mirror of
https://github.com/gradle/actions
synced 2024-11-27 11:52:24 +00:00
Add note about cache-encryption-key being required
Some checks failed
CI-ossf-scorecard / Scorecard analysis (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-validate-wrappers / validation (push) Has been cancelled
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
Some checks failed
CI-ossf-scorecard / Scorecard analysis (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-validate-wrappers / validation (push) Has been cancelled
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
This commit is contained in:
parent
0e27ea7e6c
commit
fb5165dcd4
1 changed files with 7 additions and 1 deletions
|
@ -196,6 +196,9 @@ When Gradle is executed with the [configuration-cache](https://docs.gradle.org/c
|
||||||
in the project directory, at `<project-dir>/.gradle/configuration-cache`. Due to the way the configuration-cache works, [this file may contain stored credentials and other
|
in the project directory, at `<project-dir>/.gradle/configuration-cache`. Due to the way the configuration-cache works, [this file may contain stored credentials and other
|
||||||
secrets](https://docs.gradle.org/release-nightly/userguide/configuration_cache.html#config_cache:secrets), and this data needs to be encrypted to be safely stored in the GitHub Actions cache.
|
secrets](https://docs.gradle.org/release-nightly/userguide/configuration_cache.html#config_cache:secrets), and this data needs to be encrypted to be safely stored in the GitHub Actions cache.
|
||||||
|
|
||||||
|
> [!IMPORTANT]
|
||||||
|
> To avoid potentially leaking secrets in the configuration-cache entry, the action will only save or restore configuration-cache data if the `cache-encryption-key` parameter is set.
|
||||||
|
|
||||||
To benefit from configuration caching in your GitHub Actions workflow, you must:
|
To benefit from configuration caching in your GitHub Actions workflow, you must:
|
||||||
- Execute your build with Gradle 8.6 or newer. This can be achieved directly or via the Gradle Wrapper.
|
- Execute your build with Gradle 8.6 or newer. This can be achieved directly or via the Gradle Wrapper.
|
||||||
- Enable the configuration cache for your build.
|
- Enable the configuration cache for your build.
|
||||||
|
@ -220,7 +223,10 @@ jobs:
|
||||||
- run: gradle build --configuration-cache
|
- run: gradle build --configuration-cache
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!IMPORTANT]
|
Even with everything correctly configured, you may find that the configuration-cache entry is not reused in your workflow.
|
||||||
|
This is often due to a known issue: [Included builds containing build logic prevent configuration-cache reuse](https://github.com/gradle/actions/issues/21). Refer to the issue for more details.
|
||||||
|
|
||||||
|
> [!NOTE]
|
||||||
> The configuration cache cannot be saved or restored in workflows triggered by a pull requests from a repository fork.
|
> The configuration cache cannot be saved or restored in workflows triggered by a pull requests from a repository fork.
|
||||||
> This is because [GitHub secrets are not passed to workflows triggered by PRs from forks](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow).
|
> This is because [GitHub secrets are not passed to workflows triggered by PRs from forks](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow).
|
||||||
> This prevents a malicious PR from reading the configuration-cache data, which may encode secrets read by Gradle.
|
> This prevents a malicious PR from reading the configuration-cache data, which may encode secrets read by Gradle.
|
||||||
|
|
Loading…
Reference in a new issue