Always initialize encryption key

2024-10-18 19:51:18 +08:00 · 2024-01-02 14:28:29 -07:00 · 2024-01-02 14:28:29 -07:00 · 270f30ba56
commit 270f30ba56
parent c00a847f3f
7 changed files with 20 additions and 27 deletions
--- a/.github/workflows/integ-test-restore-configuration-cache.yml
+++ b/.github/workflows/integ-test-restore-configuration-cache.yml
@ -11,6 +11,9 @@ on:
      download-dist:
        type: boolean
        default: false
+    secrets:
+      GRADLE_ENCRYPTION_KEY:
+        required: true

 env:
  DOWNLOAD_DIST: ${{ inputs.download-dist }}
--- a/dist/main/index.js
+++ b/dist/main/index.js
@ -138610,6 +138610,10 @@ class GradleStateCache {
        const initScriptsDir = path_1.default.resolve(this.gradleUserHome, 'init.d');
        fs_1.default.mkdirSync(initScriptsDir, { recursive: true });
        this.initializeGradleUserHome(this.gradleUserHome, initScriptsDir);
+        const encryptionKey = params.getCacheEncryptionKey();
+        if (encryptionKey) {
+            core.exportVariable('GRADLE_ENCRYPTION_KEY', encryptionKey);
+        }
    }
    cacheOutputExists() {
        const cachesDir = path_1.default.resolve(this.gradleUserHome, 'caches');
@ -138946,7 +138950,6 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.ConfigurationCacheEntryExtractor = exports.GradleHomeEntryExtractor = void 0;
 const path_1 = __importDefault(__nccwpck_require__(71017));
 const fs_1 = __importDefault(__nccwpck_require__(57147));
-const crypto_1 = __importDefault(__nccwpck_require__(6113));
 const core = __importStar(__nccwpck_require__(42186));
 const glob = __importStar(__nccwpck_require__(28090));
 const semver = __importStar(__nccwpck_require__(11383));
@ -139184,8 +139187,6 @@ class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
                this.markNotRestored(listener, 'Encryption Key was not provided');
                return;
            }
-            const encryptionKey = this.getAESEncryptionKey();
-            core.exportVariable('GRADLE_ENCRYPTION_KEY', encryptionKey);
            return yield _super.restore.call(this, listener);
        });
    }
@ -139217,11 +139218,6 @@ class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
            yield _super.extract.call(this, listener);
        });
    }
-    getAESEncryptionKey() {
-        const secret = params.getCacheEncryptionKey();
-        const key = crypto_1.default.pbkdf2Sync(secret, '', 1000, 16, 'sha256');
-        return key.toString('base64');
-    }
    getExtractedCacheEntryDefinitions() {
        const groupedResults = this.getConfigCacheDirectoriesWithAssociatedBuildResults();
        return Object.entries(groupedResults).map(([configCachePath, pathResults]) => {
--- a/dist/main/index.js.map
+++ b/dist/main/index.js.map
--- a/dist/post/index.js
+++ b/dist/post/index.js
@ -136063,6 +136063,10 @@ class GradleStateCache {
        const initScriptsDir = path_1.default.resolve(this.gradleUserHome, 'init.d');
        fs_1.default.mkdirSync(initScriptsDir, { recursive: true });
        this.initializeGradleUserHome(this.gradleUserHome, initScriptsDir);
+        const encryptionKey = params.getCacheEncryptionKey();
+        if (encryptionKey) {
+            core.exportVariable('GRADLE_ENCRYPTION_KEY', encryptionKey);
+        }
    }
    cacheOutputExists() {
        const cachesDir = path_1.default.resolve(this.gradleUserHome, 'caches');
@ -136399,7 +136403,6 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.ConfigurationCacheEntryExtractor = exports.GradleHomeEntryExtractor = void 0;
 const path_1 = __importDefault(__nccwpck_require__(71017));
 const fs_1 = __importDefault(__nccwpck_require__(57147));
-const crypto_1 = __importDefault(__nccwpck_require__(6113));
 const core = __importStar(__nccwpck_require__(42186));
 const glob = __importStar(__nccwpck_require__(28090));
 const semver = __importStar(__nccwpck_require__(11383));
@ -136637,8 +136640,6 @@ class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
                this.markNotRestored(listener, 'Encryption Key was not provided');
                return;
            }
-            const encryptionKey = this.getAESEncryptionKey();
-            core.exportVariable('GRADLE_ENCRYPTION_KEY', encryptionKey);
            return yield _super.restore.call(this, listener);
        });
    }
@ -136670,11 +136671,6 @@ class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
            yield _super.extract.call(this, listener);
        });
    }
-    getAESEncryptionKey() {
-        const secret = params.getCacheEncryptionKey();
-        const key = crypto_1.default.pbkdf2Sync(secret, '', 1000, 16, 'sha256');
-        return key.toString('base64');
-    }
    getExtractedCacheEntryDefinitions() {
        const groupedResults = this.getConfigCacheDirectoriesWithAssociatedBuildResults();
        return Object.entries(groupedResults).map(([configCachePath, pathResults]) => {
--- a/dist/post/index.js.map
+++ b/dist/post/index.js.map
--- a/src/cache-base.ts
+++ b/src/cache-base.ts
@ -26,6 +26,7 @@ export class GradleStateCache {
    }

    init(): void {
+        // Copy init-scripts to Gradle User Home
        const actionCacheDir = path.resolve(this.gradleUserHome, '.gradle-build-action')
        fs.mkdirSync(actionCacheDir, {recursive: true})

@ -33,6 +34,12 @@ export class GradleStateCache {
        fs.mkdirSync(initScriptsDir, {recursive: true})

        this.initializeGradleUserHome(this.gradleUserHome, initScriptsDir)
+
+        // Export the GRADLE_ENCRYPTION_KEY variable if provided
+        const encryptionKey = params.getCacheEncryptionKey()
+        if (encryptionKey) {
+            core.exportVariable('GRADLE_ENCRYPTION_KEY', encryptionKey)
+        }
    }

    cacheOutputExists(): boolean {
--- a/src/cache-extract-entries.ts
+++ b/src/cache-extract-entries.ts
@ -1,6 +1,5 @@
 import path from 'path'
 import fs from 'fs'
-import crypto from 'crypto'
 import * as core from '@actions/core'
 import * as glob from '@actions/glob'
 import * as semver from 'semver'
@ -383,8 +382,6 @@ export class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
            return
        }

-        const encryptionKey = this.getAESEncryptionKey()
-        core.exportVariable('GRADLE_ENCRYPTION_KEY', encryptionKey)
        return await super.restore(listener)
    }

@ -416,12 +413,6 @@ export class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
        await super.extract(listener)
    }

-    private getAESEncryptionKey(): string | undefined {
-        const secret = params.getCacheEncryptionKey()
-        const key = crypto.pbkdf2Sync(secret, '', 1000, 16, 'sha256')
-        return key.toString('base64')
-    }
-
    /**
     * Extract cache entries for the configuration cache in each project.
     */