Add support for short-lived tokens (#224)

The setup-gradle action tries to get a short-lived access token given the supplied Develocity access key. This key can be passed either with the `DEVELOCITY_ACCESS_KEY` env var or via the `develocity-access-key` input parameter. If a token can be retrieved, then the `DEVELOCITY_ACCESS_KEY` env var will be set to the token. Otherwise the `DEVELOCITY_ACCESS_KEY` will be set to a blank string, to avoid a leak. --------- Co-authored-by: daz <daz@gradle.com>
2025-11-26 17:09:10 +08:00 · 2024-05-16 00:49:55 +02:00
parent eb13cf7170
commit 500e0ee5b3
10 changed files with 535 additions and 61 deletions
--- a/setup-gradle/action.yml
+++ b/setup-gradle/action.yml
@@ -23,7 +23,7 @@ inputs:

  cache-write-only:
    description: |
-      When 'true', entries will not be restored from the cache but will be saved at the end of the Job. 
+      When 'true', entries will not be restored from the cache but will be saved at the end of the Job.
      Setting this to 'true' implies cache-read-only will be 'false'.
    required: false
    default: false
@@ -35,7 +35,7 @@ inputs:

  cache-encryption-key:
    description: |
-      A base64 encoded AES key used to encrypt the configuration-cache data. The key is exported as 'GRADLE_ENCRYPTION_KEY' for later steps. 
+      A base64 encoded AES key used to encrypt the configuration-cache data. The key is exported as 'GRADLE_ENCRYPTION_KEY' for later steps.
      A suitable key can be generated with `openssl rand -base64 16`.
      Configuration-cache data will not be saved/restored without an encryption key being provided.
    required: false
@@ -70,7 +70,7 @@ inputs:
  # Dependency Graph configuration
  dependency-graph:
    description: |
-      Specifies if a GitHub dependency snapshot should be generated for each Gradle build, and if so, how. 
+      Specifies if a GitHub dependency snapshot should be generated for each Gradle build, and if so, how.
      Valid values are 'disabled' (default), 'generate', 'generate-and-submit', 'generate-and-upload', 'download-and-submit' and 'clear'.
    required: false
    default: 'disabled'
@@ -95,11 +95,19 @@ inputs:
  build-scan-terms-of-use-url:
    description: The URL to the Build Scan® terms of use. This input must be set to 'https://gradle.com/terms-of-service' or 'https://gradle.com/help/legal-terms-of-use'.
    required: false
-  
+
  build-scan-terms-of-use-agree:
    description: Indicate that you agree to the Build Scan® terms of use. This input value must be "yes".
    required: false

+  develocity-access-key:
+    description: Develocity access key. Should be set to a secret containing the Develocity Access key.
+    required: false
+
+  develocity-token-expiry:
+    description: The Develocity short-lived access tokens expiry in hours. Default is 2 hours.
+    required: false
+
  # Wrapper validation configuration
  validate-wrappers:
    description: |
@@ -143,7 +151,7 @@ inputs:
    description: When 'true', the action will not attempt to restore the Gradle User Home entries from other Jobs.
    required: false
    default: false
-    
+
  # INTERNAL ACTION INPUTS
  # These inputs should not be configured directly, and are only used to pass environmental information to the action
  workflow-job-context: