Commit graph

268 commits

Author SHA1 Message Date
daz
c3bdce8205
Warn on dependency-graph-submit failure
A common issue when submitting a dependency graph is that the required
'contents: write' permission is not set.
We now catch any dependency submission failure and inform the user to check
that the required permissions are available.
2023-09-30 08:47:10 -06:00
daz
f92e7c3428
Improve compat with dependency-review-action
When using 'download-and-submit' for dependency graphs, we now run the
submission immediately instead of waiting until the post-action.
This allows a single job to both submit the graph and run the dependency
review action.
2023-09-29 20:36:16 -06:00
daz
d1b726d8c1 Do not generate dependency graph in cache-cleanup
- Allow environment variables to be overridden by system properties in dependency-graph initscript
- Set `GITHUB_DEPENDENCY_GRAPH_ENABLED=false` when executing Gradle for cache cleanup
2023-09-29 22:55:54 +02:00
daz
324fbdc804
Update to dep-graph plugin 0.4.1 2023-09-29 13:22:08 -06:00
daz
87ccc98a2a Use correct SHA for pull request events
In a pull request, GITHUB_SHA is set to the "last merge commit on the GITHUB_REF branch".
This isn't the correct value to use when generating a dependency graph.
This changes to use the value of `pull_request.head.sha`, which is the correct
value for a dependency graph.

Fixes #882
2023-09-26 15:51:30 +02:00
daz
4441c9f9bf Update to dep-graph plugin 0.4.0 2023-09-26 15:51:30 +02:00
Daz DeBoer
b5126f31db
Use github.getOctokit() for compat with GitHub Enterprise
Thanks @nise-nabe for the inspiration

Fixes #885
2023-09-21 10:55:26 -06:00
Daz DeBoer
ef76a971e2
Simplify GE-inject config params (#863) 2023-08-28 11:59:09 -06:00
daz
05acc776e8
Wire new init-script into action
- Copy init-script to Gradle User Home
- Rename init-scripts for consistency and clarity
2023-08-20 16:29:23 -06:00
daz
97d9c134b7
Add init-script for Gradle Enterprise injection
Adds a new init-script which can enable and configure the Gradle Enterprise plugin(s)
for a build, without needing to modify the settings script for the project.
The functionality is enabled and configured via environment variables or system properties.

Not yet wired into `gradle-build-action`.
2023-08-20 16:29:23 -06:00
daz
a07019c726
Inform Gradle where to locate pre-installed JDKs 2023-08-19 20:14:11 -06:00
daz
3d49588efc
Allow cache to overwrite existing Gradle User Home
Fixes #480
2023-08-19 13:37:53 -06:00
daz
68e1dcdea4
Report the cache as disabled when Gradle User Home exists
Fixes #434
2023-08-19 13:37:49 -06:00
daz
8cade330d4 Include provisioned Gradle version as action output
Fixes #259
2023-08-19 20:37:12 +02:00
daz
193108951e
Improve docs on Gradle User Home caching
- Describe the limitations/properties of the GitHub Actions cache
- Document the algorithm for generating a cache key, and the way that cache entries are matched
- Describe in more detail how entries are de-duplicated
- Explain how cache entries can be optimized in Job pipelines

Fixes #831
Fixes #608
2023-08-17 14:49:12 -06:00
daz
9e58f8b1de
Add dependency-graph-file as step output
Fixes #804
2023-07-24 08:37:14 -06:00
daz
632e888003
Update to the latest dependency-graph plugin
- Remove experimental warning
- Update documentation
2023-07-24 08:37:14 -06:00
daz
ced6859e9c
Update Build Scan™ to Build Scan® 2023-07-22 08:53:58 -06:00
daz
915a66c096
Bump dependency-graph version number 2023-07-17 15:46:14 -06:00
daz
9f977db2d8
Update to latest plugin version 2023-07-17 15:12:30 -06:00
Daz DeBoer
a0fdbb009a
Fix issue locating wrapper bat on windows 2023-07-15 23:04:38 -06:00
daz
f59a6d4310
Avoid log messages for included builds 2023-07-15 22:33:54 -06:00
daz
b69de5f2a9
Support multiple invocations in dependency-graph init script
If an existing dependency graph file is present for the configured job correlator,
we now generate a unique correlator value for the invocation. This allows the action
to submit dependency snapshots for a series of Gradle invocations within the same Job.

