Merge pull request #7124 from DataDog/bbujon/ci-gradle-dependencies

Add Gradle dependencies update CI  job

.github/workflows/README.md

@@ -40,7 +40,7 @@ _Actions:_
 
 _Recovery:_ Manually trigger the action again on the relevant tag.
 
-## increment-milestones-on-tag [🔗](increment-milestones-on-tag.yaml)
+### increment-milestones-on-tag [🔗](increment-milestones-on-tag.yaml)
 
 _Trigger:_ When creating a tag. Release Candidate tags containing "-RC" or "-rc" will skip this.
 
@@ -53,7 +53,7 @@ _Recovery:_ Manually close the related milestone and create a new one.
 _Notes:_ This actions will handle _minor_ releases only.
 As there is no milestone for _patch_ releases, it won't close and create _patch_ releated milestone.
 
-## update-download-releases [🔗](update-download-releases.yaml)
+### update-download-releases [🔗](update-download-releases.yaml)
 
 _Trigger:_ When a release is published.
 
@@ -63,7 +63,7 @@ _Recovery:_ Download artifacts and upload them manually to the related _download
 
 _Notes:_ _Download releases_ are special GitHub releases with fixed URL and tags, but rolling artifacts to provided stable download links (ex [latest](https://github.com/DataDog/dd-trace-java/releases/tag/download-latest) and [latest-v1](https://github.com/DataDog/dd-trace-java/releases/tag/download-latest-v1)).
 
-## update-issues-on-release [🔗](update-issues-on-release.yaml)
+### update-issues-on-release [🔗](update-issues-on-release.yaml)
 
 _Trigger:_ When a release is published. Releases of type `prereleased` should skip this.
 
@@ -94,6 +94,14 @@ _Trigger:_ When pushing commits to `master`.
 
 _Action:_ Run GitHub CodeQL action, upload result to GitHub security tab and DataDog Code Analysis.
 
+### update-gradle-dependencies [🔗](trivy-analysis.yml)
+
+_Trigger:_ Every week or manually.
+
+_Action:_ Update the Grade dependencies and their locking files.
+
+_Recovery:_ Manually trigger the action again.
+
 ### trivy-analysis [🔗](trivy-analysis.yml)
 
 _Trigger:_ When pushing commits to `master` or any pull request to `master`.

.github/workflows/update-gradle-dependencies.yaml

@@ -0,0 +1,43 @@
+name: Update Gradle dependencies
+on:
+  schedule:
+    - cron: '0 4 * * 0'
+  workflow_dispatch:
+
+jobs:
+  update-gradle-dependencies:
+    runs-on: ubuntu-latest
+    name: Update Gradle dependencies
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
+        with:
+          submodules: 'recursive'
+      - name: Pick a branch name
+        run: echo "BRANCH_NAME=ci/update-gradle-dependencies-$(date +'%Y%m%d')" >> $GITHUB_ENV
+      - name: Create branch
+        run: |
+          git checkout -b $BRANCH_NAME
+      - name: Update Gradle dependencies
+        run: |
+          GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G'" \
+          JAVA_HOME=$JAVA_HOME_8_X64 \
+          JAVA_8_HOME=$JAVA_HOME_8_X64 \
+          JAVA_11_HOME=$JAVA_HOME_11_X64 \
+          JAVA_17_HOME=$JAVA_HOME_17_X64 \
+          JAVA_21_HOME=$JAVA_HOME_21_X64 \
+          ./gradlew resolveAndLockAll --write-locks --parallel --stacktrace --no-daemon --max-workers=4
+      - name: Create pull request
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add **/gradle.lockfile
+          git commit -m "chore: Update Gradle dependencies"
+          git push -u origin $BRANCH_NAME
+          gh pr create --title "Update Gradle dependencies" \
+            --body "This PR updates the Gradle dependencies" \
+            --base master \
+            --label "tag: dependencies" \
+            --label "tag: no release notes"