Commit graph

419 commits

Author SHA1 Message Date
Inaki Villar
5f1c5827bf handle missing access token 2024-06-14 16:44:06 -06:00
daz
e3bc05f224
Run CodeQL on PRs 2024-06-13 13:15:23 -06:00
daz
485ea107b7
Run CodeQL on dev/* branches 2024-06-13 13:01:56 -06:00
Iñaki Villar
d0a116fff5
Adding Develocity input actions (#244)
Adding Develocity input actions. 

If an input is configured in the action, it will generate the environment variable, example:

```yaml
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@v3
      with:
        develocity-injection-enabled: true
        develocity-url: https://develocity.your-server.com
        develocity-plugin-version: 3.17.4

    - name: Run a Gradle build with Develocity injection enabled from input actions
      run: ./gradlew build
```

This configuration will create the environment variables:
```
DEVELOCITY_INJECTION_ENABLED=true
DEVELOCITY_URL=https://develocity.your-server.com
DEVELOCITY_PLUGIN_VERSION=3.17.4
```

Relation variable-input available:

| Variable | Input |

|--------------------------------------|--------------------------------------|
| DEVELOCITY_INJECTION_ENABLED | develocity-injection-enabled |
| DEVELOCITY_URL | develocity-url |
| DEVELOCITY_ALLOW_UNTRUSTED_SERVER | develocity-allow-untrusted-server
|
| DEVELOCITY_CAPTURE_FILE_FINGERPRINTS |
develocity-capture-file-fingerprints |
| DEVELOCITY_ENFORCE_URL | develocity-enforce-url |
| DEVELOCITY_PLUGIN_VERSION | develocity-plugin-version |
| DEVELOCITY_CCUD_PLUGIN_VERSION | develocity-ccud-plugin-version |
| GRADLE_PLUGIN_REPOSITORY_URL | gradle-plugin-repository-url |
| GRADLE_PLUGIN_REPOSITORY_USERNAME | gradle-plugin-repository-username
|
| GRADLE_PLUGIN_REPOSITORY_PASSWORD | gradle-plugin-repository-password
|
2024-06-13 12:42:47 -06:00
bot-githubaction
1d2ea6e5a8 Bump references to Develocity Gradle plugin from 3.17.4 to 3.17.5 2024-06-13 10:01:04 -06:00
daz
2db3ae936e Update to Gradle 8.8 2024-06-13 09:03:40 -06:00
dependabot[bot]
a68381d359 Bump com.google.guava:guava in /.github/workflow-samples/kotlin-dsl
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.2.0-jre to 33.2.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-13 07:41:41 -06:00
Bot Githubaction
30610bc983
Bump references to Develocity Gradle plugin from 3.17.3 to 3.17.4 (#236)
This PR bumps references to Develocity Gradle plugin from 3.17.3 to 3.17.4.

---------

Co-authored-by: Eric Haag <ehaag@gradle.com>
2024-05-23 08:56:09 -06:00
Alexis Tual
96b9cb4988
Set both DEVELOCITY_ACCESS_KEY and GRADLE_ENTERPRISE_ACCESS_KEY env vars (#225)
Follow up of https://github.com/gradle/actions/pull/224, we now attempt to set both old and new access key env variables to a short lived token.
If a short-lived token cannot be obtained, then:
- DEVELOCITY_ACCESS_KEY is set to an empty string, preventing this from being used.
- GRADLE_ENTERPRISE_ACCESS_KEY is left intact, with a deprecation warning being issued.
2024-05-17 15:07:50 -06:00
Alexis Tual
500e0ee5b3
Add support for short-lived tokens (#224)
The setup-gradle action tries to get a short-lived access token given the supplied Develocity access key.
This key can be passed either with the `DEVELOCITY_ACCESS_KEY` env var or via the  `develocity-access-key` input parameter.
If a token can be retrieved, then the `DEVELOCITY_ACCESS_KEY` env var will be set to the token. 
Otherwise the `DEVELOCITY_ACCESS_KEY` will be set to a blank string, to avoid a leak.

---------

Co-authored-by: daz <daz@gradle.com>
2024-05-15 16:49:55 -06:00
Daz DeBoer
ea14aa9caf
Dependency updates (#222)
- Bump to com.gradle.develocity plugin v3.17.3
- Bump JVM dependencies in sample projects
2024-05-11 07:45:47 -06:00
daz
941b289d84
Avoid running Gradle 3.5.1 on MacOS where Java 8 is not available 2024-04-25 21:23:15 +01:00
daz
11eaed9738
Avoid Java 8 since it is not available on MacOS runners 2024-04-25 20:17:16 +01:00
daz
a772c14b33 Avoid updating real dependency graph in tests 2024-04-25 11:19:43 +01:00
Daz DeBoer
c198d84863
Support custom report dir for dependency-submission (#189)
If the `DEPENDENCY_GRAPH_REPORT_DIR` var is set, use this value when locating dependency-graph files to upload/submit.