This commit updates to `github-dependency-graph-gradle-plugin@v0.0.6`, which reduces
redundancy in the mapping of resolved Gradle dependencies to the GitHub Dependency Graph.
2023-07-15 22:33:31 -06:00
daz
3c11eee5f9
Don't use full path when executing gradlew
Fixes #796
2023-07-13 16:15:54 -06:00
daz
cef72ff9e4
Use latest github-dependency-graph-gradle-plugin 2023-07-10 07:16:49 -06:00
daz
f01b48d89d
Do not attempt dependency graph on unsupported Gradle versions 2023-07-07 20:42:49 -06:00
daz
1e71bceb3f
Supply plugin portal URL directly
The 'gradlePluginPortal()' convenience isn't supported in older Gradle versions.
2023-07-07 20:42:49 -06:00
daz
c0186c5832
Replace spaces with underscore in job correlator 2023-07-07 20:42:49 -06:00
daz
ee7ca6ac9b
Remove defunct generate actions 2023-07-07 20:42:48 -06:00
daz
063cc1c708
Allow flexible use of dependency-graph support
Adds a 'dependency-graph' parameter that has 4 options:
1. 'disabled': no dependency graph files generated (the default)
2. 'generate': dependency graph files will be generated and saved as artifacts.
3. 'generate-and-submit': dependency graph files will be generated, saved as artifacts,
   and submitted to the Dependency Submission API on job completion.
4. 'download-and-submit': any previously uploaded dependency graph artifacts will be downloaded
   and submitted to the Dependency Submission API.
2023-07-07 20:42:48 -06:00
daz
820b228f28
Switch back to using published plugin 2023-07-07 20:42:48 -06:00
daz
d0ffeaa089
Reduce log level for debug message 2023-07-07 20:42:48 -06:00
daz
4c9c435d2f
Configure Gradle User Home for dependency-graph
Instead of requiring an action step to generate the graph, configure Gradle User Home
so that subsequent Gradle invocations can generate a graph. Any generated graph files
are uploaded as artifacts on job completion.

- Construct job.correlator from workflow/job/matrix
- Export job.correlator as an environment var
- Upload artifacts at job completion in post-action step
- Specify the location of dependency graph report
- Only apply dependency graph init script when explicitly enabled
2023-07-07 20:42:48 -06:00
daz
a6ad1901be
Copy dependency graph init script to Gradle Home
- Temporarily use a hard-coded plugin for convenience
2023-07-07 20:42:48 -06:00
daz
626d937994
Remove commas from workflow name
Commas are explicitly disallowed in cache keys, so remove any from
workflow name when generating cache key.
2023-06-29 10:01:14 -06:00
daz
be413309fa
First cut at actions for dependency-graph
- Dependency graph init-script references published version of plugin jar.
- `dependency-graph-generate` action will:
     - Provision Gradle if required
     - Execute Gradle with dependency-graph plugin to generate graph JSON
     - Upload dependency-graph JSON file as workflow artifact
- `dependency-graph-submit` action will:
    - Download dependency-graph JSON artifact
    - Submit the graph via the GitHub dependency submission API
2023-06-28 11:24:57 -06:00
daz
07023d3e3e
Refactor input parameters
Moved reading of all input parameters into a common source: `input-params.ts`.
This centralized all input parameter reads, and allowed an improved implementation
of reading boolean parameters. In particular, the implementation now provides a default
value for a boolean input parameter that isn't declared for an action.
2023-06-06 10:47:56 -06:00
daz
c94d573317
Refactor action execution for reuse
Introducing new actions for the GitHub dependency graph will involve reuse of much of
the action infrastructure. This commit reorganises things a little to facilitate reuse.
2023-06-03 14:09:52 -06:00
daz
2bf6bc3646
Include workflow name in cache key
Fixes #699 by avoiding cache key collisions between jobs with the
same name in different workflows.
2023-05-23 14:59:12 -06:00
daz
d23c38fad3
Remove incorrect comment 2023-05-04 08:25:28 -06:00
daz
a580d9bd57
Detect GE plugin applied in settingsEvaluated
The `PluginManager.hasPlugin` method was not detecting the GE plugin when it
was applied during settingsEvaluated.
Switching to `PluginManager.withPlugin` fixes this.

Fixes #626
2023-04-26 10:49:32 -06:00
Daz DeBoer
eb126d771e
Update for Gradle 8.1 release
With Gradle 8.1, the configuration-cache has changed and is now stable. 
As a temporary measure, this commit disables save/restore of the configuration-cache
data to avoid issues until we can deal with this change properly.
2023-04-14 16:23:09 -06:00
Jonathan Leitschuh
887e0bda35
Fix typo (#655)
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
2023-04-04 20:22:54 -06:00
Daz DeBoer
6095a76664
Update tests for Gradle 8 2023-02-18 13:25:58 -07:00
Daz DeBoer
b47aad4750
Remove use of deprecated fs.rmdir
Using fs.rm({recursive: true}) instead.

Fixes #502
2023-02-06 12:40:03 -07:00
Daz DeBoer
e444647395
Save/restore extracted JDK instead of archive
Gradle 7.6 changes the way the downloaded JDKs are saved and extracted.
To workaround this difference, save and restore the extracted JDK instead.
2022-12-07 20:07:40 +13:00
Daz DeBoer
3fbe033aaa
Retain 'set-output' command when GITHUB_OUTPUT is not set
This should maintain compatibility with older GitHub Enterprise versions
2022-10-22 08:20:16 -06:00
Daz DeBoer
3b959539de
Remove use of deprecated 'set-output' command
- Use GITHUB_OUTPUT file in init script
- Write to a marker file in configuratiion-cache tests

Fixes #461
2022-10-20 14:09:12 -06:00
Daz DeBoer
394498f89f
Avoid appending to existing build-results file
When configuration-cache is enabled, the invocationId may not be unique, which can result in
mulitple builds writing to the same file. Rather than failing the post-action, we simply
ignore any subsequent build results with the same ID.

Fixes #441
2022-09-26 11:03:26 -06:00
Daz DeBoer
0e4b100458
Use node to set file timestamps
Using `find` and `touch` will not work on windows, so this provides a
cross-platform mechanism.
2022-08-26 09:04:11 -06:00