286 Commits

Author SHA1 Message Date
daz
a4dabb3a70
Adapt dependency-graph support for new artifact API
- Don't upload artifacts when using 'generate-and-submit'
- New option 'generate-and-upload' to be used with 'download-and-submit'
- Use Artifact API for downloading in the same and different workflow
2023-12-23 21:24:11 -07:00
daz
93050d1483
Improvements to cache reporting
- Avoid "Entry not saved: reason unknown" when entry was not restored
- Avoid "Entry not saved: Encryption key not provided" when no config-cache data found
- Avoid spurious log message when no config-cache data found
2023-12-23 12:21:27 -07:00
daz
b3f092e821
Avoid saving config-cache from Gradle < 8.6
Earlier versions of Gradle didn't support the `GRADLE_ENCRYPTION_KEY`
for the configuration-cache, and so are either not useful to save,
or are actually unsafe due to unencrypted secrets.

We use semver to compare the Gradle version used to produce the config-cache
entry with the minimum Gradle version required.
2023-12-23 09:13:46 -07:00
daz
63ce84df08
Don't create entry for non-existant directory
- Filter out config-cache directories that do not exist when constructing
  cache entry definitions
2023-12-23 09:12:30 -07:00
daz
57f3f23714
Improve non-restore behavior for config-cache
- Avoid logging "not restoring" message when no entries exist to restore
- Clear the entries from metadata when they are not restored. This ensures that
  the non-restored entries are correctly purged.
2023-12-23 09:08:40 -07:00
daz
a738af78ea
Provide cache-encryption-key as action input
This makes it easier for users to enable config-cache saving in their workflow.

Config-cache data will only be saved/restored when the key is provided,
and the key is exported as `GRADLE_ENCRYPTION_KEY` for use in subsequent steps.
2023-12-22 12:52:09 -07:00
daz
ae24bf6608
Log completion of post-action step 2023-12-20 19:46:02 -07:00
daz
334a4b8d4d
Reinstate configuration-cache save/restore capability 2023-12-20 17:31:01 -07:00
daz
009bd36b91
Exclude cc-keystore from Gradle User Home 2023-12-20 17:31:01 -07:00
daz
9d6738618d
Support wildcards in cache-excludes 2023-12-20 10:05:25 -07:00
daz
982da8e78c
Attempt to make init-script compatible with Gradle 1.12
The `PluginManager` type wasn't introduced until Gradle 2.x.
Remove this type from the method signature in an attempt to allow this
file to be parsed with Gradle 1.12.
2023-12-19 14:12:27 -07:00
daz
a1980784de
Improve reporting for dependency-graph failure
The previous message was assuming a permissions issue, and was not
including the underlying error message in the response.
2023-12-19 14:05:20 -07:00
daz
8cbcb9948b
Plugin repository URL is configurable
The repository URL used to resolve the `github-dependency-graph-gradle-plugin` is now
configurable, allowing a user to specify an internal proxy if the public portal is not available.

Specify a custom plugin repository using the `GRADLE_PLUGIN_REPOSITORY_URL` env var,
or the `gradle.plugin-repository.url` System property.

Fixes #933
2023-12-11 21:15:34 -07:00
daz
a71aff6a12
Handle failure in cache-cleanup
Do not abort the remainder of the post-action on failure in cache-cleanup.
Instead, just log a warning and continue.

Fixes #858
Fixes #990
2023-12-11 20:38:28 -07:00
daz
77699bae74
Handle failure writing build-results file
Fixes #866
2023-12-11 20:18:58 -07:00
daz
87a9a15658
Use 1.0.0 release of dependency graph plugin 2023-11-27 17:46:35 +10:00
Daz DeBoer
9bca466e27
Make artifact retention configurable
- Added a new `artifact-retention-days` input parameter to control retention of uploaded artifacts
- Artifacts retention will use repository settings if not overridden.
2023-11-09 00:06:31 -07:00
daz
8b6c211905
Bump to RC of github dependency graph plugin 2023-11-08 21:11:42 -08:00
daz
c3bdce8205
Warn on dependency-graph-submit failure
A common issue when submitting a dependency graph is that the required
'contents: write' permission is not set.
We now catch any dependency submission failure and inform the user to check
that the required permissions are available.
2023-09-30 08:47:10 -06:00
daz
f92e7c3428
Improve compat with dependency-review-action
When using 'download-and-submit' for dependency graphs, we now run the
submission immediately instead of waiting until the post-action.
This allows a single job to both submit the graph and run the dependency
review action.
2023-09-29 20:36:16 -06:00
daz
d1b726d8c1 Do not generate dependency graph in cache-cleanup
- Allow environment variables to be overridden by system properties in dependency-graph initscript
- Set `GITHUB_DEPENDENCY_GRAPH_ENABLED=false` when executing Gradle for cache cleanup
2023-09-29 22:55:54 +02:00
daz
324fbdc804
Update to dep-graph plugin 0.4.1 2023-09-29 13:22:08 -06:00
daz
87ccc98a2a Use correct SHA for pull request events
In a pull request, GITHUB_SHA is set to the "last merge commit on the GITHUB_REF branch".
This isn't the correct value to use when generating a dependency graph.
This changes to use the value of `pull_request.head.sha`, which is the correct
value for a dependency graph.

