Set both DEVELOCITY_ACCESS_KEY and GRADLE_ENTERPRISE_ACCESS_KEY env vars (#225)

Follow up of https://github.com/gradle/actions/pull/224, we now attempt to set both old and new access key env variables to a short lived token. If a short-lived token cannot be obtained, then: - DEVELOCITY_ACCESS_KEY is set to an empty string, preventing this from being used. - GRADLE_ENTERPRISE_ACCESS_KEY is left intact, with a deprecation warning being issued.
2025-11-26 17:09:10 +08:00 · 2024-05-17 23:07:50 +02:00
parent db270b9337
commit 96b9cb4988
5 changed files with 61 additions and 19 deletions
--- a/sources/src/configuration.ts
+++ b/sources/src/configuration.ts
@@ -188,6 +188,9 @@ export enum JobSummaryOption {
 }

 export class BuildScanConfig {
+    static DevelocityAccessKeyEnvVar = 'DEVELOCITY_ACCESS_KEY'
+    static GradleEnterpriseAccessKeyEnvVar = 'GRADLE_ENTERPRISE_ACCESS_KEY'
+
    getBuildScanPublishEnabled(): boolean {
        return getBooleanInput('build-scan-publish') && this.verifyTermsOfUseAgreement()
    }
@@ -201,7 +204,12 @@ export class BuildScanConfig {
    }

    getDevelocityAccessKey(): string {
-        return core.getInput('develocity-access-key') || process.env['DEVELOCITY_ACCESS_KEY'] || ''
+        return (
+            core.getInput('develocity-access-key') ||
+            process.env[BuildScanConfig.DevelocityAccessKeyEnvVar] ||
+            process.env[BuildScanConfig.GradleEnterpriseAccessKeyEnvVar] ||
+            ''
+        )
    }

    getDevelocityTokenExpiry(): string {
--- a/sources/src/develocity/short-lived-token.ts
+++ b/sources/src/develocity/short-lived-token.ts
@@ -1,5 +1,7 @@
 import * as httpm from 'typed-rest-client/HttpClient'
 import * as core from '@actions/core'
+import {BuildScanConfig} from '../configuration'
+import {recordDeprecation} from '../deprecation-collector'

 export async function setupToken(
    develocityAccessKey: string,
@@ -7,27 +9,40 @@ export async function setupToken(
    enforceUrl: string | undefined,
    develocityUrl: string | undefined
 ): Promise<void> {
-    const develocityAccesskeyEnvVar = 'DEVELOCITY_ACCESS_KEY'
    if (develocityAccessKey) {
        try {
            core.debug('Fetching short-lived token...')
            const tokens = await getToken(enforceUrl, develocityUrl, develocityAccessKey, develocityTokenExpiry)
            if (tokens != null && !tokens.isEmpty()) {
-                core.debug(`Got token(s), setting the ${develocityAccesskeyEnvVar} env var`)
+                core.debug(`Got token(s), setting the access key env vars`)
                const token = tokens.raw()
                core.setSecret(token)
-                core.exportVariable(develocityAccesskeyEnvVar, token)
+                exportAccessKeyEnvVars(token)
            } else {
                // In case of not being able to generate a token we set the env variable to empty to avoid leaks
-                core.exportVariable(develocityAccesskeyEnvVar, '')
+                clearAccessKeyEnvVarsWithDeprecationWarning()
            }
        } catch (e) {
-            core.exportVariable(develocityAccesskeyEnvVar, '')
+            clearAccessKeyEnvVarsWithDeprecationWarning()
            core.warning(`Failed to fetch short-lived token, reason: ${e}`)
        }
    }
 }

+function exportAccessKeyEnvVars(value: string): void {
+    ;[BuildScanConfig.DevelocityAccessKeyEnvVar, BuildScanConfig.GradleEnterpriseAccessKeyEnvVar].forEach(key =>
+        core.exportVariable(key, value)
+    )
+}
+
+function clearAccessKeyEnvVarsWithDeprecationWarning(): void {
+    if (process.env[BuildScanConfig.GradleEnterpriseAccessKeyEnvVar]) {
+        // We do not clear the GRADLE_ENTERPRISE_ACCESS_KEY env var in v3, to let the users upgrade to DV 2024.1
+        recordDeprecation(`The ${BuildScanConfig.GradleEnterpriseAccessKeyEnvVar} env var is deprecated`)
+    }
+    core.exportVariable(BuildScanConfig.DevelocityAccessKeyEnvVar, '')
+}
+
 export async function getToken(
    enforceUrl: string | undefined,
    serverUrl: string | undefined,