mirror of
https://github.com/gradle/gradle-build-action
synced 2024-11-27 12:02:15 +00:00
commit
a4cf152f48
10 changed files with 1819 additions and 3690 deletions
|
@ -78,20 +78,18 @@ jobs:
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
dependency-graph: generate
|
dependency-graph: generate
|
||||||
- name: Run assemble
|
- id: gradle-assemble
|
||||||
run: ./gradlew assemble
|
run: ./gradlew assemble
|
||||||
working-directory: .github/workflow-samples/groovy-dsl
|
working-directory: .github/workflow-samples/groovy-dsl
|
||||||
env:
|
- id: gradle-build
|
||||||
GITHUB_JOB_CORRELATOR: job-correlator
|
|
||||||
- name: Run build
|
|
||||||
run: ./gradlew build
|
run: ./gradlew build
|
||||||
working-directory: .github/workflow-samples/groovy-dsl
|
working-directory: .github/workflow-samples/groovy-dsl
|
||||||
env:
|
|
||||||
GITHUB_JOB_CORRELATOR: job-correlator
|
|
||||||
- name: Check generated dependency graphs
|
- name: Check generated dependency graphs
|
||||||
run: |
|
run: |
|
||||||
|
echo "gradle-assemble report file: ${{ steps.gradle-assemble.outputs.dependency-graph-file }}"
|
||||||
|
echo "gradle-build report file: ${{ steps.gradle-build.outputs.dependency-graph-file }}"
|
||||||
ls -l dependency-graph-reports
|
ls -l dependency-graph-reports
|
||||||
if ([ ! -e dependency-graph-reports/job-correlator.json ] || [ ! -e dependency-graph-reports/job-correlator-1.json ])
|
if ([ ! -e ${{ steps.gradle-assemble.outputs.dependency-graph-file }} ] || [ ! -e ${{ steps.gradle-build.outputs.dependency-graph-file }} ])
|
||||||
then
|
then
|
||||||
echo "Did not find expected dependency graph files"
|
echo "Did not find expected dependency graph files"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
49
README.md
49
README.md
|
@ -410,7 +410,6 @@ You can use the `gradle-build-action` on GitHub Enterprise Server, and benefit f
|
||||||
- Support for GitHub Actions Job Summary (requires GHES 3.6+ : GitHub Actions Job Summary support was introduced in GHES 3.6). In earlier versions of GHES the build-results summary and caching report will be written to the workflow log, as part of the post-action step.
|
- Support for GitHub Actions Job Summary (requires GHES 3.6+ : GitHub Actions Job Summary support was introduced in GHES 3.6). In earlier versions of GHES the build-results summary and caching report will be written to the workflow log, as part of the post-action step.
|
||||||
|
|
||||||
# GitHub Dependency Graph support
|
# GitHub Dependency Graph support
|
||||||
**EXPERIMENTAL**
|
|
||||||
|
|
||||||
The `gradle-build-action` has experimental support for submitting a [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) snapshot via the [GitHub Dependency Submission API](https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28).
|
The `gradle-build-action` has experimental support for submitting a [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) snapshot via the [GitHub Dependency Submission API](https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28).
|
||||||
|
|
||||||
|
@ -449,13 +448,59 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Setup Gradle to generate and submit dependency graphs
|
- name: Setup Gradle to generate and submit dependency graphs
|
||||||
uses: gradle/gradle-build-action@dependency-graph
|
uses: gradle/gradle-build-action@v2
|
||||||
with:
|
with:
|
||||||
dependency-graph: generate-and-submit
|
dependency-graph: generate-and-submit
|
||||||
- name: Run a build, generating the dependency graph snapshot which will be submitted
|
- name: Run a build, generating the dependency graph snapshot which will be submitted
|
||||||
run: ./gradlew build
|
run: ./gradlew build
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Filtering which Gradle Configurations contribute to the dependency graph
|
||||||
|
|
||||||
|
If you do not want to include every dependency configuration in every project in your build, you can limit the
|
||||||
|
dependency extraction to a subset of these.
|
||||||
|
|
||||||
|
To restrict which Gradle subprojects contribute to the report, specify which projects to include via a regular expression.
|
||||||
|
You can provide this value via the `DEPENDENCY_GRAPH_INCLUDE_PROJECTS` environment variable or system property.
|
||||||
|
|
||||||
|
To restrict which Gradle configurations contribute to the report, you can filter configurations by name using a regular expression.
|
||||||
|
You can provide this value via the `DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS` environment variable or system property.