Fixes #882
2023-09-26 15:51:30 +02:00
daz
4441c9f9bf Update to dep-graph plugin 0.4.0 2023-09-26 15:51:30 +02:00
Daz DeBoer
b5126f31db
Use github.getOctokit() for compat with GitHub Enterprise
Thanks @nise-nabe for the inspiration

Fixes #885
2023-09-21 10:55:26 -06:00
Daz DeBoer
ef76a971e2
Simplify GE-inject config params (#863) 2023-08-28 11:59:09 -06:00
daz
05acc776e8
Wire new init-script into action
- Copy init-script to Gradle User Home
- Rename init-scripts for consistency and clarity
2023-08-20 16:29:23 -06:00
daz
97d9c134b7
Add init-script for Gradle Enterprise injection
Adds a new init-script which can enable and configure the Gradle Enterprise plugin(s)
for a build, without needing to modify the settings script for the project.
The functionality is enabled and configured via environment variables or system properties.

Not yet wired into `gradle-build-action`.
2023-08-20 16:29:23 -06:00
daz
a07019c726
Inform Gradle where to locate pre-installed JDKs 2023-08-19 20:14:11 -06:00
daz
3d49588efc
Allow cache to overwrite existing Gradle User Home
Fixes #480
2023-08-19 13:37:53 -06:00
daz
68e1dcdea4
Report the cache as disabled when Gradle User Home exists
Fixes #434
2023-08-19 13:37:49 -06:00
daz
8cade330d4 Include provisioned Gradle version as action output
Fixes #259
2023-08-19 20:37:12 +02:00
daz
193108951e
Improve docs on Gradle User Home caching
- Describe the limitations/properties of the GitHub Actions cache
- Document the algorithm for generating a cache key, and the way that cache entries are matched
- Describe in more detail how entries are de-duplicated
- Explain how cache entries can be optimized in Job pipelines

Fixes #831
Fixes #608
2023-08-17 14:49:12 -06:00
daz
9e58f8b1de
Add dependency-graph-file as step output
Fixes #804
2023-07-24 08:37:14 -06:00
daz
632e888003
Update to the latest dependency-graph plugin
- Remove experimental warning
- Update documentation
2023-07-24 08:37:14 -06:00
daz
ced6859e9c
Update Build Scan™ to Build Scan® 2023-07-22 08:53:58 -06:00
daz
915a66c096
Bump dependency-graph version number 2023-07-17 15:46:14 -06:00
daz
9f977db2d8
Update to latest plugin version 2023-07-17 15:12:30 -06:00
Daz DeBoer
a0fdbb009a
Fix issue locating wrapper bat on windows 2023-07-15 23:04:38 -06:00
daz
f59a6d4310
Avoid log messages for included builds 2023-07-15 22:33:54 -06:00
daz
b69de5f2a9
Support multiple invocations in dependency-graph init script
If an existing dependency graph file is present for the configured job correlator,
we now generate a unique correlator value for the invocation. This allows the action
to submit dependency snapshots for a series of Gradle invocations within the same Job.

This commit updates to `github-dependency-graph-gradle-plugin@v0.0.6`, which reduces
redundancy in the mapping of resolved Gradle dependencies to the GitHub Dependency Graph.
2023-07-15 22:33:31 -06:00
daz
3c11eee5f9
Don't use full path when executing gradlew
Fixes #796
2023-07-13 16:15:54 -06:00
daz
cef72ff9e4
Use latest github-dependency-graph-gradle-plugin 2023-07-10 07:16:49 -06:00
daz
f01b48d89d
Do not attempt dependency graph on unsupported Gradle versions 2023-07-07 20:42:49 -06:00
daz
1e71bceb3f
Supply plugin portal URL directly
The 'gradlePluginPortal()' convenience isn't supported in older Gradle versions.
2023-07-07 20:42:49 -06:00
daz
c0186c5832
Replace spaces with underscore in job correlator 2023-07-07 20:42:49 -06:00
daz
ee7ca6ac9b
Remove defunct generate actions 2023-07-07 20:42:48 -06:00
daz
063cc1c708
Allow flexible use of dependency-graph support
Adds a 'dependency-graph' parameter that has 4 options:
1. 'disabled': no dependency graph files generated (the default)
2. 'generate': dependency graph files will be generated and saved as artifacts.
3. 'generate-and-submit': dependency graph files will be generated, saved as artifacts,
   and submitted to the Dependency Submission API on job completion.
4. 'download-and-submit': any previously uploaded dependency graph artifacts will be downloaded
   and submitted to the Dependency Submission API.
2023-07-07 20:42:48 -06:00
daz
820b228f28
Switch back to using published plugin 2023-07-07 20:42:48 -06:00
daz
d0ffeaa089
Reduce log level for debug message 2023-07-07 20:42:48 -06:00