: '["ubuntu-latest"]'
+      skip-dist:
+        type: boolean
+        default: false
+
+env:
+  SKIP_DIST: ${{ inputs.skip-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-submission-failures-${{ inputs.cache-key-prefix }}
+  GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-submission-failures-failing-build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Submit with failing build
+      id: gradle-build
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+        additional-arguments: fail
+      continue-on-error: true
+    - name: Check step failed
+      if: steps.gradle-build.outcome != 'failure'
+      run: |
+        echo "Expected dependency submission step to fail"
+        exit 1
+    - name: Check no dependency graph is generated
+      shell: bash
+      run: |
+        if [ ! -z "$(ls -A dependency-graph-reports)" ]; then
+            echo "Expected no dependency graph files to be generated"
+            ls -l dependency-graph-reports
+            exit 1
+        fi
+
+  dependency-submission-failures-unsupported-gradle-version:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Submit with unsupported Gradle version
+      id: gradle-build
+      uses: ./dependency-submission
+      with:
+        gradle-version: '7.0.1'
+        build-root-directory: .github/workflow-samples/groovy-dsl
+      continue-on-error: true
+    - name: Check step failed
+      if: steps.gradle-build.outcome != 'failure'
+      run: |
+        echo "Expected dependency submission step to fail"
+        exit 1
+    - name: Check no dependency graph is generated
+      shell: bash
+      run: |
+        if [ ! -z "$(ls -A dependency-graph-reports)" ]; then
+            echo "Expected no dependency graph files to be generated"
+            ls -l dependency-graph-reports
+            exit 1
+        fi
+
+  dependency-submission-failures-insufficient-permissions:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Submit with insufficient permissions
+      id: gradle-build
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+      continue-on-error: true
+    - name: Check step failed
+      if: steps.gradle-build.outcome != 'failure'
+      run: |
+        echo "Expected dependency submission step to fail"
+        exit 1

.github/workflows/integ-test-dependency-submission.yml

@@ -0,0 +1,423 @@
+name: Test dependency submission
+
+on:
+  workflow_call:
+    inputs:
+      cache-key-prefix:
+        type: string
+        default: '0'
+      runner-os:
+        type: string
+        default: '["ubuntu-latest"]'
+      skip-dist:
+        type: boolean
+        default: false
+
+env:
+  SKIP_DIST: ${{ inputs.skip-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-submission-${{ inputs.cache-key-prefix }}
+  GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-submission-groovy-generate-and-upload:
+    permissions:
+      contents: write
+    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Generate dependency graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: generate-and-upload
+        build-root-directory: .github/workflow-samples/groovy-dsl
+        cache-read-only: false
+      env: 
+        GRADLE_BUILD_ACTION_CACHE_KEY_JOB: groovy-dependency-submission
+
+  dependency-submission-groovy-restore-cache:
+    permissions:
+      contents: write
+    needs: [dependency-submission-groovy-generate-and-upload]
+    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Restore dependency graph
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+        additional-arguments: --offline
+      env: 
+        GRADLE_BUILD_ACTION_CACHE_KEY_JOB: groovy-dependency-submission
+
+  dependency-submission-groovy-download-and-submit:
+    permissions:
+      contents: write
+    needs: [dependency-submission-groovy-generate-and-upload]
+    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Submit dependency graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: download-and-submit
+      env:
+        DEPENDENCY_GRAPH_DOWNLOAD_ARTIFACT_NAME: groovy-generate-and-upload-${{ matrix.os }}
+
+  dependency-submission-kotlin-generate-and-submit:
+    permissions:
+      contents: write
+    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Generate and submit dependency graph
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/kotlin-dsl
+
+  dependency-submission-multiple-builds:
+    permissions:
+      contents: write
+    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - id: kotlin-dsl
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/kotlin-dsl
+    - id: groovy-dsl
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+    - id: groovy-dsl-again
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+        dependency-resolution-task: assemble
+    - name: Check generated dependency graphs
+      shell: bash
+      run: |
+        echo "kotlin-dsl report file: ${{ steps.kotlin-dsl.outputs.dependency-graph-file }}"
+        echo "groovy-dsl report file: ${{ steps.groovy-dsl.outputs.dependency-graph-file }}"
+        echo "groovy-dsl-again report file: ${{ steps.groovy-dsl-again.outputs.dependency-graph-file }}"
+        ls -l dependency-graph-reports
+        if [ ! -e "${{ steps.kotlin-dsl.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find kotlin-dsl dependency graph file"
+            exit 1
+        fi
+        if [ ! -e "${{ steps.groovy-dsl.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find groovy-dsl dependency graph file"
+            exit 1
+        fi
+        if [ ! -e "${{ steps.groovy-dsl-again.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find groovy-dsl-again dependency graph file"
+            exit 1
+        fi
+
+  dependency-submission-multiple-builds-upload:
+    permissions:
+      contents: write
+    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - id: kotlin-dsl
+      uses: ./dependency-submission
+      with:
+        dependency-graph: generate-and-upload
+        build-root-directory: .github/workflow-samples/kotlin-dsl
+    - id: groovy-dsl
+      uses: ./dependency-submission
+      with:
+        dependency-graph: generate-and-upload
+        build-root-directory: .github/workflow-samples/groovy-dsl
+
+  dependency-submission-config-cache:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest # Test is not compatible with Windows
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - id: config-cache-store
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+        additional-arguments: --configuration-cache
+    - name: Check and delete generated dependency graph
+      shell: bash
+      run: |
+        if [ ! -e "${{ steps.config-cache-store.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find config-cache-store dependency graph files"
+            exit 1
+        fi
+        rm ${{ steps.config-cache-store.outputs.dependency-graph-file }}*
+    - id: config-cache-reuse
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+        additional-arguments: --configuration-cache
+    - name: Check no dependency graph is generated
+      shell: bash
+      run: |
+        if [ ! -z "$(ls -A dependency-graph-reports)" ]; then
+            echo "Expected no dependency graph files to be generated"
+            ls -l dependency-graph-reports
+            exit 1
+        fi
+
+  dependency-submission-gradle-versions:
+    permissions:
+      contents: write
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+        gradle: ['9.0.0', '8.14.3', '8.0.2', '7.6.4', '7.1.1', '6.9.4', '6.0.1', '5.6.4', '5.2.1']
+        include:
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '8.0.2'
+            java-version: 11
+          - gradle: '7.6.4'
+            java-version: 11
+          - gradle: '7.1.1'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '6.0.1'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
+            build-root-suffix: -gradle-5
+          - gradle: '5.2.1'
+            java-version: 11
+            build-root-suffix: -gradle-5
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+      with:
+        java-version: ${{ matrix.java-version }}
+    - name: Generate and submit dependencies
+      uses: ./dependency-submission
+      with:
+        gradle-version: ${{ matrix.gradle }}
+        build-root-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
+
+  dependency-submission-with-setup-gradle:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest # Test is not compatible with Windows
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Setup Gradle
+      uses: ./setup-gradle
+    - name: Generate and submit dependencies
+      id: dependency-submission
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+    - name: Check and delete generated dependency graph
+      shell: bash
+      run: |
+        if [ ! -e "${{ steps.dependency-submission.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find generated dependency graph files"
+            exit 1
+        fi
+        rm ${{ steps.dependency-submission.outputs.dependency-graph-file }}*
+    - name: Run Gradle build
+      run: ./gradlew build
+      working-directory: .github/workflow-samples/groovy-dsl
+    - name: Check no dependency graph is generated
+      shell: bash
+      run: |
+        if [ ! -z "$(ls -A dependency-graph-reports)" ]; then
+            echo "Expected no dependency graph files to be generated"
+            ls -l dependency-graph-reports
+            exit 1
+        fi
+
+  dependency-submission-with-includes-and-excludes:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest # Test is not compatible with Windows
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Generate and submit dependencies
+      id: dependency-submission
+      uses: ./dependency-submission
+      with:
+        build-root-directory: .github/workflow-samples/groovy-dsl
+        dependency-graph-exclude-projects: excluded-project
+        dependency-graph-include-projects: included-project
+        dependency-graph-exclude-configurations: excluded-configuration
+        dependency-graph-include-configurations: included-configuration
+    - name: Check generated dependency graph and env vars
+      shell: bash
+      run: |
+        if [ ! -e "${{ steps.dependency-submission.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find generated dependency graph file"
+            exit 1
+        fi
+
+        if [ "$DEPENDENCY_GRAPH_EXCLUDE_PROJECTS" != "excluded-project" ] || 
+           [ "$DEPENDENCY_GRAPH_INCLUDE_PROJECTS" != "included-project" ] || 
+           [ "$DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS" != "excluded-configuration" ] || 
+           [ "$DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS" != "included-configuration" ]; then
+            echo "Did not set expected environment variables"
+            exit 1
+        fi
+
+
+  dependency-submission-custom-report-dir-submit:
+    permissions:
+      contents: write
+    strategy:
+      max-parallel: 1
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Generate dependency graph
+      id: dependency-graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: generate-and-submit
+        dependency-graph-report-dir: '${{ github.workspace }}/custom/report-dir'
+        build-root-directory: .github/workflow-samples/groovy-dsl
+    - name: Check generated dependency graphs
+      shell: bash
+      run: |
+        echo "report file: ${{ steps.dependency-graph.outputs.dependency-graph-file }}"
+        
+        if [ ! -e "${{ steps.dependency-graph.outputs.dependency-graph-file }}" ]; then
+            echo "Did not find dependency graph file"
+            exit 1
+        fi
+
+        if [ -z "$(ls -A "${{ github.workspace }}/custom/report-dir")" ]; then
+          echo "No dependency graph files found in custom directory"
+          exit 1
+        fi
+
+  dependency-submission-custom-report-dir-upload:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Generate and upload dependency graph
+      id: dependency-graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: generate-and-upload
+        dependency-graph-report-dir: '${{ github.workspace }}/custom/report-dir'
+        build-root-directory: .github/workflow-samples/groovy-dsl
+
+  dependency-submission-custom-report-dir-download-and-submit:
+    permissions:
+      contents: write
+    needs: [dependency-submission-custom-report-dir-upload]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Download and submit dependency graph
+      uses: ./dependency-submission
+      with:
+        dependency-graph: download-and-submit
+        dependency-graph-report-dir: '${{ github.workspace }}/custom/report-dir'
+        build-root-directory: .github/workflow-samples/groovy-dsl
+      env: 
+        DEPENDENCY_GRAPH_DOWNLOAD_ARTIFACT_NAME: custom-report-dir-upload # For testing, to avoid downloading artifacts from other worklfows
+
+    - name: Check downloaded dependency graph
+      shell: bash
+      run: |
+        if [ -z "$(ls -A "${{ github.workspace }}/custom/report-dir")" ]; then
+          echo "No dependency graph files found in custom directory"
+          exit 1
+        fi