Fixes #188
2024-04-18 13:40:41 -06:00
daz
eef9b10930 Bump Develocity and CCUD plugin versions 2024-04-17 19:08:51 -06:00
Marcono1234
8be796e9fa Update link to 'update checksums' workflow 2024-04-16 10:06:09 -06:00
daz
0325d99e52 Workflow fixes
- Fix typo in 'paths-ignore'
- Add back 'buildDistribution' to demo job summary
2024-04-12 10:34:50 -06:00
daz
5893d44739
Use fixed job name for cache restore 2024-04-12 00:38:28 -06:00
daz
fb14e0ee5b Skip the 'download-dist' step for full integ-test
After the '[bot] update dist directory' commit, we run a full test suite.
This will now use the content from the 'dist' directory, rather than
regenerating this content in the test.
2024-04-12 00:24:44 -06:00
daz
0261d93071
Switch back to unique cache entries with full integ-test 2024-04-11 23:00:25 -06:00
daz
7d97cfadb0
Avoid most workflows when only 'dist' has changed 2024-04-11 22:54:09 -06:00
daz
ebf9707dff Use a bot token to generate "Update dist" commit
This will permit workflows to run when this commit is applied.

- Avoid running ci-update-dist for modifications to dist directory (no recursion)
- Run full-suite only in response to bot updates.
2024-04-11 22:44:13 -06:00
daz
0627979b9c Only allow one integ-test at a time per branch 2024-04-11 22:44:13 -06:00
daz
62557f3635
Enable wrapper validation with setup-gradle action 2024-04-11 11:56:55 -06:00
daz
33741bd2bb
Make it easier to run workflows locally with 'act' 2024-04-11 11:56:01 -06:00
daz
39cecc54d0
Add wrapper-validation workflows 2024-04-11 08:39:21 -06:00
daz
3252e655d0
Ensure each integ-test gets a unique cache-key-prefix 2024-04-10 20:07:14 -06:00
daz
be0b7f44a7
Temporarily disable cache prefixing in integ tests
This is an attempt to stabilize our CI workflows.
2024-04-10 19:49:08 -06:00
Philip Wedemann
0f427bc07b
Add a test for merging existing toolchains.xml (#151) 2024-04-10 17:20:36 -06:00
daz
30a2ee13f2
Skip certain tests when running from fork 2024-04-10 17:05:09 -06:00
daz
d37a479015
Use pull_request triggers primarily for workflows
Instead of relying on push triggers in general, we now use pull_request
and reserve push triggers for main and release branches.

This makes the behaviour more consistent for users contributing from
repository forks. However, we no longer have a quick-feedback loop
for development.
2024-04-10 16:48:14 -06:00
daz
3e155e3d92
Avoid running incompatible tests on Windows 2024-04-10 13:11:19 -06:00
daz
6832731061
Fix the 'build-dist' action 2024-04-10 12:16:13 -06:00
dependabot[bot]
87f10dd82f
Bump com.gradle.develocity from 3.17 to 3.17.1 in /.github/workflow-samples/groovy-dsl (#144)
Bumps com.gradle.develocity from 3.17 to 3.17.1.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.gradle.develocity&package-manager=gradle&previous-version=3.17&new-version=3.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-10 11:46:48 -06:00
dependabot[bot]
a66014f771
Bump com.gradle.develocity from 3.17 to 3.17.1 in /.github/workflow-samples/no-wrapper (#143)
Bumps com.gradle.develocity from 3.17 to 3.17.1.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.gradle.develocity&package-manager=gradle&previous-version=3.17&new-version=3.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-10 11:44:52 -06:00
dependabot[bot]
4ccff7d80f
Bump com.gradle.develocity from 3.17 to 3.17.1 in /.github/workflow-samples/kotlin-dsl (#142)
Bumps com.gradle.develocity from 3.17 to 3.17.1.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.gradle.develocity&package-manager=gradle&previous-version=3.17&new-version=3.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-10 11:43:49 -06:00
dependabot[bot]
5e5501accb Bump com.gradle.develocity
Bumps com.gradle.develocity from 3.17 to 3.17.1.

---
updated-dependencies:
- dependency-name: com.gradle.develocity
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-10 11:38:52 -06:00
daz
b2fd266e89
List changed files when failing due to dist directory change
Hopefully this will help track down spurious failures.
2024-04-10 11:36:05 -06:00
daz
0be451eca3
Simplify the workflow triggers 2024-04-10 11:09:42 -06:00
daz
7b822e51a5
Merge quick and full tests into single workflow
- Run quick suite for Dependabot
- Run quick suite in forks
- Run quick suite if no PR is associated with commit
- Otherwise run full suite
2024-04-10 09:50:15 -06:00
daz
9e47918adf Build and commit changes to 'dist' automatically
Instead of requiring that developers keep the 'dist' directory up-to-date,
this process is now automated via a workflow.
Whenever a commit is pushed to 'main' (or a 'release/**' branch), the workflow will
build the application and commit any changes to the 'dist' directory.
2024-04-10 07:33:46 -06:00
daz
b64dafb1c9 Use locally built dist for demo workflows 2024-04-10 07:33:46 -06:00
daz
153b1135d0
Remove old workflow 2024-04-10 06:58:06 -06:00
daz
211d342ee6
Rename workflow 2024-04-10 06:57:13 -06:00
daz
6599acbe46
Add back dependency-review.yml so we can rename it 2024-04-10 06:55:58 -06:00
daz
e7c0080dc5
Remove old workflows 2024-04-10 06:52:39 -06:00
daz
0979245ebd
Rename 'check' workflows to 'integ-test' 2024-04-10 06:50:04 -06:00
daz
73638aa351
Run quick-check only if commit is NOT part of a PR
Without a mechanism to check this in the workflow trigger,
we instead run the workflow but skip all jobs if the commit belongs to a PR.

This effectively means that commits-without-PR will run quick-check, and commits-with-PR
will run full-check.
2024-04-10 06:39:42 -06:00
daz
d28f25d60a
Cache npm 2024-04-10 06:04:32 -06:00