Improve dependency graph failure handling (#1036)

One goal for the original dependency-graph support was to minimize it's impact on existing workflows, by operating transparently and not impacting the build outcome. This meant that any failures in dependency-graph generation or submission were logged as warnings, but did not cause the workflow to fail. However, in some cases the primary purpose of a workflow is to generate and submit a dependency graph: in these cases it is desirable to have the workflow fail when this process breaks. This PR introduces a new `dependency-graph-continue-on-failure` parameter, which when `false` will enable the latter behaviour. It also adds test coverage for different failures in dependency graph generation and submission. Fixes #1034 Fixes #997
2024-11-22 00:01:05 -05:00 · 2024-01-13 15:32:28 +01:00 · 2024-01-13 15:32:28 +01:00 · 7099569988
commit 7099569988
parent 11693a1169 610728fa8c
17 changed files with 302 additions and 25 deletions
--- a/.github/workflows/ci-full-check.yml
+++ b/.github/workflows/ci-full-check.yml
@ -36,6 +36,11 @@ jobs:
    with:
      cache-key-prefix: ${{github.run_number}}-

+  dependency-graph-failures:
+    uses: ./.github/workflows/integ-test-dependency-graph-failures.yml
+    with:
+      cache-key-prefix: ${{github.run_number}}-
+
  execution-with-caching:
    uses: ./.github/workflows/integ-test-execution-with-caching.yml
    with:
--- a/.github/workflows/ci-quick-check.yml
+++ b/.github/workflows/ci-quick-check.yml
@ -59,6 +59,13 @@ jobs:
      runner-os: '["ubuntu-latest"]'
      download-dist: true

+  dependency-graph-failures:
+    needs: build-distribution
+    uses: ./.github/workflows/integ-test-dependency-graph-failures.yml
+    with:
+      runner-os: '["ubuntu-latest"]'
+      download-dist: true
+
  execution-with-caching:
    needs: build-distribution
    uses: ./.github/workflows/integ-test-execution-with-caching.yml
--- a/.github/workflows/integ-test-dependency-graph-failures.yml
+++ b/.github/workflows/integ-test-dependency-graph-failures.yml
@ -0,0 +1,103 @@
+name: Test dependency graph
+
+on:
+  workflow_call:
+    inputs:
+      cache-key-prefix:
+        type: string
+      runner-os:
+        type: string
+        default: '["ubuntu-latest"]'
+      download-dist:
+        type: boolean
+        default: false
+
+env:
+  DOWNLOAD_DIST: ${{ inputs.download-dist }}
+  GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: dependency-graph-${{ inputs.cache-key-prefix }}
+  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
+
+jobs:
+  unsupported-gradle-version-warning:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        gradle-version: 7.0.1
+        dependency-graph: generate
+        dependency-graph-continue-on-failure: true
+    - name: Run with unsupported Gradle version
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: |
+        if gradle help | grep -q 'warning::Dependency Graph is not supported for Gradle 7.0.1. No dependency snapshot will be generated.';
+        then
+          echo "Got the expected warning"
+        else
+          echo "Did not get the expected warning"
+          exit 1
+        fi
+
+  unsupported-gradle-version-failure:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        gradle-version: 7.0.1
+        dependency-graph: generate
+        dependency-graph-continue-on-failure: false
+    - name: Run with unsupported Gradle version
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: |
+        if gradle help; then
+          echo "Expected build to fail with Gradle 7.0.1"
+          exit 1
+        fi
+
+  insufficient-permissions-warning:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        dependency-graph: generate-and-submit
+        dependency-graph-continue-on-failure: true
+    - name: Run with insufficient permissions
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: ./gradlew help
+      # This test is primarily for demonstration: it's unclear how to check for warnings emitted in the post-action
+
+  SHOULD_FAIL-insufficient-permissions-failure:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    continue-on-error: true
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Download distribution if required
+      uses: ./.github/actions/download-dist
+    - name: Setup Gradle for dependency-graph generate
+      uses: ./
+      with:
+        dependency-graph: generate-and-submit
+        dependency-graph-continue-on-failure: false
+    - name: Run with insufficient permissions
+      working-directory: .github/workflow-samples/groovy-dsl
+      run: ./gradlew help
+      # This test is primarily for demonstration: it's unclear how to check for a failure in the post-action
--- a/README.md
+++ b/README.md
@ -512,6 +512,22 @@ Depending on [repository settings](https://docs.github.com/en/actions/security-g
 > for a PR submitted from a forked repository.
 > For a configuration that supports this setup, see [Dependency Graphs for pull request workflows](#dependency-graphs-for-pull-request-workflows).