.github/workflows/integ-test-detect-toolchains.yml

@@ -5,20 +5,24 @@ on:
     inputs:
       cache-key-prefix:
         type: string
+        default: '0'
       runner-os:
         type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
+        default: '["ubuntu-latest"]'
+      skip-dist:
         type: boolean
         default: false
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: detect-java-toolchain-${{ inputs.cache-key-prefix }}
 
+permissions:
+  contents: read
+
 jobs:
   # Test that pre-installed runner JDKs are detected
-  pre-installed-toolchains:
+  detect-toolchains-pre-installed-jdks:
     strategy:
       fail-fast: false
       matrix:
@@ -26,28 +30,29 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
     - name: List detected toolchains
       shell: bash
       working-directory: .github/workflow-samples/groovy-dsl
       run: | 
-        gradle --info javaToolchains > output.txt
+        ./gradlew --info javaToolchains > output.txt
         cat output.txt
     - name: Verify detected toolchains
       shell: bash
       working-directory: .github/workflow-samples/groovy-dsl
       run: | 
-        grep -q 'Eclipse Temurin JDK 1.8' output.txt || (echo "::error::Did not detect preinstalled JDK 1.8" && exit 1)
+        grep -q 'Eclipse Temurin JDK 8' output.txt || (echo "::error::Did not detect preinstalled JDK 8" && exit 1)
         grep -q 'Eclipse Temurin JDK 11' output.txt || (echo "::error::Did not detect preinstalled JDK 11" && exit 1)
         grep -q 'Eclipse Temurin JDK 17' output.txt || (echo "::error::Did not detect preinstalled JDK 17" && exit 1)
         grep -q 'Eclipse Temurin JDK 21' output.txt || (echo "::error::Did not detect preinstalled JDK 21" && exit 1)
 
   # Test that JDKs provisioned by setup-java are detected
-  setup-java-installed-toolchain:
+  detect-toolchains-setup-java-jdks:
     strategy:
       fail-fast: false
       matrix:
@@ -55,26 +60,27 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java 20
-      uses: actions/setup-java@v4
-      with:
-        distribution: 'temurin'
-        java-version: '20'
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Java 16
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
       with:
         distribution: 'temurin'
-        java-version: '16'
+        java-version: 16
+    - name: Setup Java 20
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
+      with:
+        distribution: 'temurin'
+        java-version: 20
     - name: Setup Gradle
       uses: ./setup-gradle
     - name: List detected toolchains
       shell: bash
       working-directory: .github/workflow-samples/groovy-dsl
       run: | 
-        gradle --info javaToolchains > output.txt
+        ./gradlew --info javaToolchains > output.txt
         cat output.txt
     - name: Verify setup JDKs are detected
       shell: bash
@@ -86,7 +92,7 @@ jobs:
       shell: bash
       working-directory: .github/workflow-samples/groovy-dsl
       run: | 
-        grep -q 'Eclipse Temurin JDK 1.8' output.txt || (echo "::error::Did not detect preinstalled JDK 1.8" && exit 1)
+        grep -q 'Eclipse Temurin JDK 8' output.txt || (echo "::error::Did not detect preinstalled JDK 8" && exit 1)
         grep -q 'Eclipse Temurin JDK 11' output.txt || (echo "::error::Did not detect preinstalled JDK 11" && exit 1)
         grep -q 'Eclipse Temurin JDK 17' output.txt || (echo "::error::Did not detect preinstalled JDK 17" && exit 1)
         grep -q 'Eclipse Temurin JDK 21' output.txt || (echo "::error::Did not detect preinstalled JDK 21" && exit 1)

.github/workflows/integ-test-execution-with-caching.yml

@@ -1,56 +0,0 @@
-name: Test execution with caching
-
-on:
-  workflow_call:
-    inputs:
-      cache-key-prefix:
-        type: string
-      runner-os:
-        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
-        type: boolean
-        default: false
-
-env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: execution-with-caching-${{ inputs.cache-key-prefix }}
-  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
-
-jobs:
-  seed-build:
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Execute Gradle build
-      uses: ./setup-gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        build-root-directory: .github/workflow-samples/groovy-dsl
-        arguments: test
-
-  # Test that the gradle-user-home is restored
-  verify-build:
-    needs: seed-build
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Execute Gradle build
-      uses: ./setup-gradle
-      with:
-        cache-read-only: true
-        build-root-directory: .github/workflow-samples/groovy-dsl
-        arguments: test --offline -DverifyCachedBuild=true
-