|
||||||
|
|
||||||
|
Example of a simple workflow that limits the dependency graph to `RuntimeClasspath` configuration:
|
||||||
|
```yaml
|
||||||
|
name: Submit dependency graph
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- name: Setup Gradle to generate and submit dependency graphs
|
||||||
|
uses: gradle/gradle-build-action@v2
|
||||||
|
with:
|
||||||
|
dependency-graph: generate-and-submit
|
||||||
|
- name: Run a build, generating the dependency graph from 'RuntimeClasspath' configurations
|
||||||
|
run: ./gradlew build -DDEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS=RuntimeClasspath
|
||||||
|
```
|
||||||
|
|
||||||
|
### Gradle version compatibility
|
||||||
|
|
||||||
|
The plugin should be compatible with all versions of Gradle >= 5.0, and has been tested against
|
||||||
|
Gradle versions "5.6.4", "6.9.4", "7.0.2", "7.6.2", "8.0.2" and the current Gradle release.
|
||||||
|
|
||||||
|
The plugin is compatible with running Gradle with the configuration-cache enabled. However, this support is
|
||||||
|
limited to Gradle "8.1.0" and later:
|
||||||
|
- With Gradle "8.0", the build should run successfully, but an empty dependency graph will be generated.
|
||||||
|
- With Gradle <= "7.6.4", the plugin will cause the build to fail with configuration-cache enabled.
|
||||||
|
|
||||||
|
To use this plugin with versions of Gradle older than "8.1.0", you'll need to invoke Gradle with the
|
||||||
|
configuration-cache disabled.
|
||||||
|
|
||||||
### Dependency snapshots generated for pull requests
|
### Dependency snapshots generated for pull requests
|
||||||
|
|
||||||
This `contents: write` permission is not available for any workflow that is triggered by a pull request submitted from a forked repository, since it would permit a malicious pull request to make repository changes.
|
This `contents: write` permission is not available for any workflow that is triggered by a pull request submitted from a forked repository, since it would permit a malicious pull request to make repository changes.
|
||||||
|
|
|
@ -87,7 +87,9 @@ inputs:
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
build-scan-url:
|
build-scan-url:
|
||||||
description: Link to the Build Scan® if any
|
description: Link to the Build Scan® generated by a Gradle build. Note that this output applies to a Step executing Gradle, not to the `gradle-build-action` Step itself.
|
||||||
|
dependency-graph-file:
|
||||||
|
description: Path to the GitHub Dependency Graph snapshot file generated by a Gradle build. Note that this output applies to a Step executing Gradle, not to the `gradle-build-action` Step itself.
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
using: 'node16'
|
using: 'node16'
|
||||||
|
|
2624
dist/main/index.js
vendored
2624
dist/main/index.js
vendored
File diff suppressed because it is too large
Load diff
2
dist/main/index.js.map
vendored
2
dist/main/index.js.map
vendored
File diff suppressed because one or more lines are too long
2624
dist/post/index.js
vendored
2624
dist/post/index.js
vendored
File diff suppressed because it is too large
Load diff
2
dist/post/index.js.map
vendored
2
dist/post/index.js.map
vendored
File diff suppressed because one or more lines are too long
|
@ -3,7 +3,7 @@ buildscript {
|
||||||
maven { url "https://plugins.gradle.org/m2/" }
|
maven { url "https://plugins.gradle.org/m2/" }
|
||||||
}
|
}
|
||||||
dependencies {
|
dependencies {
|
||||||
classpath "org.gradle:github-dependency-graph-gradle-plugin:0.1.0"
|
classpath "org.gradle:github-dependency-graph-gradle-plugin:0.2.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
apply plugin: org.gradle.github.GitHubDependencyGraphPlugin
|
apply plugin: org.gradle.github.GitHubDependencyGraphPlugin
|
||||||
|
|
|
@ -15,14 +15,20 @@ if (GradleVersion.current().baseVersion < GradleVersion.version("5.0")) {
|
||||||
// This is only required for top-level builds
|
// This is only required for top-level builds
|
||||||
def isTopLevelBuild = gradle.getParent() == null
|
def isTopLevelBuild = gradle.getParent() == null
|
||||||
if (isTopLevelBuild) {
|
if (isTopLevelBuild) {
|
||||||
def jobCorrelator = ensureUniqueJobCorrelator(System.env.GITHUB_JOB_CORRELATOR)
|
def reportFile = getUniqueReportFile(System.env.GITHUB_JOB_CORRELATOR)
|
||||||
|
|
||||||
if (jobCorrelator == null) {
|
if (reportFile == null) {
|
||||||
println "::warning::No dependency snapshot generated for step: report file for '${jobCorrelator}' created in earlier step. Each build invocation requires a unique job correlator: specify GITHUB_JOB_CORRELATOR var for this step."
|
println "::warning::No dependency snapshot generated for step. Could not determine unique job correlator - specify GITHUB_JOB_CORRELATOR var for this step."
