actions/dependency-submission/action.yml

name: Gradle Dependency Submission
description: Generates a dependency graph for a Gradle project and submits it via the Dependency Submission API

inputs:
  # Gradle execution configuration
  gradle-version:
    description: |
      Gradle version to use. If specified, this Gradle version will be downloaded, added to the PATH and used for invoking Gradle.
      If not provided, it is assumed that the project uses the Gradle Wrapper.
    required: false

  build-root-directory:
    description: Path to the root directory of the build. Default is the root of the GitHub workspace.
    required: false

  dependency-resolution-task:
    description: |
      Task(s) that should be executed in order to resolve all project dependencies.
      By default, the built-in `:ForceDependencyResolutionPlugin_resolveAllDependencies` task is executed.
    required: false

  additional-arguments:
    description: |
      Additional arguments to pass to Gradle when generating the dependency graph.
      For example, `--no-configuration-cache --stacktrace`.
    required: false

  # Cache configuration
  cache-disabled:
    description: When 'true', all caching is disabled. No entries will be written to or read from the cache.
    required: false
    default: false

  cache-read-only:
    description: |
      When 'true', existing entries will be read from the cache but no entries will be written.
      By default this value is 'false' for workflows on the GitHub default branch and 'true' for workflows on other branches.
    required: false
    default: ${{ github.event.repository != null && github.ref_name != github.event.repository.default_branch }}

  cache-write-only:
    description: |
      When 'true', entries will not be restored from the cache but will be saved at the end of the Job.
      Setting this to 'true' implies cache-read-only will be 'false'.
    required: false
    default: false

  cache-overwrite-existing:
    description: When 'true', a pre-existing Gradle User Home will not prevent the cache from being restored.
    required: false
    default: false

  cache-encryption-key:
    description: |
      A base64 encoded AES key used to encrypt the configuration-cache data. The key is exported as 'GRADLE_ENCRYPTION_KEY' for later steps.
      A suitable key can be generated with `openssl rand -base64 16`.
      Configuration-cache data will not be saved/restored without an encryption key being provided.
    required: false

  cache-cleanup:
    description: |
      Specifies if the action should attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
      By default ('on-success'), cleanup is performed when all Gradle builds succeed for the Job. 
      This behaviour can be disabled ('never'), or configured to always run irrespective of the build outcome ('always').
      Valid values are 'never', 'on-success' and 'always'.
    required: false
    default: 'on-success'

  gradle-home-cache-cleanup:
    description: When 'true', the action will attempt to remove any stale/unused entries from the Gradle User Home prior to saving to the GitHub Actions cache.
    required: false
    deprecation-message: This input has been superceded by the 'cache-cleanup' input parameter.

  gradle-home-cache-includes:
    description: Paths within Gradle User Home to cache.
    required: false
    default: |
        caches
        notifications

  gradle-home-cache-excludes:
    description: Paths within Gradle User Home to exclude from cache.
    required: false

  # Job summary configuration
  add-job-summary:
    description: Specifies when a Job Summary should be inluded in the action results. Valid values are 'never', 'always' (default), and 'on-failure'.
    required: false
    default: 'always'

  add-job-summary-as-pr-comment:
    description: Specifies when each Job Summary should be added as a PR comment. Valid values are 'never' (default), 'always', and 'on-failure'. No action will be taken if the workflow was not triggered from a pull request.
    required: false
    default: 'never'

  # Dependency Graph configuration
  dependency-graph:
    description: |
      Specifies how the dependency-graph should be handled by this action. By default a dependency-graph will be generated and submitted.
      Valid values are:
        'generate-and-submit' (default): Generates a dependency graph for the project and submits it in the same Job.
        'generate-and-upload': Generates a dependency graph for the project and saves it as a workflow artifact.
        'download-and-submit': Retrieves a previously saved dependency-graph and submits it to the repository.

      The `generate-and-upload` and `download-and-submit` options are designed to be used in an untrusted workflow scenario,
      where the workflow generating the dependency-graph cannot (or should not) be given the `contents: write` permissions
      required to submit via the Dependency Submission API.
    required: false
    default: 'generate-and-submit'

  dependency-graph-report-dir:
    description: |
      Specifies where the dependency graph report will be generated. 
      Paths can relative or absolute. Relative paths are resolved relative to the workspace directory.
    required: false
    default: 'dependency-graph-reports'

  dependency-graph-continue-on-failure:
    description: When 'false' a failure to generate or submit a dependency graph will fail the Step or Job. When 'true' a warning will be emitted but no failure will result.
    required: false
    default: false

  dependency-graph-exclude-projects:
    description: |
      Gradle projects that should be excluded from dependency graph (regular expression).
      When set, any matching project will be excluded.
    required: false

  dependency-graph-include-projects:
    description: |
      Gradle projects that should be included in dependency graph (regular expression). 
      When set, only matching projects will be included.
    required: false

  dependency-graph-exclude-configurations:
    description: |
      Gradle configurations that should be included in dependency graph (regular expression). 
      When set, anymatching configurations will be excluded.
    required: false

  dependency-graph-include-configurations:
    description: |
      Gradle configurations that should be included in dependency graph (regular expression). 
      When set, only matching configurations will be included.
    required: false

  artifact-retention-days:
    description: Specifies the number of days to retain any artifacts generated by the action. If not set, the default retention settings for the repository will apply.
    required: false
    default: 1

  # Build Scan configuration
  build-scan-publish:
    description: |
      Set to 'true' to automatically publish build results as a Build Scan on scans.gradle.com.
      For publication to succeed without user input, you must also provide values for `build-scan-terms-of-use-url` and 'build-scan-terms-of-use-agree'.
    required: false
    default: false

  build-scan-terms-of-use-url:
    description: The URL to the Build Scan® terms of use. This input must be set to 'https://gradle.com/terms-of-service' or 'https://gradle.com/help/legal-terms-of-use'.
    required: false

  build-scan-terms-of-use-agree:
    description: Indicate that you agree to the Build Scan® terms of use. This input value must be "yes".
    required: false

  develocity-access-key:
    description: Develocity access key. Should be set to a secret containing the Develocity Access key.
    required: false

  develocity-token-expiry:
    description: The Develocity short-lived access tokens expiry in hours. Default is 2 hours.
    required: false

  # Wrapper validation configuration
  validate-wrappers:
    description: |
      When 'true' the action will automatically validate all wrapper jars found in the repository.
      If the wrapper checksums are not valid, the action will fail.
    required: false
    default: false

  allow-snapshot-wrappers:
    description: |
      When 'true', wrapper validation will include the checksums of snapshot wrapper jars. 
      Use this if you are running with nightly or snapshot versions of the Gradle wrapper.
    required: false
    default: false

  # DEPRECATED ACTION INPUTS

  # EXPERIMENTAL ACTION INPUTS
  # The following action properties allow fine-grained tweaking of the action caching behaviour.
  # These properties are experimental and not (yet) designed for production use, and may change without notice in a subsequent release of `setup-gradle`.
  # Use at your own risk!
  gradle-home-cache-strict-match:
    description: When 'true', the action will not attempt to restore the Gradle User Home entries from other Jobs.
    required: false
    default: false

  # INTERNAL ACTION INPUTS
  # These inputs should not be configured directly, and are only used to pass environmental information to the action
  workflow-job-context:
    description: Used to uniquely identify the current job invocation. Defaults to the matrix values for this job; this should not be overridden by users (INTERNAL).
    required: false
    default: ${{ toJSON(matrix) }}

  github-token:
    description: The GitHub token used to authenticate when submitting via the Dependency Submission API.
    default: ${{ github.token }}
    required: false

outputs:
  build-scan-url:
    description: Link to the Build Scan® generated by a Gradle build. Note that this output applies to a Step executing Gradle, not to the `setup-gradle` Step itself.
  dependency-graph-file:
    description: Path to the GitHub Dependency Graph snapshot file generated by a Gradle build. Note that this output applies to a Step executing Gradle, not to the `setup-gradle` Step itself.
  gradle-version:
    description: Version of Gradle that was setup by the action

runs:
  using: 'node20'
  main: '../dist/dependency-submission/main/index.js'
  post: '../dist/dependency-submission/post/index.js'

branding:
  icon: 'box'
  color: 'gray-dark'