.github/workflows/integ-test-execution.yml

@@ -1,93 +0,0 @@
-name: Test execution
-
-on:
-  workflow_call:
-    inputs:
-      cache-key-prefix:
-        type: string
-      runner-os:
-        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
-        type: boolean
-        default: false
-
-env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: execution-${{ inputs.cache-key-prefix }}
-
-jobs:   
-  # Tests for executing with different Gradle versions. 
-  # Each build verifies that it is executed with the expected Gradle version.
-  gradle-execution:
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-        include:
-          - os: windows-latest
-            script-suffix: '.bat'
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Test use defined Gradle version
-      uses: ./setup-gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        gradle-version: 6.9
-        build-root-directory: .github/workflow-samples/no-wrapper
-        arguments: help -DgradleVersionCheck=6.9
-    - name: Test use Gradle version alias
-      uses: ./setup-gradle
-      with:
-        gradle-version: release-candidate
-        build-root-directory: .github/workflow-samples/no-wrapper
-        arguments: help
-    - name: Test with non-executable wrapper
-      uses: ./setup-gradle
-      with:
-        gradle-version: wrapper
-        build-root-directory: .github/workflow-samples/non-executable-wrapper
-        arguments: help
-
-  gradle-versions:
-    strategy:
-      matrix:
-        gradle: [7.5.1, 6.9.2, 5.6.4, 4.10.3, 3.5.1]
-        os: ${{fromJSON(inputs.runner-os)}}
-        include:
-          - gradle: 5.6.4
-            build-root-suffix: -gradle-5
-          - gradle: 4.10.3
-            build-root-suffix: -gradle-4
-          - gradle: 3.5.1
-            build-root-suffix: -gradle-4
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java
-      uses: actions/setup-java@v4
-      with:
-        distribution: temurin
-        java-version: 8
-    - name: Run Gradle build
-      uses: ./setup-gradle
-      id: gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        gradle-version: ${{matrix.gradle}}
-        build-root-directory: .github/workflow-samples/no-wrapper${{ matrix.build-root-suffix }}
-        arguments: help -DgradleVersionCheck=${{matrix.gradle}}
-    - name: Check Build Scan url
-      if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v7
-      with:
-        script: |
-          core.setFailed('No Build Scan detected')    
-  
-   

.github/workflows/integ-test-inject-develocity.yml

@@ -5,10 +5,11 @@ on:
     inputs:
       cache-key-prefix:
         type: string
+        default: '0'
       runner-os:
         type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
+        default: '["ubuntu-latest"]'
+      skip-dist:
         type: boolean
         default: false
     secrets:
@@ -16,83 +17,215 @@ on:
         required: true
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: provision-gradle-versions-${{ inputs.cache-key-prefix }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: inject-develocity-${{ inputs.cache-key-prefix }}
+
+permissions:
+  contents: read
 
 jobs:
   inject-develocity:
+    strategy:
+      fail-fast: false
+      matrix:
+        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
+        os: ${{fromJSON(inputs.runner-os)}}
+        plugin-version: ['3.16.2', '4.4.0']
+        include:
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '7.6.2'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
+          - plugin-version: '3.16.2'
+            accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
+          - plugin-version: '4.4.0'
+            accessKeyEnv: DEVELOCITY_ACCESS_KEY
+    runs-on: ${{ matrix.os }}
     env:
       DEVELOCITY_INJECTION_ENABLED: true
-      DEVELOCITY_URL: https://ge.solutions-team.gradle.com
-      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
-      DEVELOCITY_CCUD_PLUGIN_VERSION: 1.13
-      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} # required to test against GE plugin 3.16.2
+      DEVELOCITY_INJECTION_URL: https://ge.solutions-team.gradle.com
+      DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.2.1'
+      ${{matrix.accessKeyEnv}}: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+      with:
+        java-version: ${{ matrix.java-version }}
+    - name: Setup Gradle
+      id: setup-gradle
+      uses: ./setup-gradle
+      with:
+        cache-read-only: false # For testing, allow writing cache entries on non-default branches
+        gradle-version: ${{ matrix.gradle }}
+    - name: Run Gradle build
+      id: gradle
+      working-directory: .github/workflow-samples/no-ge
+      run: gradle help
+    - name: Check Build Scan url
+      if: ${{ !steps.gradle.outputs.build-scan-url }}
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      with:
+        script: |
+          core.setFailed('No Build Scan detected')
+    - name: Check short lived token (DEVELOCITY_ACCESS_KEY)
+      run: "[ ${#DEVELOCITY_ACCESS_KEY} -gt 500 ] || (echo 'DEVELOCITY_ACCESS_KEY does not look like a short lived token'; exit 1)"
+    - name: Check short lived token (GRADLE_ENTERPRISE_ACCESS_KEY)
+      run: "[ ${#GRADLE_ENTERPRISE_ACCESS_KEY} -gt 500 ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY does not look like a short lived token'; exit 1)"
+
+  inject-develocity-with-access-key:
+    env:
+      DEVELOCITY_INJECTION_ENABLED: true
+      DEVELOCITY_INJECTION_URL: 'https://ge.solutions-team.gradle.com'
+      DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.2.1'
+    strategy:
+      fail-fast: false
+      matrix:
+        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
+        os: ${{fromJSON(inputs.runner-os)}}
+        plugin-version: ['3.16.2', '4.4.0']
+        include:
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '7.6.2'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Initialize integ-test
+        uses: ./.github/actions/init-integ-test
+        with:
+          java-version: ${{ matrix.java-version }}
+      - name: Setup Gradle
+        id: setup-gradle
+        uses: ./setup-gradle
+        with:
+          cache-read-only: false # For testing, allow writing cache entries on non-default branches
+          gradle-version: ${{ matrix.gradle }}
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+          develocity-token-expiry: 1
+      - name: Run Gradle build
+        id: gradle
+        working-directory: .github/workflow-samples/no-ge
+        run: gradle help
+      - name: Check short lived token (DEVELOCITY_ACCESS_KEY)
+        run: "[ ${#DEVELOCITY_ACCESS_KEY} -gt 500 ] || (echo 'DEVELOCITY_ACCESS_KEY does not look like a short lived token'; exit 1)"
+      - name: Check short lived token (GRADLE_ENTERPRISE_ACCESS_KEY)
+        run: "[ ${#GRADLE_ENTERPRISE_ACCESS_KEY} -gt 500 ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY does not look like a short lived token'; exit 1)"
+      - name: Check Build Scan url
+        if: ${{ !steps.gradle.outputs.build-scan-url }}
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: |
+            core.setFailed('No Build Scan detected')
+
+  inject-develocity-short-lived-token-failed:
+    env:
+      DEVELOCITY_INJECTION_ENABLED: true
+      DEVELOCITY_INJECTION_URL: 'https://localhost:3333/'
+      DEVELOCITY_INJECTION_DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
+      DEVELOCITY_INJECTION_CCUD_PLUGIN_VERSION: '2.1'
+      # Access key also set as an env var, we want to check it does not leak
+      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
     strategy:
+      fail-fast: false
       matrix:
-        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
         os: ${{fromJSON(inputs.runner-os)}}
-        plugin-version: [3.16.2, 3.17]
+        plugin-version: [ '3.16.2', '4.4.0' ]
+        include:
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '7.6.2'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java
-      uses: actions/setup-java@v4
-      with:
-        distribution: temurin
-        java-version: 8
-    - name: Setup Gradle
-      id: setup-gradle
-      uses: ./setup-gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        gradle-version: ${{ matrix.gradle }}
-    - name: Run Gradle build
-      id: gradle
-      working-directory: .github/workflow-samples/no-ge
-      run: gradle help
-    - name: Check Build Scan url
-      if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v7
-      with:
-        script: |
-          core.setFailed('No Build Scan detected')   
+      - name: Checkout sources
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Initialize integ-test
+        uses: ./.github/actions/init-integ-test
+        with:
+          java-version: ${{ matrix.java-version }}
+      - name: Setup Gradle
+        id: setup-gradle
+        uses: ./setup-gradle
+        with:
+          gradle-version: ${{ matrix.gradle }}
+          cache-read-only: false # For testing, allow writing cache entries on non-default branches
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      - name: Run Gradle build
+        id: gradle
+        working-directory: .github/workflow-samples/no-ge
+        run: gradle help
+      - name: Check access key is not blank (DEVELOCITY_ACCESS_KEY)
+        run: "[ \"${DEVELOCITY_ACCESS_KEY}\" != \"\" ] || (echo 'using DEVELOCITY_ACCESS_KEY!'; exit 1)"
+      - name: Check access key is not blank (GRADLE_ENTERPRISE_ACCESS_KEY)
+        run: "[ \"${GRADLE_ENTERPRISE_ACCESS_KEY}\" != \"\" ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY is still supported in v3!'; exit 1)"
 
-  build-scan-publish:
+  inject-develocity-with-access-key-from-input-actions:
+    env:
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
     strategy:
+      fail-fast: false
       matrix:
-        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
-    runs-on: ubuntu-latest
+        gradle: ['current', '8.14.3', '7.6.2', '6.9.4', '5.6.4']
+        os: ${{fromJSON(inputs.runner-os)}}
+        plugin-version: [ '3.16.2', '4.4.0' ]
+        include:
+          - java-version: 17
+          - gradle: '8.14.3'
+            java-version: 11
+          - gradle: '7.6.2'
+            java-version: 11
+          - gradle: '6.9.4'
+            java-version: 11
+          - gradle: '5.6.4'
+            java-version: 11
+    runs-on: ${{ matrix.os }}
     steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java
-      uses: actions/setup-java@v4
-      with:
-        distribution: temurin
-        java-version: 8
-    - name: Setup Gradle
-      id: setup-gradle
-      uses: ./setup-gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        gradle-version: ${{ matrix.gradle }}
-        build-scan-publish: true
-        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
-        build-scan-terms-of-use-agree: "yes"
-    - name: Run Gradle build
-      id: gradle
-      working-directory: .github/workflow-samples/no-ge
-      run: gradle help
-    - name: Check Build Scan url
-      if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v7
-      with:
-        script: |
-          core.setFailed('No Build Scan detected')   
-
+      - name: Checkout sources
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Initialize integ-test
+        uses: ./.github/actions/init-integ-test
+        with:
+          java-version: ${{ matrix.java-version }}
+      - name: Setup Gradle
+        id: setup-gradle
+        uses: ./setup-gradle
+        with:
+          cache-read-only: false # For testing, allow writing cache entries on non-default branches
+          gradle-version: ${{ matrix.gradle }}
+          develocity-injection-enabled: true
+          develocity-url: 'https://ge.solutions-team.gradle.com'
+          develocity-plugin-version: ${{ matrix.plugin-version }}
+      - name: Run Gradle build
+        id: gradle
+        working-directory: .github/workflow-samples/no-ge
+        run: gradle help
+      - name: Check Build Scan url
+        if: ${{ !steps.gradle.outputs.build-scan-url }}
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: |
+            core.setFailed('No Build Scan detected')

.github/workflows/integ-test-provision-gradle-versions.yml

@@ -5,49 +5,61 @@ on:
     inputs:
       cache-key-prefix:
         type: string
+        default: '0'
       runner-os:
         type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
+        default: '["ubuntu-latest"]'
+      skip-dist:
         type: boolean
         default: false
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: provision-gradle-versions-${{ inputs.cache-key-prefix }}
   GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
 
+permissions:
+  contents: read
+
 jobs:   
   # Tests for executing with different Gradle versions. 
   # Each build verifies that it is executed with the expected Gradle version.
   provision-gradle:
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
-        include:
-          - os: windows-latest
-            script-suffix: '.bat'
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+      with:
+        java-version: '11'
+
     - name: Setup Gradle with v6.9
       uses: ./setup-gradle
       with:
         cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        gradle-version: 6.9
+        gradle-version: '6.9'
     - name: Test uses Gradle v6.9
       working-directory: .github/workflow-samples/no-wrapper
       run: gradle help "-DgradleVersionCheck=6.9"
     - name: Setup Gradle with v7.1.1
       uses: ./setup-gradle
       with:
-        gradle-version: 7.1.1
+        gradle-version: '7.1.1'
     - name: Test uses Gradle v7.1.1
       working-directory: .github/workflow-samples/no-wrapper
       run: gradle help "-DgradleVersionCheck=7.1.1"
+    # Configure JDK 17 for Gradle 9 and later
+    - name: Setup Java
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
+      with:
+        distribution: temurin
+        java-version: 17
     - name: Setup Gradle with release-candidate
       uses: ./setup-gradle
       with:
@@ -60,36 +72,48 @@ jobs:
       uses: ./setup-gradle
       with:
         gradle-version: current
+    - name: Test use current
+      working-directory: .github/workflow-samples/no-wrapper
+      run: gradle help
     - name: Check current version output parameter
-      if: ${{ !startsWith(steps.gradle-current.outputs.gradle-version , '8.') }}
-      uses: actions/github-script@v7
+      if: ${{ !startsWith(steps.gradle-current.outputs.gradle-version , '9.') }}
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.gradle-current.outputs.gradle-version }}"')    
-  
-  gradle-versions:
+
+  provision-gradle-version:
     strategy:
+      fail-fast: false
       matrix:
-        gradle: [7.3, 6.9, 5.6.4, 4.10.3, 3.5.1]
+        gradle: ['9.0.0', '8.14.2', '8.12', '8.12-rc-1', '8.9', '8.1', '7.6.4', '6.9.4', '5.6.4', '4.10.3', '3.5.1']
         os: ${{fromJSON(inputs.runner-os)}}
         include:
-          - gradle: 5.6.4
+          - java-version: 11
+          - gradle: '9.0.0'
+            java-version: 17
+          - gradle: '5.6.4'
             build-root-suffix: -gradle-5
-          - gradle: 4.10.3
+          - gradle: '4.10.3'
             build-root-suffix: -gradle-4
-          - gradle: 3.5.1
+          - gradle: '3.5.1'
             build-root-suffix: -gradle-4
+            java-version: 8
+        exclude:
+          - os: macos-latest # Java 8 is not supported on macos-latest, so we cannot test Gradle 3.5.1
+            gradle: '3.5.1'
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Java
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
       with:
         distribution: temurin
-        java-version: 8
+        java-version: ${{ matrix.java-version }}
     - name: Setup Gradle
       id: setup-gradle
       uses: ./setup-gradle
@@ -98,7 +122,7 @@ jobs:
         gradle-version: ${{ matrix.gradle }}
     - name: Check output parameter
       if: ${{ steps.setup-gradle.outputs.gradle-version != matrix.gradle }}
-      uses: actions/github-script@v7
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.setup-gradle.outputs.gradle-version }}"')    
@@ -108,7 +132,7 @@ jobs:
       run: gradle help "-DgradleVersionCheck=${{matrix.gradle}}"
     - name: Check Build Scan url
       if: ${{ !steps.gradle.outputs.build-scan-url }}
-      uses: actions/github-script@v7
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       with:
         script: |
           core.setFailed('No Build Scan detected')    

