chore(deps): bump gradle/actions from 5.0.2 to 6.0.1 in /.github/actions/setup-gradle

[dependabot]

Bumps gradle/actions from 5.0.2 to 6.0.1.

Release notes

Sourced from gradle/actions's releases.

v6.0.1

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

The license changes in v6 introduced a gradle-actions-caching license notice that is printed in logs and in each job summary.

With this release, the license notice will be muted if build-scan terms have been accepted, or if a Develocity access key is provided.

What's Changed

• Bump actions used in docs by @​Goooler in gradle/actions#792
• Add typing information for use by typesafegithub by @​bigdaz in gradle/actions#910
• Mute license warning when terms are accepted by @​bigdaz in gradle/actions#911
• Mention explicit license acceptance in notice by @​bigdaz in gradle/actions#912
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to 2.21.2 in /sources/test/init-scripts in the gradle group across 1 directory by @​dependabot[bot] in gradle/actions#907

Full Changelog: gradle/actions@v6.0.0...v6.0.1

v6.0.0

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

• Caching functionality of 'gradle-actions' has been extracted into a separate gradle-actions-caching library, and is no longer open-source. See this blog post for more context.
• Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in gradle-actions-caching.
• Dependencies updated to address security vulnerabilities

[!IMPORTANT]

Licensing notice

The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License. The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at https://gradle.com/legal/terms-of-use/.

The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.

Use of the `gradle-actions-caching` component is subject to a separate license, available at https://gradle.com/legal/terms-of-use/. If you do not agree to these license terms, do not use the `gradle-actions-caching` component.

What's Changed

• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot[bot] in gradle/actions#866
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#868
• Dependency updates by @​bigdaz in gradle/actions#876
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#878
• Bump @​types/node from 25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1 directory by @​dependabot[bot] in gradle/actions#877

... (truncated)

Commits

• 39e147c [bot] Update dist directory
• 14ac3d6 Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to...
• 81fec7a Mention explicit license acceptance in notice (#912)
• 4ac5b01 [bot] Update dist directory
• f64284c Mute license warning when terms are accepted (#911)
• c2457a7 Update tagging instructions for release
• 8205114 Update Gradle version compatibility information
• 6710000 Add typing information for use by typesafegithub (#910)
• 3d0e2a8 Pin version for github actions
• f663ed9 Ignore internal action files for type validation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[rafaeltonholo]

@wmontwe, we have a few options to consider:

1. We can continue using gradle/actions/setup-gradle, but set cache-disabled: true and utilize actions/cache for caching. However, the issue is that once we upgrade to v6, we technically agree to their Terms of Use, which is quite problematic, as you pointed out:

   By submitting User Submissions through the Services, you hereby do and shall grant Gradle a worldwide, non-exclusive, perpetual, royalty-free, fully paid, sublicensable and transferable license to use, edit, modify, truncate, aggregate, reproduce, distribute, prepare derivative works of, display, perform, and otherwise fully exploit the User Submissions in connection with this site, the Services and our (and our successors’ and assigns’) businesses, including without limitation for promoting and redistributing part or all of this site or the Services (and derivative works thereof) in any media formats and through any media channels (including, without limitation, third party websites and feeds), and including after your termination of your account or the Services.

   https://blog.gradle.org/github-actions-for-gradle-v6#whats-changing

   I would prefer to avoid this, to be honest.

2. We could migrate to another GitHub Action, such as the one found at https://github.com/burrunan/gradle-cache-action, which would support both caching and Gradle setup (Not 100% sure about the setup part). The downside is we need to ensure it's a reliable and up-to-date action. I currently use this one in my svg-to-compose project, but it is quite outdated now. Note that burrunan/gradle-cache-action might not provide sufficient support for setting up Gradle.

3. We could create our own Gradle configuration and cache it using actions/cache. This option would be the safest, although it would require more time and effort.

4. We can check if we can just rely on actions/java to setup and cache. Something like:

      - name: Set up JDK
        uses: actions/setup-java@v5
        with:
          distribution: temurin
          java-version: '21'
          cache: gradle
          cache-dependency-path: |
            **/*.gradle*
            **/gradle-wrapper.properties
            gradle/*.versions.toml
   
      - name: Ensure Gradle Wrapper is executable
        run: chmod +x ./gradlew

   That might be the best short-term solution.

Let me know your thoughts on these options!