Add workflow for Update Gradle Wrapper Action.#3297
Merged
rnorth merged 2 commits intotestcontainers:masterfrom Oct 11, 2020
gradle-update:master
Merged
Add workflow for Update Gradle Wrapper Action.#3297rnorth merged 2 commits intotestcontainers:masterfrom gradle-update:master
rnorth merged 2 commits intotestcontainers:masterfrom
gradle-update:master
Conversation
Member
|
I think as a general principle we'd want to use Dependabot for all version bumping - but it doesn't cover Gradle version upgrades, so there's definitely a gap that this action addresses! I think I'd be happy with a couple of tweaks:
Thanks |
Contributor
Author
|
@rnorth thanks for your reply!
It makes sense to me if you want to stay on the safe side. You might not automatically benefit from new functionalities or fixes as v1 continues to get updated, but I totally understand that you want to have more control over a 3rd party repo that is not part of the Gradle org.
Sure thing, will work on it! Would it be ok for your use case if the labels you specify are added to the one already set by the action?
This is totally doable, you can add another step in the workflow that runs the WVA just after UGW. Will update the PR with all the changes mentioned above 🙂 |
Member
|
Thanks!
It's not just not being part of the gradle org - actually we should use SHA pinning for the Gradle-provided action as well, because the same risk exists with that. We're just keen to make sure any action that isn't provided by GitHub themselves is pinned.
Yep, absolutely fine! As long as we can add a specific label, we don't mind which other labels are there. Thanks again |
This action keeps Gradle Wrapper up-to-date to the latest release. It will run every day at midnight (UTC) and create a pull request if a new Gradle version is available. The updated Wrapper script is validated (with checksum verification) during the update process, and the Wrapper is setup so that it will validate the Gradle binary itself on first run of the new version. Here we stick to action version v1.0.9 (74a035c).
Contributor
Author
|
Hey @rnorth I've updated this PR with the requested changes:
Let me know if it looks ok to you 🙂 |
rnorth
approved these changes
Oct 11, 2020
rnorth
reviewed
Oct 11, 2020
rnorth
requested changes
Oct 11, 2020
Member
rnorth
left a comment
rnorth
left a comment
There was a problem hiding this comment.
Sorry, just spotted that the gradle action is not pinned!
Co-authored-by: Richard North <[email protected]>
Contributor
Author
Sure, have committed your suggestion! |
bsideup
added a commit
that referenced
this pull request
Feb 6, 2021
* Simplify `KafkaContainerCluster#start` * When an image version is not specified, use `latest` as the default tag (#3313) * Add workflow for Update Gradle Wrapper Action. (#3297) Co-authored-by: Richard North <[email protected]> * Always continue on error for examples CI (#3339) * Bump snakeyaml from 1.25 to 1.27 in /core (#3252) Bumps [snakeyaml](https://bitbucket.org/asomov/snakeyaml) from 1.25 to 1.27. - [Commits](https://bitbucket.org/asomov/snakeyaml/branches/compare/snakeyaml-1.27..snakeyaml-1.25) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump lombok from 1.18.12 to 1.18.14 in /examples (#3322) Bumps [lombok](https://github.com/rzwitserloot/lombok) from 1.18.12 to 1.18.14. - [Release notes](https://github.com/rzwitserloot/lombok/releases) - [Changelog](https://github.com/rzwitserloot/lombok/blob/master/doc/changelog.markdown) - [Commits](projectlombok/lombok@v1.18.12...v1.18.14) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump r2dbc-mariadb from 0.8.3-beta1 to 0.8.4-rc in /modules/mariadb (#3300) Bumps [r2dbc-mariadb](https://github.com/mariadb-corporation/mariadb-connector-r2dbc) from 0.8.3-beta1 to 0.8.4-rc. - [Release notes](https://github.com/mariadb-corporation/mariadb-connector-r2dbc/releases) - [Changelog](https://github.com/mariadb-corporation/mariadb-connector-r2dbc/blob/master/CHANGELOG.md) - [Commits](https://github.com/mariadb-corporation/mariadb-connector-r2dbc/commits) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump testng from 7.2.0 to 7.3.0 in /examples (#3068) Bumps [testng](https://github.com/cbeust/testng) from 7.2.0 to 7.3.0. - [Release notes](https://github.com/cbeust/testng/releases) - [Changelog](https://github.com/cbeust/testng/blob/master/CHANGES.txt) - [Commits](https://github.com/cbeust/testng/commits) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump assertj-core from 3.17.1 to 3.17.2 in /core (#3251) Bumps [assertj-core](https://github.com/joel-costigliola/assertj-core) from 3.17.1 to 3.17.2. - [Release notes](https://github.com/joel-costigliola/assertj-core/releases) - [Commits](assertj/assertj@assertj-core-3.17.1...assertj-core-3.17.2) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump aws-java-sdk-dynamodb from 1.11.865 to 1.11.880 in /modules/dynalite (#3332) Bumps [aws-java-sdk-dynamodb](https://github.com/aws/aws-sdk-java) from 1.11.865 to 1.11.880. - [Release notes](https://github.com/aws/aws-sdk-java/releases) - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-java@1.11.865...1.11.880) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump mockito-core from 3.5.11 to 3.5.13 in /core (#3275) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump elasticsearch-rest-client from 7.9.1 to 7.9.2 in /modules/elasticsearch (#3276) Bumps [elasticsearch-rest-client](https://github.com/elastic/elasticsearch) from 7.9.1 to 7.9.2. - [Release notes](https://github.com/elastic/elasticsearch/releases) - [Commits](elastic/elasticsearch@v7.9.1...v7.9.2) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Increase memory limits used in example (#3340) For improved test stability * Bump mockito-core from 3.5.11 to 3.5.13 in /modules/junit-jupiter (#3283) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump tomcat-jdbc from 9.0.37 to 9.0.39 in /modules/jdbc-test (#3338) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump junit from 4.13 to 4.13.1 in /examples (#3328) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump mariadb-java-client from 2.6.2 to 2.7.0 in /modules/mariadb (#3278) Bumps [mariadb-java-client](https://github.com/mariadb-corporation/mariadb-connector-j) from 2.6.2 to 2.7.0. - [Release notes](https://github.com/mariadb-corporation/mariadb-connector-j/releases) - [Changelog](https://github.com/mariadb-corporation/mariadb-connector-j/blob/master/CHANGELOG.md) - [Commits](mariadb-corporation/mariadb-connector-j@2.6.2...2.7.0) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump solr-solrj from 8.6.2 to 8.6.3 in /examples (#3321) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump postgresql from 42.2.16 to 42.2.17 in /examples (#3323) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump postgresql from 42.2.16 to 42.2.17 in /modules/junit-jupiter (#3327) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump postgresql from 42.2.16 to 42.2.17 in /modules/spock (#3330) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump tomcat-jdbc from 9.0.37 to 9.0.39 in /modules/jdbc (#3333) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump postgresql from 42.2.16 to 42.2.17 in /modules/postgresql (#3334) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump aws-java-sdk-sqs from 1.11.860 to 1.11.880 in /modules/localstack (#3337) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump httpclient from 4.5.12 to 4.5.13 in /modules/junit-jupiter (#3326) Bumps httpclient from 4.5.12 to 4.5.13. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump httpclient from 4.5.12 to 4.5.13 in /modules/spock (#3329) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump cucumber-junit from 6.7.0 to 6.8.1 in /examples (#3325) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump org.springframework.boot from 2.3.3.RELEASE to 2.3.4.RELEASE in /examples (#3247) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump aws-java-sdk-s3 from 1.11.870 to 1.11.880 in /modules/localstack (#3336) Bumps [aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.11.870 to 1.11.880. - [Release notes](https://github.com/aws/aws-sdk-java/releases) - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-java@1.11.870...1.11.880) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump zt-exec from 1.10 to 1.12 in /core (#3253) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Richard North <[email protected]> * Bump s3 from 2.14.21 to 2.15.7 in /modules/localstack (#3335) Bumps s3 from 2.14.21 to 2.15.7. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump cucumber-java from 6.6.0 to 6.8.1 in /examples (#3324) Bumps [cucumber-java](https://github.com/cucumber/cucumber-jvm) from 6.6.0 to 6.8.1. - [Release notes](https://github.com/cucumber/cucumber-jvm/releases) - [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md) - [Commits](cucumber/cucumber-jvm@v6.6.0...v6.8.1) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Remove GitHub Actions cache restore keys (#3342) For more specific cache matching * Allow users to specify a MongoDB database name (#2980) Co-authored-by: Richard North <[email protected]> * Add GCloud module for Google Cloud Datastore, Firestore, PubSub, and Spanner emulators (#2690) Co-authored-by: Richard North <[email protected]> * Use a lighter weight image for MultiplePortsExposedTest (#3343) * Use a lighter weight image for MultiplePortsExposedTest * Update helloworld container version * docker-machine: get full remote daemon URL, to allow for use of custom daemon port (#2769) (#3237) Co-authored-by: Vitalii Chura <[email protected]> * Fix remote gradle cache 400 InvalidArgument error (#3346) per hint given in https://www.digitalocean.com/community/questions/node-upload-file-to-s3-error-invalidargument-null * Add gcloud endpoint accessors (#3344) Co-authored-by: Sergei Egorov <[email protected]> Co-authored-by: Richard North <[email protected]> Co-authored-by: Cristian Greco <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: silaev <[email protected]> Co-authored-by: Eddú Meléndez Gonzales <[email protected]> Co-authored-by: vcvitaly <[email protected]> Co-authored-by: Vitalii Chura <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hey there 👋, first of all thanks for your work on the TestContainers project!
I've got a suggested change: would you be willing to use this GitHub Action to automatically keep Gradle Wrapper updated to latest release?
What does "Update Gradle Wrapper Action" do? It can be configured to run at scheduled intervals (e.g. daily or weekly) and will check whether the Wrapper script in the repo is up-to-date to the latest Gradle release: in case a new Gradle version is available, it will create a PR to update the Wrapper. And that's it!
Why is that a good thing? Well, first of all it alleviates the chore of manually updating the Wrapper, as you got a task that keeps track of new Gradle releases for you! More importantly, it boosts security around the Wrapper update and usage processes: this actions verifies that the
gradle-wrapper.jarfile has not been tampered with (uses checksum comparison), and it sets thedistributionSha256Sumproperty so that the new Gradle binary itself will be verified locally upon download.Where can I find more about? The README contains quite detailed information!
In this PR I propose adding a new workflow which runs the action every day at midnight (but feel free to adjust the frequency as you prefer). I've verified it works correctly in my fork of the repo, and you can see here how a PR will look like.
The action is under active development, you can have a look at the list of inputs currently supported. There's new features coming up soon and if you'd like to request any particular change just let me know!
I'd love to see the action used by TestContainers and I genuinely hope you can find this useful. Would love your feedback! ❤️