.github/workflows/integ-test-restore-configuration-cache.yml

@@ -1,210 +0,0 @@
-name: Test restore configuration-cache
-
-on:
-  workflow_call:
-    inputs:
-      cache-key-prefix:
-        type: string
-      runner-os:
-        type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
-        type: boolean
-        default: false
-    secrets:
-      GRADLE_ENCRYPTION_KEY:
-        required: true
-
-env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-configuration-cache-${{ inputs.cache-key-prefix }}
-
-jobs:
-  seed-build-groovy:
-    env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-groovy
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java to ensure consistency
-      uses: actions/setup-java@v4
-      with:
-        distribution: 'liberica'
-        java-version: '21'
-    - name: Setup Gradle
-      uses: ./setup-gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6
-    - name: Groovy build with configuration-cache enabled
-      working-directory: .github/workflow-samples/groovy-dsl
-      run: gradle test --configuration-cache
-
-  verify-build-groovy:
-    env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-groovy
-    needs: seed-build-groovy
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java to ensure consistency
-      uses: actions/setup-java@v4
-      with:
-        distribution: 'liberica'
-        java-version: '21'
-    - name: Setup Gradle
-      uses: ./setup-gradle
-      with:
-        cache-read-only: true
-        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6
-    - name: Groovy build with configuration-cache enabled
-      id: execute
-      working-directory: .github/workflow-samples/groovy-dsl
-      run: gradle test --configuration-cache
-    - name: Check that configuration-cache was used
-      uses: actions/github-script@v7
-      with:
-        script: |
-          const fs = require('fs')
-          if (fs.existsSync('.github/workflow-samples/groovy-dsl/task-configured.txt')) {
-            core.setFailed('Configuration cache was not used - task was configured unexpectedly')
-          }
-
-  # Check that the build can run when no extracted cache entries are restored
-  gradle-user-home-not-fully-restored:
-    env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-groovy
-    needs: seed-build-groovy
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java to ensure consistency
-      uses: actions/setup-java@v4
-      with:
-        distribution: 'liberica'
-        java-version: '21'
-    - name: Setup Gradle with no extracted cache entries restored
-      uses: ./setup-gradle
-      env: 
-        GRADLE_BUILD_ACTION_SKIP_RESTORE: "generated-gradle-jars|wrapper-zips|java-toolchains|instrumented-jars|dependencies|kotlin-dsl"
-      with:
-        cache-read-only: true
-        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6
-    - name: Check execute Gradle build with configuration cache enabled (but not restored)
-      working-directory: .github/workflow-samples/groovy-dsl
-      run: gradle test --configuration-cache
-
-  seed-build-kotlin:
-    env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-kotlin
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java to ensure consistency
-      uses: actions/setup-java@v4
-      with:
-        distribution: 'liberica'
-        java-version: '21'
-    - name: Setup Gradle
-      uses: ./setup-gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6
-    - name: Execute 'help' with configuration-cache enabled
-      working-directory: .github/workflow-samples/kotlin-dsl
-      run: gradle help --configuration-cache
-
-  modify-build-kotlin:
-    env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-kotlin-modified
-    needs: seed-build-kotlin
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java to ensure consistency
-      uses: actions/setup-java@v4
-      with:
-        distribution: 'liberica'
-        java-version: '21'
-    - name: Setup Gradle
-      uses: ./setup-gradle
-      with:
-        cache-read-only: false # For testing, allow writing cache entries on non-default branches
-        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6
-    - name: Execute 'test' with configuration-cache enabled
-      working-directory: .github/workflow-samples/kotlin-dsl
-      run: gradle test --configuration-cache
-
-  # Test restore configuration-cache from the third build invocation
-  verify-build-kotlin:
-    env:
-      GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-cc-kotlin-modified
-    needs: modify-build-kotlin
-    strategy:
-      matrix:
-        os: ${{fromJSON(inputs.runner-os)}}
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java to ensure consistency
-      uses: actions/setup-java@v4
-      with:
-        distribution: 'liberica'
-        java-version: '21'
-    - name: Setup Gradle
-      uses: ./setup-gradle
-      with:
-        cache-read-only: true
-        cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
-        gradle-version: 8.6
-    - name: Execute 'test' again with configuration-cache enabled
-      id: execute
-      working-directory: .github/workflow-samples/kotlin-dsl
-      run: gradle test --configuration-cache
-    - name: Check that configuration-cache was used
-      uses: actions/github-script@v7
-      with:
-        script: |
-          const fs = require('fs')
-          if (fs.existsSync('.github/workflow-samples/kotlin-dsl/task-configured.txt')) {
-            core.setFailed('Configuration cache was not used - task was configured unexpectedly')
-          }
-

.github/workflows/integ-test-restore-containerized-gradle-home.yml

@@ -5,28 +5,29 @@ on:
     inputs:
       cache-key-prefix:
         type: string
-      download-dist:
+        default: '0'
+      skip-dist:
         type: boolean
         default: false
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
-  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-custom-gradle-home-${{ inputs.cache-key-prefix }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-containerized-gradle-home-${{ inputs.cache-key-prefix }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-containerized-gradle-home
+
+permissions:
+  contents: read
 
 jobs:
-  seed-build:
+  restore-containerized-seed-build:
     runs-on: ubuntu-latest
     container: fedora:latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java
-      uses: actions/setup-java@v4
-      with:
-        java-version: 11
-        distribution: temurin
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -36,20 +37,16 @@ jobs:
       run: ./gradlew test
 
   # Test that the gradle-user-home cache will cache dependencies, by running build with --offline
-  dependencies-cache:
-    needs: seed-build
+  restore-containerized-dependencies-cache:
+    needs: restore-containerized-seed-build
     runs-on: ubuntu-latest
     container: fedora:latest
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
-    - name: Setup Java
-      uses: actions/setup-java@v4
-      with:
-        java-version: 11
-        distribution: temurin
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:

.github/workflows/integ-test-restore-custom-gradle-home.yml

@@ -5,26 +5,32 @@ on:
     inputs:
       cache-key-prefix:
         type: string
-      download-dist:
+        default: '0'
+      skip-dist:
         type: boolean
         default: false
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-custom-gradle-home-${{ inputs.cache-key-prefix }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-custom-gradle-home
+
+permissions:
+  contents: read
 
 jobs:
-  seed-build:
+  restore-custom-gradle-home-seed-build:
     runs-on: ubuntu-latest
     steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Set Gradle User Home
       run: |
         mkdir -p $GITHUB_WORKSPACE/gradle-user-home
         echo "GRADLE_USER_HOME=$GITHUB_WORKSPACE/gradle-user-home" >> $GITHUB_ENV
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -34,18 +40,19 @@ jobs:
       run: ./gradlew test --info
 
   # Test that the gradle-user-home cache will cache dependencies, by running build with --offline
-  dependencies-cache:
-    needs: seed-build
+  restore-custom-gradle-home-dependencies-cache:
+    needs: restore-custom-gradle-home-seed-build
     runs-on: ubuntu-latest
     steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Set Gradle User Home
       run: |
         mkdir -p $GITHUB_WORKSPACE/gradle-user-home
         echo "GRADLE_USER_HOME=$GITHUB_WORKSPACE/gradle-user-home" >> $GITHUB_ENV
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -55,18 +62,19 @@ jobs:
       run: ./gradlew test --offline --info
 
   # Test that the gradle-user-home cache will cache and restore local build-cache
-  build-cache:
-    needs: seed-build
+  restore-custom-gradle-home-build-cache:
+    needs: restore-custom-gradle-home-seed-build
     runs-on: ubuntu-latest
     steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Set Gradle User Home
       run: |
         mkdir -p $GITHUB_WORKSPACE/gradle-user-home
         echo "GRADLE_USER_HOME=$GITHUB_WORKSPACE/gradle-user-home" >> $GITHUB_ENV
-    - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
     - name: Setup Gradle
       uses: ./setup-gradle
       with:

.github/workflows/integ-test-restore-gradle-home.yml

@@ -5,29 +5,36 @@ on:
     inputs:
       cache-key-prefix:
         type: string
+        default: '0'
       runner-os:
         type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
+        default: '["ubuntu-latest"]'
+      skip-dist:
         type: boolean
         default: false
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-gradle-home-${{ inputs.cache-key-prefix }}
   GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-gradle-home
 
+permissions:
+  contents: read
+
 jobs:
-  seed-build:
+  restore-gradle-home-seed-build:
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -37,17 +44,20 @@ jobs:
       run: ./gradlew test
 
   # Test that the gradle-user-home cache will cache dependencies, by running build with --offline
-  dependencies-cache:
-    needs: seed-build
+  restore-gradle-home-dependencies-cache:
+    needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -57,17 +67,20 @@ jobs:
       run: ./gradlew test --offline
 
   # Test that the gradle-user-home cache will cache and restore local build-cache
-  build-cache:
-    needs: seed-build
+  restore-gradle-home-build-cache:
+    needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -77,17 +90,20 @@ jobs:
       run: ./gradlew test -DverifyCachedBuild=true
 
   # Check that the build can run when Gradle User Home is not fully restored
-  no-extracted-cache-entries-restored:
-    needs: seed-build
+  restore-gradle-home-no-extracted-cache-entries-restored:
+    needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle with no extracted cache entries restored
       uses: ./setup-gradle
       env: 
@@ -99,17 +115,20 @@ jobs:
       run: ./gradlew test
 
   # Test that a pre-existing gradle-user-home can be overwritten by the restored cache
-  pre-existing-gradle-home:
-    needs: seed-build
+  restore-gradle-home-pre-existing-gradle-home:
+    needs: restore-gradle-home-seed-build
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Pre-create Gradle User Home
       shell: bash
       run: |

.github/workflows/integ-test-restore-java-toolchain.yml

@@ -5,28 +5,38 @@ on:
     inputs:
       cache-key-prefix:
         type: string
+        default: '0'
       runner-os:
         type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
+        default: '["ubuntu-latest"]'
+      skip-dist:
         type: boolean
         default: false
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: restore-java-toolchain-${{ inputs.cache-key-prefix }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_JOB: restore-java-toolchain
+
+permissions:
+  contents: read
 
 jobs:
-  seed-build:
+  restore-java-toolchain-seed-build:
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+      with:
+        java-version: '17'
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -36,17 +46,22 @@ jobs:
       run: ./gradlew test --info
 
   # Test that the gradle-user-home cache will cache the toolchain, by running build with --offline
-  toolchain-cache:
-    needs: seed-build
+  restore-java-toolchain-verify-build:
+    needs: restore-java-toolchain-seed-build
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+      with:
+        java-version: '17'
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:

.github/workflows/integ-test-sample-gradle-plugin.yml

@@ -5,28 +5,35 @@ on:
     inputs:
       cache-key-prefix:
         type: string
+        default: '0'
       runner-os:
         type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
+        default: '["ubuntu-latest"]'
+      skip-dist:
         type: boolean
         default: false
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: sample-gradle-plugin-${{ inputs.cache-key-prefix }}
 
+permissions:
+  contents: read
+
 jobs:
-  seed-build:
+  sample-gradle-plugin-seed-build:
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -35,17 +42,20 @@ jobs:
       working-directory: .github/workflow-samples/gradle-plugin
       run: ./gradlew build
 
-  verify-build:
-    needs: seed-build
+  sample-gradle-plugin-verify-build:
+    needs: sample-gradle-plugin-seed-build
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:

.github/workflows/integ-test-sample-kotlin-dsl.yml

@@ -5,28 +5,35 @@ on:
     inputs:
       cache-key-prefix:
         type: string
+        default: '0'
       runner-os:
         type: string
-        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
-      download-dist:
+        default: '["ubuntu-latest"]'
+      skip-dist:
         type: boolean
         default: false
 
 env:
-  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  SKIP_DIST: ${{ inputs.skip-dist }}
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: sample-kotlin-dsl-${{ inputs.cache-key-prefix }}
 
+permissions:
+  contents: read
+
 jobs:
-  seed-build:
+  sample-kotlin-dsl-seed-build:
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:
@@ -35,17 +42,20 @@ jobs:
       working-directory: .github/workflow-samples/kotlin-dsl
       run: ./gradlew build
 
-  verify-build:
-    needs: seed-build
+  sample-kotlin-dsl-verify-build:
+    needs: sample-kotlin-dsl-seed-build
     strategy:
+      max-parallel: 1
+      fail-fast: false
       matrix:
         os: ${{fromJSON(inputs.runner-os)}}
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
-      uses: actions/checkout@v4
-    - name: Download distribution if required
-      uses: ./.github/actions/download-dist
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
     - name: Setup Gradle
       uses: ./setup-gradle
       with:

.github/workflows/integ-test-wrapper-validation.yml

@@ -0,0 +1,173 @@
+name: Test wrapper validation
+
+on:
+  workflow_call:
+    inputs:
+      runner-os:
+        type: string
+        default: '["ubuntu-latest"]'
+      skip-dist:
+        type: boolean
+        default: false
+
+env:
+  SKIP_DIST: ${{ inputs.skip-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: wrapper-validation- # Avoid loading cache entries from other tests, that may have cached allowed wrapper checksums
+
+permissions:
+  contents: read
+
+jobs:
+  wrapper-validation-setup-gradle:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Run wrapper-validation-action
+      id: setup-gradle
+      uses: ./setup-gradle
+      env:
+        ALLOWED_GRADLE_WRAPPER_CHECKSUMS: ''
+      continue-on-error: true
+
+    - name: Check failure
+      shell: bash
+      run: |
+        if [ "${{ steps.setup-gradle.outcome}}" != "failure" ] ; then
+          echo "Expected validation to fail, but it didn't"
+          exit 1
+        fi
+
+  wrapper-validation-success:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Run wrapper-validation-action
+      id: action-test
+      uses: ./wrapper-validation
+      with:
+        # to allow the invalid wrapper jar present in test data
+        allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+        min-wrapper-count: 10
+
+    - name: Check outcome
+      env:
+        # Evaluate workflow expressions here as env variable values instead of inside shell script
+        # below to not accidentally inject code into shell script or break its syntax
+        FAILED_WRAPPERS: ${{ steps.action-test.outputs.failed-wrapper }}
+        FAILED_WRAPPERS_MATCHES: ${{ steps.action-test.outputs.failed-wrapper == '' }}
+      shell: bash
+      run: |
+        if [ "$FAILED_WRAPPERS_MATCHES" != "true" ] ; then
+          echo "'outputs.failed-wrapper' has unexpected content: $FAILED_WRAPPERS"
+          exit 1
+        fi
+
+  wrapper-validation-error:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Run wrapper-validation-action
+      id: action-test
+      uses: ./wrapper-validation
+      # Expected to fail; validated below
+      continue-on-error: true
+
+    - name: Check outcome
+      env:
+        # Evaluate workflow expressions here as env variable values instead of inside shell script
+        # below to not accidentally inject code into shell script or break its syntax
+        VALIDATION_FAILED: ${{ steps.action-test.outcome == 'failure' }}
+        FAILED_WRAPPERS: ${{ steps.action-test.outputs.failed-wrapper }}
+        FAILED_WRAPPERS_MATCHES: ${{ steps.action-test.outputs.failed-wrapper == 'sources/test/jest/wrapper-validation/data/invalid/gradle-wrapper.jar|sources/test/jest/wrapper-validation/data/invalid/gradlе-wrapper.jar' }}
+      shell: bash
+      run: |
+        if [ "$VALIDATION_FAILED" != "true" ] ; then
+          echo "Expected validation to fail, but it didn't"
+          exit 1
+        fi
+
+        if [ "$FAILED_WRAPPERS_MATCHES" != "true" ] ; then
+          echo "'outputs.failed-wrapper' has unexpected content: $FAILED_WRAPPERS"
+          exit 1
+        fi
+
+  wrapper-validation-minimum-wrapper-count:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      with:
+        sparse-checkout: |
+          .github
+          dist
+          wrapper-validation
+
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Run wrapper-validation-action
+      id: action-test
+      uses: ./wrapper-validation
+      with:
+        min-wrapper-count: 7
+      # There are only 6 wrappers in workflow-samples, so expected to fail
+      continue-on-error: true
+
+    - name: Check outcome
+      env:
+        # Evaluate workflow expressions here as env variable values instead of inside shell script
+        # below to not accidentally inject code into shell script or break its syntax
+        VALIDATION_FAILED: ${{ steps.action-test.outcome == 'failure' }}
+      shell: bash
+      run: |
+        if [ "$VALIDATION_FAILED" != "true" ] ; then
+          echo "Expected validation to fail, but it didn't"
+          exit 1
+        fi
+
+  wrapper-validation-zero-wrappers:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2 # Checkout the repository with no wrappers
+      with:
+        sparse-checkout: |
+          .github/actions
+          dist
+          wrapper-validation
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Run wrapper-validation-action
+      id: action-test
+      uses: ./wrapper-validation
+      # Expected to fail; validated below
+      continue-on-error: true
+
+    - name: Check outcome
+      env:
+        # Evaluate workflow expressions here as env variable values instead of inside shell script
+        # below to not accidentally inject code into shell script or break its syntax
+        VALIDATION_FAILED: ${{ steps.action-test.outcome == 'failure' }}
+      shell: bash
+      run: |
+        if [ "$VALIDATION_FAILED" != "true" ] ; then
+          echo "Expected validation to fail, but it didn't"
+          exit 1
+        fi

.github/workflows/suite-integ-test-caching.yml

@@ -0,0 +1,47 @@
+name: suite-integ-test-caching
+
+on:
+  workflow_call:
+    inputs:
+      runner-os:
+        type: string
+        default: '["ubuntu-latest"]'
+      skip-dist:
+        type: boolean
+        default: false
+
+permissions:
+  contents: read
+
+jobs:
+  cache-cleanup:
+    uses: ./.github/workflows/integ-test-cache-cleanup.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  caching-config:
+    uses: ./.github/workflows/integ-test-caching-config.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  restore-containerized-gradle-home:
+    uses: ./.github/workflows/integ-test-restore-containerized-gradle-home.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+
+  restore-custom-gradle-home:
+    uses: ./.github/workflows/integ-test-restore-custom-gradle-home.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+
+  restore-gradle-home:
+    uses: ./.github/workflows/integ-test-restore-gradle-home.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+
+  restore-java-toolchain:
+    uses: ./.github/workflows/integ-test-restore-java-toolchain.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}

.github/workflows/suite-integ-test-other.yml

@@ -0,0 +1,85 @@
+name: suite-integ-test-other
+
+on:
+  workflow_call:
+    inputs:
+      runner-os:
+        type: string
+        default: '["ubuntu-latest"]'
+      skip-dist:
+        type: boolean
+        default: false
+
+permissions:
+  contents: read
+
+jobs:
+  build-scan-publish:
+    uses: ./.github/workflows/integ-test-build-scan-publish.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  dependency-graph:
+    if: ${{ ! github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/integ-test-dependency-graph.yml
+    permissions:
+      contents: write
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  dependency-submission:
+    if: ${{ ! github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/integ-test-dependency-submission.yml
+    permissions:
+      contents: write
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  dependency-submission-failures:
+    if: ${{ ! github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/integ-test-dependency-submission-failures.yml
+    permissions:
+      contents: write
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  develocity-injection:
+    if: ${{ ! github.event.pull_request.head.repo.fork }}
+    uses: ./.github/workflows/integ-test-inject-develocity.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+    secrets:
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}
+
+  provision-gradle-versions:
+    uses: ./.github/workflows/integ-test-provision-gradle-versions.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  sample-kotlin-dsl:
+    uses: ./.github/workflows/integ-test-sample-kotlin-dsl.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  sample-gradle-plugin:
+    uses: ./.github/workflows/integ-test-sample-gradle-plugin.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}
+
+  toolchain-detection:
+    uses: ./.github/workflows/integ-test-detect-toolchains.yml
+    with:
+      skip-dist: ${{ inputs.skip-dist }}
+
+  wrapper-validation:
+    uses: ./.github/workflows/integ-test-wrapper-validation.yml
+    with:
+      runner-os: '${{ inputs.runner-os }}'
+      skip-dist: ${{ inputs.skip-dist }}

.github/workflows/update-checksums-file.js

@@ -0,0 +1,94 @@
+/*
+ * Updates the `wrapper-checksums.json` file
+ *
+ * This is intended to be executed by the GitHub workflow, but can also be run
+ * manually.
+ */
+
+// @ts-check
+
+const httpm = require('../../sources/node_modules/@actions/http-client')
+
+const path = require('path')
+const fs = require('fs')
+
+/**
+ * @returns {Promise<void>}
+ */
+async function main() {
+  const httpc = new httpm.HttpClient(
+    'gradle/wrapper-validation-action/update-checksums-workflow',
+    undefined,
+    {allowRetries: true, maxRetries: 3}
+  )
+
+  /**
+   * @param {string} url
+   * @returns {Promise<string>}
+   */
+  async function httpGetText(url) {
+    const response = await httpc.get(url)
+    return await response.readBody()
+  }
+
+  /**
+   * @typedef {Object} ApiVersionEntry
+   * @property {string} version - version name
+   * @property {string=} wrapperChecksumUrl - wrapper checksum URL; not present for old versions
+   * @property {boolean} snapshot - whether this is a snapshot version
+   */
+
+  /**
+   * @returns {Promise<ApiVersionEntry[]>}
+   */
+  async function httpGetVersions() {
+    return JSON.parse(
+      await httpGetText('https://services.gradle.org/versions/all')
+    )
+  }
+
+  const versions = (await httpGetVersions())
+    // Only include versions with checksum
+    .filter(e => e.wrapperChecksumUrl !== undefined)
+    // Ignore snapshots; they are changing frequently so no point in including them in checksums file
+    .filter(e => !e.snapshot)
+  console.info(`Got ${versions.length} relevant Gradle versions`)
+
+  // Note: For simplicity don't sort the entries but keep the order from the API; this also has the
+  // advantage that the latest versions come first, so compared to appending versions at the end
+  // this will not cause redundant Git diff due to trailing `,` being forbidden by JSON
+
+  /**
+   * @typedef {Object} FileVersionEntry
+   * @property {string} version
+   * @property {string} checksum
+   */
+  /** @type {FileVersionEntry[]} */
+  const fileVersions = []
+  for (const entry of versions) {
+    /** @type {string} */
+    // @ts-ignore
+    const checksumUrl = entry.wrapperChecksumUrl
+    const checksum = await httpGetText(checksumUrl)
+    fileVersions.push({version: entry.version, checksum})
+  }
+
+  const jsonPath = path.resolve(
+    __dirname,
+    '..',
+    '..',
+    'sources',
+    'src',
+    'wrapper-validation',
+    'wrapper-checksums.json'
+  )
+  console.info(`Writing checksums file to ${jsonPath}`)
+  // Write pretty-printed JSON (and add trailing line break)
+  fs.writeFileSync(jsonPath, JSON.stringify(fileVersions, null, 2) + '\n')
+}
+
+main().catch(e => {
+  console.error(e)
+  // Manually set error exit code, otherwise error is logged but script exits successfully
+  process.exitCode = 1
+})

