Add support for short-lived tokens (#224)

The setup-gradle action tries to get a short-lived access token given the supplied Develocity access key.
This key can be passed either with the `DEVELOCITY_ACCESS_KEY` env var or via the  `develocity-access-key` input parameter.
If a token can be retrieved, then the `DEVELOCITY_ACCESS_KEY` env var will be set to the token. 
Otherwise the `DEVELOCITY_ACCESS_KEY` will be set to a blank string, to avoid a leak.

---------

Co-authored-by: daz <daz@gradle.com>

.github/workflows/integ-test-inject-develocity.yml

@@ -26,14 +26,19 @@ jobs:
       DEVELOCITY_URL: https://ge.solutions-team.gradle.com
       DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
       DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0'
-      GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} # required to test against GE plugin 3.16.2
-      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      ${{matrix.accessKeyEnv}}: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
     strategy:
       fail-fast: false
       matrix:
         gradle: [current, 7.6.2, 6.9.4, 5.6.4]
         os: ${{fromJSON(inputs.runner-os)}}
         plugin-version: [3.16.2, 3.17.3]
+        include:
+        - plugin-version: 3.16.2
+          accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
+        - plugin-version: 3.17.3
+          accessKeyEnv: DEVELOCITY_ACCESS_KEY
+
     runs-on: ${{ matrix.os }}
     steps:
     - name: Checkout sources
@@ -61,4 +66,83 @@ jobs:
       uses: actions/github-script@v7
       with:
         script: |
-          core.setFailed('No Build Scan detected')   
+          core.setFailed('No Build Scan detected')
+    - name: Check short lived token
+      if: ${{ matrix.plugin-version == '3.17.3' }}
+      run: "[ ${#DEVELOCITY_ACCESS_KEY} -gt 500 ] || (echo 'DEVELOCITY_ACCESS_KEY does not look like a short lived token'; exit 1)"
+
+  inject-develocity-with-access-key:
+    env:
+      DEVELOCITY_INJECTION_ENABLED: true
+      DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
+      DEVELOCITY_PLUGIN_VERSION: 3.17.3
+      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0'
+    strategy:
+      fail-fast: false
+      matrix:
+        gradle: [current, 7.6.2, 6.9.4, 5.6.4]
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+      - name: Initialize integ-test
+        uses: ./.github/actions/init-integ-test
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 8
+      - name: Setup Gradle
+        id: setup-gradle
+        uses: ./setup-gradle
+        with:
+          cache-read-only: false # For testing, allow writing cache entries on non-default branches
+          gradle-version: ${{ matrix.gradle }}
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+          develocity-token-expiry: 1
+      - name: Run Gradle build
+        id: gradle
+        working-directory: .github/workflow-samples/no-ge
+        run: gradle help
+      - name: Check short lived token
+        run: "[ ${#DEVELOCITY_ACCESS_KEY} -gt 500 ] || (echo 'DEVELOCITY_ACCESS_KEY does not look like a short lived token'; exit 1)"
+      - name: Check Build Scan url
+        if: ${{ !steps.gradle.outputs.build-scan-url }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            core.setFailed('No Build Scan detected')
+
+  inject-develocity-short-lived-token-failed:
+    env:
+      DEVELOCITY_INJECTION_ENABLED: true
+      DEVELOCITY_URL: 'https://localhost:3333/'
+      DEVELOCITY_PLUGIN_VERSION: 3.17.3
+      DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0'
+      # Access key also set as an env var, we want to check it does not leak
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+      - name: Initialize integ-test
+        uses: ./.github/actions/init-integ-test
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 8
+      - name: Setup Gradle
+        id: setup-gradle
+        uses: ./setup-gradle
+        with:
+          cache-read-only: false # For testing, allow writing cache entries on non-default branches
+          develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      - name: Run Gradle build
+        id: gradle
+        working-directory: .github/workflow-samples/no-ge
+        run: gradle help
+      - name: Check access key is blank
+        run: "[ \"${DEVELOCITY_ACCESS_KEY}\" == \"\" ] || (echo 'DEVELOCITY_ACCESS_KEY has leaked!'; exit 1)"