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
println "Generating dependency graph for '${jobCorrelator}'"
|
def githubOutput = System.getenv("GITHUB_OUTPUT")
|
||||||
|
if (githubOutput) {
|
||||||
|
new File(githubOutput) << "dependency-graph-file=${reportFile.absolutePath}\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
println "Generating dependency graph into '${reportFile}'"
|
||||||
}
|
}
|
||||||
|
|
||||||
apply from: 'github-dependency-graph-gradle-plugin-apply.groovy'
|
apply from: 'github-dependency-graph-gradle-plugin-apply.groovy'
|
||||||
|
@ -33,10 +39,10 @@ apply from: 'github-dependency-graph-gradle-plugin-apply.groovy'
|
||||||
* - If so, tries to find a unique value that does not yet have a corresponding report file.
|
* - If so, tries to find a unique value that does not yet have a corresponding report file.
|
||||||
* - When found, this value is set as a System property override.
|
* - When found, this value is set as a System property override.
|
||||||
*/
|
*/
|
||||||
String ensureUniqueJobCorrelator(String jobCorrelator) {
|
File getUniqueReportFile(String jobCorrelator) {
|
||||||
def reportDir = System.env.DEPENDENCY_GRAPH_REPORT_DIR
|
def reportDir = System.env.DEPENDENCY_GRAPH_REPORT_DIR
|
||||||
def reportFile = new File(reportDir, jobCorrelator + ".json")
|
def reportFile = new File(reportDir, jobCorrelator + ".json")
|
||||||
if (!reportFile.exists()) return jobCorrelator
|
if (!reportFile.exists()) return reportFile
|
||||||
|
|
||||||
// Try at most 100 suffixes
|
// Try at most 100 suffixes
|
||||||
for (int i = 1; i < 100; i++) {
|
for (int i = 1; i < 100; i++) {
|
||||||
|
@ -44,7 +50,7 @@ String ensureUniqueJobCorrelator(String jobCorrelator) {
|
||||||
def candidateFile = new File(reportDir, candidateCorrelator + ".json")
|
def candidateFile = new File(reportDir, candidateCorrelator + ".json")
|
||||||
if (!candidateFile.exists()) {
|
if (!candidateFile.exists()) {
|
||||||
System.properties['GITHUB_JOB_CORRELATOR'] = candidateCorrelator
|
System.properties['GITHUB_JOB_CORRELATOR'] = candidateCorrelator
|
||||||
return candidateCorrelator
|
return candidateFile
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -29,9 +29,10 @@ class TestDependencyGraph extends BaseInitScriptTest {
|
||||||
|
|
||||||
then:
|
then:
|
||||||
assert reportFile.exists()
|
assert reportFile.exists()
|
||||||
|
assert gitHubOutputFile.text == "dependency-graph-file=${reportFile.absolutePath}\n"
|
||||||
|
|
||||||
where:
|
where:
|
||||||
testGradleVersion << DEPENDENCY_GRAPH_VERSIONS
|
testGradleVersion << GRADLE_8_X
|
||||||
}
|
}
|
||||||
|
|
||||||
// Dependency-graph plugin doesn't support config-cache for 8.0 of Gradle
|
// Dependency-graph plugin doesn't support config-cache for 8.0 of Gradle
|
||||||
|
@ -114,7 +115,8 @@ class TestDependencyGraph extends BaseInitScriptTest {
|
||||||
GITHUB_REF: "main",
|
GITHUB_REF: "main",
|
||||||
GITHUB_SHA: "123456",
|
GITHUB_SHA: "123456",
|
||||||
GITHUB_WORKSPACE: testProjectDir.absolutePath,
|
GITHUB_WORKSPACE: testProjectDir.absolutePath,
|
||||||
DEPENDENCY_GRAPH_REPORT_DIR: reportsDir.absolutePath
|
DEPENDENCY_GRAPH_REPORT_DIR: reportsDir.absolutePath,
|
||||||
|
GITHUB_OUTPUT: gitHubOutputFile.absolutePath
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -125,4 +127,8 @@ class TestDependencyGraph extends BaseInitScriptTest {
|
||||||
def getReportFile() {
|
def getReportFile() {
|
||||||
return new File(reportsDir, "CORRELATOR.json")
|
return new File(reportsDir, "CORRELATOR.json")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
def getGitHubOutputFile() {
|
||||||
|
return new File(testProjectDir, "GITHUB_OUTPUT")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue