2f4128a31c
Bump github/codeql-action from 4.35.4 to 4.35.5 ( #1624 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action )
from 4.35.4 to 4.35.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases ">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.35.5</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899 ">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791 ">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892 ">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880 ">#3880</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894 ">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893 ">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5 ">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926 ">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899 ">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791 ">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892 ">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880 ">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4 ">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881 ">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837 ">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850 ">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853 ">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852 ">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3 ">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865 ">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795 ">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789 ">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794 ">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807 ">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2 ">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823 ">#3823</a></li>
</ul>
<h2>4.35.1 - 27 Mar 2026</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781 ">#3781</a></li>
</ul>
<h2>4.35.0 - 27 Mar 2026</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767 ">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1 ">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773 ">#3773</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba "><code>9e0d7b8</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3905 ">#3905</a>
from github/update-v4.35.5-d4b485515</li>
<li><a
href="https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684 "><code>6d7d599</code></a>
Add changelog entry for <a
href="https://redirect.github.com/github/codeql-action/issues/3899 ">#3899</a></li>
<li><a
href="https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14 "><code>51f7e38</code></a>
Update changelog for v4.35.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11 "><code>d4b4855</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3899 ">#3899</a>
from github/mbg/esbuild/split</li>
<li><a
href="https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9 "><code>127de81</code></a>
Merge remote-tracking branch 'origin/main' into mbg/esbuild/split</li>
<li><a
href="https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b "><code>7fde13f</code></a>
Use src + basename in header to avoid issues on Windows</li>
<li><a
href="https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933 "><code>dfa61e7</code></a>
Improve pattern matching and error handling</li>
<li><a
href="https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a "><code>52aafec</code></a>
Import and call <code>runWrapper</code> normally in <code>analyze</code>
tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111 "><code>0d08c01</code></a>
Auto-generate shared bundle</li>
<li><a
href="https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204 "><code>14085a6</code></a>
Auto-generate entry points</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...9e0d7b8d25671d64c341c19c0152d693099fb5ba ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-28 10:27:18 -07:00
99b29ef3c7
Bump github/codeql-action from 4.35.2 to 4.35.4 ( #1586 )
2026-05-14 08:49:18 -07:00
c4f56bf20d
Fix setting DEBUG_ARGS ( #1558 )
...
Looks like context variable `runner` isn't available on the job level
`env`. It's available on the step level `env` though.
2026-04-24 19:34:08 -07:00
87b15f7a70
Only set --stacktrace --info if verbose logging is enabled ( #1557 )
...
This is a quality-of-life improvement; make our build logs more easy to
read through for the default case.
If we need more information, we can click on the "Enable debug logging"
checkbox when re-running a job, which then populates the `runner.debug`
context variable.
2026-04-24 15:28:57 -07:00
e07ff96de8
Switch CodeQL to use PklCI API ( #1555 )
2026-04-23 11:28:16 -07:00
a33e431433
Enable codeql scanning ( #1532 )
...
This enables security vulnerability scanning using CodeQL.
2026-04-20 11:28:31 -07:00
2dd0e2de21
Only include *runtimeClasspath and *compileClasspath dependencies ( #1529 )
2026-04-16 17:09:08 -07:00
a8500b6b03
Add dependency submission ( #1523 )
...
This adds jobs to add Gradle dependencies to [GitHub's dependency
submission
API](https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/using-the-dependency-submission-api ),
and to review when these dependencies change.
2026-04-15 22:21:17 -07:00
2d4286ee7b
Upgrade JVM toolchain to 25 and Kotlin toolchain to 2.3.20 ( #1516 )
...
Motivation
- Enable correct NullAway analysis
- Pick up toolchain fixes and improvements
Toolchains
- Require JDK 25 for JVM toolchain (keep Java 17 runtime compatibility)
- Require Kotlin 2.3.20 for Kotlin toolchain (keep Kotlin 2.2 runtime
compatibility)
- Require JDK 25 for Gradle daemon JVM (via
gradle-daemon-jvm.properties)
- Fix javac and kotlinc warnings from toolchain upgrades
CI
- Bump GitHub workflows to JDK 25
Building Kotlin
- Bump Kotlin language level to 2.2 to match stdlib version
- Consolidate build logic into pklKotlinBase.gradle.kts
- Adopt modern Kotlin plugin syntax
- Fix new kotlinc warnings
- Update ktfmt to 0.62
- first version compatible with Kotlin 2.3.20
- changes formatting compared to 0.61
- Replace dependency resolution rule with BOM alignment
- rule was too broad and interfered with toolchain/runtime separation
Testing
- Expand matrix to JDK 25 (LTS) and 26
- Ensure each matrix task can be run independently
- Fix KotlinCodeGeneratorsTest and EmbeddedExecutorsTest on affected
JDKs
- Disable one test in CliCommandTest on affected JDKs (failure cause
unknown)
Compatibility fixes
- Fix reflective access in DocGenerator on affected JDKs
Build fixes
- Fix misuse of `task.enabled` vs. `report.required`
- Fix `gradlew tasks` on Windows
- Downgrade Spotless to 8.3.0 to (hopefully) work around sporadic
NoClassDefFoundError
Result
- NullAway runs correctly
- Broader JDK test coverage
- More reproducible and potentially faster builds
2026-04-14 11:57:09 -07:00
dc5504749a
Disable gradle cache for release builds ( #1474 )
2026-03-26 16:54:10 +01:00
46da9cb33a
Bump actions/create-github-app-token from 2.2.1 to 2.2.2 ( #1469 )
2026-03-16 09:55:09 -07:00
3eda3b197e
Bump pkl.impl.ghactions to version 1.5.0 ( #1460 )
2026-03-03 17:59:39 -08:00
51bb1a5c7e
Bump gradle/actions from 5.0.1 to 5.0.2 ( #1456 )
2026-03-02 09:00:50 -08:00
77395a86f4
Bump EnricoMi/publish-unit-test-result-action from 2.22.0 to 2.23.0 ( #1435 )
2026-02-23 08:51:04 -08:00
effa4844e6
Bump pkl.impl.ghactions to version 1.3.5 ( #1422 )
2026-02-06 08:43:45 -08:00
7b7b51c0ae
Bump gradle/actions from 5.0.0 to 5.0.1 ( #1420 )
...
Bumps [gradle/actions](https://github.com/gradle/actions ) from 5.0.0 to
5.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/actions/releases ">gradle/actions's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>npm</code> code dependency versions</li>
<li>Bump Gradle versions used in sample builds</li>
<li>Bump dependencies versions in Gradle sample builds</li>
<li>Bump GitHub actions used for build and test</li>
<li>Update known wrapper checksums to include Gradle 9.2+</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gradle/actions/compare/v5.0.0...v5.0.1 ">https://github.com/gradle/actions/compare/v5.0.0...v5.0.1 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gradle/actions/commit/f29f5a9d7b09a7c6b29859002d29d24e1674c884 "><code>f29f5a9</code></a>
Attempt to fix flaky caching tests (<a
href="https://redirect.github.com/gradle/actions/issues/836 ">#836</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/8c7f3ffba4042e38a9b017ec1433452e674e4403 "><code>8c7f3ff</code></a>
Bump to v1.4.1 of the dependency-submission plugin</li>
<li><a
href="https://github.com/gradle/actions/commit/85e9805d21cf3b1d1c54c470ae15083df20e00ed "><code>85e9805</code></a>
[bot] Update dist directory</li>
<li><a
href="https://github.com/gradle/actions/commit/acb81f1e15dbc4ea06da2aa52ac9a056747ba8cf "><code>acb81f1</code></a>
Bump the npm-dependencies group across 1 directory with 8 updates (<a
href="https://redirect.github.com/gradle/actions/issues/821 ">#821</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/00660c8721edeac5845b81ab1a2d47af4de1e150 "><code>00660c8</code></a>
Bump github/codeql-action from 4.31.10 to 4.32.0 in the github-actions
group ...</li>
<li><a
href="https://github.com/gradle/actions/commit/d498ad3b5f3030c0feb2913ae7059605e5d4de40 "><code>d498ad3</code></a>
[bot] Update dist directory</li>
<li><a
href="https://github.com/gradle/actions/commit/de83f3396312260c9a3dfc1d77ee4b6f2361eb9a "><code>de83f33</code></a>
Update Gradle version and Gradle dependencies (<a
href="https://redirect.github.com/gradle/actions/issues/834 ">#834</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/baabf402fa7896574cf6caf18668d5509e3ce8ef "><code>baabf40</code></a>
Bump the github-actions group across 2 directories with 5 updates</li>
<li><a
href="https://github.com/gradle/actions/commit/69353a9e141a8a7865bcbf48a099ad644e9adf2f "><code>69353a9</code></a>
Bump the gradle group across 1 directory with 4 updates</li>
<li><a
href="https://github.com/gradle/actions/commit/221c7f4dbd2468936638e2ba4fe1d987ce3bbe0d "><code>221c7f4</code></a>
Update known wrapper checksums</li>
<li>Additional commits viewable in <a
href="https://github.com/gradle/actions/compare/4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2...f29f5a9d7b09a7c6b29859002d29d24e1674c884 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-02 09:39:13 -08:00
a2bfbd72a7
Bump actions/checkout from 6.0.1 to 6.0.2 ( #1417 )
2026-01-26 09:04:22 -08:00
11b65e4d7a
Bump actions/setup-java from 5.1.0 to 5.2.0 ( #1416 )
2026-01-26 08:55:53 -08:00
f6cfc82201
Bump pkl.impl.ghactions to version 1.3.3 ( #1408 )
...
Updates pkl.impl.ghactions package to version 1.3.3
2026-01-15 12:06:56 -08:00
fd66438828
Bump pkl.impl.ghactions to version 1.3.2 ( #1403 )
...
Updates pkl.impl.ghactions package to version 1.3.2
2026-01-12 18:01:46 -08:00
474305c7b9
Use gradle/actions/setup-gradle ( #1397 )
...
This adds the setup-gradle action; which has the following improvements:
* Improved cacheing (compared to setup-java's Gradle cache)
* Validates the gradle wrapper jar
2026-01-07 21:10:07 -08:00
35861240a0
Bump EnricoMi/publish-unit-test-result-action from 2.21.0 to 2.22.0 ( #1382 )
...
