From 1959d886c7addbb6db106b88949595132a3d7284 Mon Sep 17 00:00:00 2001
From: Gasper Kojek <gkojek@gradle.com>
Date: Thu, 16 Oct 2025 13:44:34 +0100
Subject: [PATCH 1/2] Upgrade Gradle GitHub Actions to v5 and add failure
 notifications

- Update gradle/actions/setup-gradle from v4 to v5
- Update gradle/actions/dependency-submission from v4 to v5
- Add id-token write permission to nightly workflow
- Add Slack failure notification job to nightly workflow

Signed-off-by: Gasper Kojek <gkojek@gradle.com>
---
 .../workflows/build-verification-nightly.yml  | 29 ++++++++++++++++++-
 .github/workflows/build-verification.yml      |  2 +-
 .../submit-github-dependency-graph.yml        |  2 +-
 .../workflows/wrapper-upgrade-execution.yml   |  2 +-
 4 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-verification-nightly.yml b/.github/workflows/build-verification-nightly.yml
index ef843d03..454c9a0b 100644
--- a/.github/workflows/build-verification-nightly.yml
+++ b/.github/workflows/build-verification-nightly.yml
@@ -1,6 +1,7 @@
 name: Verify Build (Nightly)
 permissions:
   contents: read
+  id-token: write
 on:
   schedule:
     - cron: '0 4 * * *'
@@ -22,7 +23,7 @@ jobs:
           java-version: '21'
           distribution: 'temurin'
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@v5
         with:
           develocity-access-key: ${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}
           gradle-version: 'release-candidate'
@@ -105,3 +106,29 @@ jobs:
       - name: Run a build with the locally published plugin
         run: gradle help "-Dscan.value.gradle-version=${{ matrix.gradle-version }}" "-Dscan.value.java-version=${{ matrix.java-version }}"
         working-directory: ${{ runner.temp }}
+
+  failure-notification:
+    name: Matrix failure notification
+    runs-on: ubuntu-latest
+    needs:
+      - verification
+      - local-test
+    if: failure()
+    steps:
+      - name: Get secrets
+        uses: gradle/actions-internal/get-aws-secrets@v1
+        with:
+          role-to-assume: arn:aws:iam::992382829881:role/GHASecrets_common-custom-user-data-gradle-plugin_all
+          secret-ids: |
+            DV_SOLUTIONS_SCHEDULED_WORKFLOWS_WEBHOOK_URL,gha/common-custom-user-data-gradle-plugin/_all/dv_solutions_scheduled_workflows_webhook_url
+      - name: Report scheduled workflow failure
+        uses: slackapi/slack-github-action@v2.1.1
+        with:
+          webhook: ${{ env.DV_SOLUTIONS_SCHEDULED_WORKFLOWS_WEBHOOK_URL }}
+          webhook-type: webhook-trigger
+          payload-templated: true
+          payload: |
+            {
+              "workflow_name": "Verify Build (Nightly)",
+              "workflow_run_url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+            }
diff --git a/.github/workflows/build-verification.yml b/.github/workflows/build-verification.yml
index fb2bc1ff..44d85c9f 100644
--- a/.github/workflows/build-verification.yml
+++ b/.github/workflows/build-verification.yml
@@ -16,7 +16,7 @@ jobs:
           java-version: '21'
           distribution: 'temurin'
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@v5
         with:
           develocity-access-key: ${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}
       - name: Build and publish to Maven Local with Gradle
diff --git a/.github/workflows/submit-github-dependency-graph.yml b/.github/workflows/submit-github-dependency-graph.yml
index 45c22eb2..ae0fd11d 100644
--- a/.github/workflows/submit-github-dependency-graph.yml
+++ b/.github/workflows/submit-github-dependency-graph.yml
@@ -17,6 +17,6 @@ jobs:
         distribution: temurin
         java-version: 21
     - name: Submit dependency graph
-      uses: gradle/actions/dependency-submission@v4
+      uses: gradle/actions/dependency-submission@v5
       with:
         develocity-access-key: ${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}
diff --git a/.github/workflows/wrapper-upgrade-execution.yml b/.github/workflows/wrapper-upgrade-execution.yml
index 6567cc18..e77279e8 100644
--- a/.github/workflows/wrapper-upgrade-execution.yml
+++ b/.github/workflows/wrapper-upgrade-execution.yml
@@ -30,7 +30,7 @@ jobs:
           java-version: '21'
           distribution: 'temurin'
       - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@v5
         with:
           develocity-access-key: ${{ secrets.DV_SOLUTIONS_ACCESS_KEY }}
       - name: Upgrade Wrappers

From cf49729422b9b8beb612c4431556728b6f7adf92 Mon Sep 17 00:00:00 2001
From: Gasper Kojek <gkojek@gradle.com>
Date: Thu, 16 Oct 2025 13:53:42 +0100
Subject: [PATCH 2/2] Updated nightly failure slack message

---
 .github/workflows/build-verification-nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-verification-nightly.yml b/.github/workflows/build-verification-nightly.yml
index 454c9a0b..fa153cbb 100644
--- a/.github/workflows/build-verification-nightly.yml
+++ b/.github/workflows/build-verification-nightly.yml
@@ -129,6 +129,6 @@ jobs:
           payload-templated: true
           payload: |
             {
-              "workflow_name": "Verify Build (Nightly)",
+              "workflow_name": "CCUD Gradle: Verify Build (Nightly)",
               "workflow_run_url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
             }