Update to latest plugin version

This commit is contained in:
daz 2023-07-17 15:12:30 -06:00
parent fa27d06744
commit 9f977db2d8
No known key found for this signature in database
6 changed files with 14 additions and 40 deletions

View File

@ -82,12 +82,12 @@ jobs:
run: ./gradlew assemble
working-directory: .github/workflow-samples/groovy-dsl
env:
GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR: job-correlator
GITHUB_JOB_CORRELATOR: job-correlator
- name: Run build
run: ./gradlew build
working-directory: .github/workflow-samples/groovy-dsl
env:
GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR: job-correlator
GITHUB_JOB_CORRELATOR: job-correlator
- name: Check generated dependency graphs
run: |
ls -l dependency-graph-reports

View File

@ -456,32 +456,6 @@ jobs:
run: ./gradlew build
```
### Running multiple builds in a single Job
GitHub tracks dependency snapshots based on the `job.correlator` value that is embedded in the snapshot. When a newer snapshot for an existing correlator is submitted, the previous snapshot is replaced. Snapshots with different `job.correlator` values are additive to the overall dependency graph for the repository.
The `gradle-build-action` will generate a `job.correlator` value based on the workflow name, job id and matrix values. However, if your job steps contains multiple Gradle invocations, then a unique correlator value must be assigned to each. You assign a correlator by setting the `GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR` environment variable.
```yaml
name: dependency-graph
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Gradle to generate and submit dependency graphs
uses: gradle/gradle-build-action@dependency-graph
with:
dependency-graph: generate-and-submit
- name: Run first build using the default job correlator 'dependency-graph-build'
run: ./gradlew build
- name: Run second build providing a unique job correlator
run: ./gradlew test
env:
GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR: dependency-graph-test
```
### Dependency snapshots generated for pull requests
This `contents: write` permission is not available for any workflow that is triggered by a pull request submitted from a forked repository, since it would permit a malicious pull request to make repository changes.

View File

@ -21,10 +21,10 @@ export function setup(option: DependencyGraphOption): void {
core.info('Enabling dependency graph generation')
const jobCorrelator = getJobCorrelator()
core.exportVariable('GITHUB_DEPENDENCY_GRAPH_ENABLED', 'true')
core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR', jobCorrelator)
core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_ID', github.context.runId)
core.exportVariable('GITHUB_JOB_CORRELATOR', jobCorrelator)
core.exportVariable('GITHUB_JOB_ID', github.context.runId)
core.exportVariable(
'GITHUB_DEPENDENCY_GRAPH_REPORT_DIR',
'DEPENDENCY_GRAPH_REPORT_DIR',
path.resolve(layout.workspaceDirectory(), 'dependency-graph-reports')
)
}

View File

@ -3,7 +3,7 @@ buildscript {
maven { url "https://plugins.gradle.org/m2/" }
}
dependencies {
classpath "org.gradle:github-dependency-graph-gradle-plugin:0.0.6"
classpath "org.gradle:github-dependency-graph-gradle-plugin:0.0.7"
}
}
apply plugin: org.gradle.github.GitHubDependencyGraphPlugin

View File

@ -15,10 +15,10 @@ if (GradleVersion.current().baseVersion < GradleVersion.version("5.0")) {
// This is only required for top-level builds
def isTopLevelBuild = gradle.getParent() == null
if (isTopLevelBuild) {
def jobCorrelator = ensureUniqueJobCorrelator(System.env.GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR)
def jobCorrelator = ensureUniqueJobCorrelator(System.env.GITHUB_JOB_CORRELATOR)
if (jobCorrelator == null) {
println "::warning::No dependency snapshot generated for step: report file for '${jobCorrelator}' created in earlier step. Each build invocation requires a unique job correlator: specify GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR var for this step."
println "::warning::No dependency snapshot generated for step: report file for '${jobCorrelator}' created in earlier step. Each build invocation requires a unique job correlator: specify GITHUB_JOB_CORRELATOR var for this step."
return
}
@ -34,7 +34,7 @@ apply from: 'github-dependency-graph-gradle-plugin-apply.groovy'
* - When found, this value is set as a System property override.
*/
String ensureUniqueJobCorrelator(String jobCorrelator) {
def reportDir = System.env.GITHUB_DEPENDENCY_GRAPH_REPORT_DIR
def reportDir = System.env.DEPENDENCY_GRAPH_REPORT_DIR
def reportFile = new File(reportDir, jobCorrelator + ".json")
if (!reportFile.exists()) return jobCorrelator
@ -43,7 +43,7 @@ String ensureUniqueJobCorrelator(String jobCorrelator) {
def candidateCorrelator = jobCorrelator + "-" + i
def candidateFile = new File(reportDir, candidateCorrelator + ".json")
if (!candidateFile.exists()) {
System.properties['org.gradle.github.env.GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR'] = candidateCorrelator
System.properties['GITHUB_JOB_CORRELATOR'] = candidateCorrelator
return candidateCorrelator
}
}

View File

@ -109,12 +109,12 @@ class TestDependencyGraph extends BaseInitScriptTest {
def getEnvVars() {
return [
GITHUB_DEPENDENCY_GRAPH_ENABLED: "true",
GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR: "CORRELATOR",
GITHUB_DEPENDENCY_GRAPH_JOB_ID: "1",
GITHUB_DEPENDENCY_GRAPH_REPORT_DIR: reportsDir.absolutePath,
GITHUB_JOB_CORRELATOR: "CORRELATOR",
GITHUB_JOB_ID: "1",
GITHUB_REF: "main",
GITHUB_SHA: "123456",
GITHUB_WORKSPACE: testProjectDir.absolutePath
GITHUB_WORKSPACE: testProjectDir.absolutePath,
DEPENDENCY_GRAPH_REPORT_DIR: reportsDir.absolutePath
]
}