Bumps
[EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action )
from 2.21.0 to 2.22.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/enricomi/publish-unit-test-result-action/releases ">EnricoMi/publish-unit-test-result-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.22.0</h2>
<p>Adds the following improvements:</p>
<ul>
<li>Upgrade all Python dependencies to latest version <a
href="https://redirect.github.com/enricomi/publish-unit-test-result-action/issues/710 ">#710</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/EnricoMi/publish-unit-test-result-action/compare/v2.21.0...v2.22.0 ">https://github.com/EnricoMi/publish-unit-test-result-action/compare/v2.21.0...v2.22.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/EnricoMi/publish-unit-test-result-action/commit/27d65e188ec43221b20d26de30f4892fad91df2f "><code>27d65e1</code></a>
Releasing v2.22.0</li>
<li><a
href="https://github.com/EnricoMi/publish-unit-test-result-action/commit/2deae407d71f83660c8129d55379ef777127b1bf "><code>2deae40</code></a>
Upgrade transient dependencies (<a
href="https://redirect.github.com/enricomi/publish-unit-test-result-action/issues/710 ">#710</a>)</li>
<li><a
href="https://github.com/EnricoMi/publish-unit-test-result-action/commit/a6d8f3d6cae9c3d19a7a97f61e44d5754b97d803 "><code>a6d8f3d</code></a>
Add Ubuntu slim runner (<a
href="https://redirect.github.com/enricomi/publish-unit-test-result-action/issues/709 ">#709</a>)</li>
<li><a
href="https://github.com/EnricoMi/publish-unit-test-result-action/commit/d3ed9acf9b75c81bd3ed28fac2ef38e7631afd0b "><code>d3ed9ac</code></a>
CI: Merge check upgrades jobs into single job (<a
href="https://redirect.github.com/enricomi/publish-unit-test-result-action/issues/700 ">#700</a>)</li>
<li>See full diff in <a
href="https://github.com/enricomi/publish-unit-test-result-action/compare/34d7c956a59aed1bfebf31df77b8de55db9bbaaf...27d65e188ec43221b20d26de30f4892fad91df2f ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-22 09:34:57 -08:00
b92c773555
Bump pkl.impl.ghactions ( #1366 )
2025-12-12 11:30:47 -08:00
cd9cfaae8f
Bump pkl.impl.ghactions, update lockfile to not run ( #1362 )
2025-12-10 21:39:18 -08:00
2578703081
Bump versions, fix dependabot updates ( #1361 )
2025-12-10 18:03:32 -08:00
b170968e9e
Bump pkl.impl.ghactions to 1.1.0, add version locking. ( #1359 )
...
This adopts the version locking introduced in pkl.impl.ghactions@1.1.0.
2025-12-10 16:35:15 -08:00
9d41518553
Bump pkl.impl.ghactions to 1.0.1 ( #1358 )
2025-12-09 10:53:04 -08:00
b7ccc67bd8
Adjust CI to not publish test results for deploy-snapshot ( #1357 )
2025-12-08 09:56:57 -08:00
2de1d5b9d2
Build linux executables that link to glibc 2.17 ( #1352 )
...
Fixes an unintentional breakage in 0.30.1 that bumped the required glibc to 2.34.
2025-12-05 15:24:27 -08:00
c73fc87583
Fix release publishing ( #1343 )
2025-12-03 15:13:31 -08:00
c5b98d6510
CI job polish ( #1341 )
...
Avoids issues where setup-java post-task cacheing will hang with "device
or resource busy".
2025-12-03 15:11:33 -08:00
db6ff394d7
Fix fetch depth for gradle-compatibility and java-executables-* CI jobs ( #1339 )
2025-12-03 10:34:03 -08:00
6c3683c55e
Fix snapshot publishing ( #1330 )
2025-11-26 09:17:14 +01:00
bc5d675b6e
Fix macos/amd64 image builds ( #1322 )
2025-11-17 12:16:28 -08:00
a2cc70ae37
Fix deploy jobs ( #1319 )
...
Specify `merge-multiple` to prevent new directories from being created
when downloading artifacts.
2025-11-15 16:30:51 -08:00
ef9b53be98
Fix release builds ( #1317 )
...
In order to preserve the folder hierarchy in our uploaded artifact,
we need to insert a wildcard in the root path.
Also, fix fan-in of tasks that lead to the publish test result task.
2025-11-14 15:18:30 -08:00
0ff9125062
Fix build java executable ( #1316 )
2025-11-13 17:46:35 -08:00
f948ba2a20
Switch to GitHub Actions ( #1315 )
...
This switches our builds over to GitHub Actions!
TODO:
* Add macOS/amd64 native-image builds; this isn't working right now
* Patch musl with security patches
* Add benchmark jobs over time
As part of this build, PRBs will now only run `./gradlew check` on Linux,
but other jobs can be run using slash commands, e.g. `[windows]`
to run `./gradle check` on Windows.
2025-11-13 16:03:05 -08:00
dependabot[bot]