.github/workflows/update-checksums-file.yml

@@ -0,0 +1,68 @@
+name: 'Update Wrapper checksums file'
+
+on:
+  # Run weekly (at arbitrary time)
+  schedule:
+    - cron: '24 5 * * 6'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  update-checksums:
+    permissions:
+      contents: write
+      pull-requests: write
+    name: Update checksums
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Set up Node.js
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        with:
+          node-version: 20
+          cache: npm
+          cache-dependency-path: sources/package-lock.json
+
+      - name: Install dependencies
+        run: |
+          npm clean-install typed-rest-client@1.8.11 --no-save
+        working-directory: sources
+
+      - name: Update checksums file
+        run: node ../.github/workflows/update-checksums-file.js
+        working-directory: sources
+
+      - name: Import GPG key to sign commits
+        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
+        with:
+          gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_config_global: true
+
+      # If there are no changes, this action will not create a pull request
+      - name: Create or update pull request
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+        with:
+          branch: bot/wrapper-checksums-update
+          author: bot-githubaction <bot-githubaction@gradle.com>
+          committer: bot-githubaction <bot-githubaction@gradle.com>
+          commit-message: Update known wrapper checksums
+          title: Update known wrapper checksums
+          # Note: Unfortunately this action cannot trigger the regular workflows for the PR automatically, see
+          # https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs
+          # Therefore suggest below to close and then reopen the PR
+          body: |
+            Automatically generated pull request to update the known wrapper checksums.
+
+            In case of conflicts, manually run the workflow from the [Actions tab](https://github.com/gradle/actions/actions/workflows/update-checksums-file.yml), the changes will then be force-pushed onto this pull request branch.
+            Do not manually update the pull request branch; those changes might get overwritten.
+
+            > [!IMPORTANT]  
+            > GitHub workflows have not been executed for this pull request yet. Before merging, close and then directly reopen this pull request to trigger the workflows.

.gitignore

@@ -1,3 +1,3 @@
 .git
 .vscode
-actions.code-workspace
+.claude

.tool-versions

@@ -0,0 +1,4 @@
+# Configuration file for asdf version manager
+nodejs 24.3.0
+gradle 8.14.2
+java liberica-11.0.26+9

CLAUDE.md

@@ -0,0 +1,28 @@
+# Workspace Instructions
+
+## Vendored Library Flow
+
+This repository uses a proprietary caching library: `gradle-actions-caching`.
+
+- The vendored copy lives at `sources/vendor/gradle-actions-caching`
+- The source code is at `../actions-caching` and https://github.com/gradle/actions-caching
+
+When a task involves building, updating, validating, or testing the vendored `gradle-actions-caching` library, use this sequence:
+
+1. Run `npm run build` in `actions-caching`.
+2. Copy (overwrite) the contents of `actions-caching/dist/` onto `sources/vendor/gradle-actions-caching/`. (No need to rm the existing contents)
+3. Then continue with any build, test, or validation steps in this repository.
+
+Do not treat `actions/sources/vendor/gradle-actions-caching` as the source of truth. The source of truth is `actions-caching`, and the vendor directory must be refreshed from its `dist/` output after rebuilding.
+
+## Building
+
+To build this repository, run the `build` script at the root of that repository with no arguments:
+
+```sh
+./build
+```
+
+## dist directory
+
+Never make direct changes to the 'dist' directory. Building with npm will populate 'sources/dist' which is enough. There is a CI workflow that will update the 'dist' directory when required.

CONTRIBUTING.md

@@ -1,14 +1,34 @@
-### How to merge a Dependabot PR
+## Building
 
-The "distribution" for a GitHub Action is checked into the repository itself. 
-In the case of these actions, the transpiled sources are committed to the `dist` directory. 
-Any production dependencies are inlined into the distribution. 
-So if a Dependabot PR updates a production dependency (or a dev dependency that changes the distribution, like the Typescript compiler), 
-then a manual step is required to rebuild the dist and commit.
+The `build` script in the project root provides a convenient way to perform many local build tasks:
+1. `./build` will lint and compile typescript sources
+2. `./build all` will lint and compile typescript and run unit tests
+3. `./build install` will install npm packages followed by lint and compile
+4. `./build init-scripts` will run the init-script integration tests
+5. `./build act <act-commands>` will run `act` after building local changes (see below)
 
-The simplest process to follow is:
-1. Checkout the dependabot branch locally eg: `git checkout dependabot/npm_and_yarn/actions/github-5.1.0`
-2. In the `sources` directory, run `npm install` to download NPM dependencies
-3. In the `sources` directory, run `npm run build` to regenerate the distribution
-4. Push the changes to the dependabot branch
-5. If/when the checks pass, you can merge the dependabot PR
+## Using `act` to run integ-test workflows locally
+
+It's possible to run GitHub Actions workflows locally with https://nektosact.com/.
+Many of the test workflows from this repository can be run in this way, making it easier to
+test local changes without pushing to a branch.
+
+This feature is most useful to run a single `integ-test-*` workflow. Avoid running `ci-quick-test` or other aggregating workflows unless you want to use your local machine as a heater!
+
+Example running a single workflow:
+`./build act -W .github/workflows/integ-test-caching-config.yml`
+
+Example running a single job:
+`./build act -W .github/workflows/integ-test-caching-config.yml -j cache-disabled-pre-existing-gradle-home`
+
+Known issues:
+- `integ-test-detect-java-toolchains.yml` fails when running on a `linux/amd64` container, since the expected pre-installed JDKs are not present. Should be fixed by #89.
+- `act` is not yet compatible with `actions/upload-artifact@v4` (or related toolkit functions)
+    - See https://github.com/nektos/act/pull/2224
+- Workflows run by `act` cannot submit to the dependency-submission API, as no `GITHUB_TOKEN` is available by default.
+
+Tips:
+- Add the following lines to `~/.actrc`:
+    - `--container-daemon-socket -` : Prevents "error while creating mount source path", and yes that's a solitary dash at the end
+    - `--matrix os:ubuntu-latest` : Avoids a lot of logging about unsupported runners being skipped
+- Runners don't have `java` installed by default, so all workflows that run Gradle require a `setup-java` step.