+### Making dependency graph failures cause Job failures
+
+By default, if a failure is encountered when generating or submitting the dependency graph, the action will log the failure as a warning and continue.
+This allows your workflow to be resilient to dependency graph failures, in case dependency graph production is a side-effect rather than the primary purpose of a workflow.
+
+If instead you have a workflow that has a primary purpose to generate and submit a dependency graph, then it makes sense for this workflow to fail if the dependency
+graph cannot be generated or submitted. You can enable this behaviour with the `dependency-graph-continue-on-failure` parameter, which defaults to `true`.
+
+```yaml
+# Ensure that the workflow Job will fail if the dependency graph cannot be submitted
+- uses: gradle/gradle-build-action@v3
+  with:
+    dependency-graph: generate-and-submit
+    dependency-graph-continue-on-failure: false
+```
+
 ### Using a custom plugin repository

 By default, the action downloads the `github-dependency-graph-gradle-plugin` from the Gradle Plugin Portal (https://plugins.gradle.org). If your GitHub Actions environment does not have access to this URL, you can specify a custom plugin repository to use. 
--- a/action.yml
+++ b/action.yml
@ -73,6 +73,11 @@ inputs:
    required: false
    default: 'disabled'

+  dependency-graph-continue-on-failure:
+    description: When 'false' a failure to generate or submit a dependency graph will fail the Step or Job. When 'true' a warning will be emitted but no failure will result.
+    required: false
+    default: true
+
  artifact-retention-days:
    description: Specifies the number of days to retain any artifacts generated by the action. If not set, the default retention settings for the repository will apply.
    required: false
--- a/dist/main/index.js
+++ b/dist/main/index.js
@ -139971,6 +139971,7 @@ const request_error_1 = __nccwpck_require__(10537);
 const path = __importStar(__nccwpck_require__(71017));
 const fs_1 = __importDefault(__nccwpck_require__(57147));
 const layout = __importStar(__nccwpck_require__(28182));
+const errors_1 = __nccwpck_require__(36976);
 const input_params_1 = __nccwpck_require__(23885);
 const DEPENDENCY_GRAPH_PREFIX = 'dependency-graph_';
 function setup(option) {
@ -139984,6 +139985,7 @@ function setup(option) {
        }
        core.info('Enabling dependency graph generation');
        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_ENABLED', 'true');
+        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_CONTINUE_ON_FAILURE', (0, input_params_1.getDependencyGraphContinueOnFailure)());
        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR', getJobCorrelator());
        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_ID', github.context.runId);
        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_REF', github.context.ref);
@ -140009,7 +140011,7 @@ function complete(option) {
            }
        }
        catch (e) {
-            core.warning(`Failed to ${option} dependency graph. Will continue. ${String(e)}`);
+            warnOrFail(option, e);
        }
    });
 }
@ -140040,7 +140042,7 @@ function downloadAndSubmitDependencyGraphs() {
            yield submitDependencyGraphs(yield downloadDependencyGraphs());
        }
        catch (e) {
-            core.warning(`Download and submit dependency graph failed. Will continue. ${String(e)}`);
+            warnOrFail(input_params_1.DependencyGraphOption.DownloadAndSubmit, e);
        }
    });
 }
@ -140052,7 +140054,7 @@ function submitDependencyGraphs(dependencyGraphFiles) {
            }
            catch (error) {
                if (error instanceof request_error_1.RequestError) {
-                    core.warning(buildWarningMessage(jsonFile, error));
+                    throw new Error(translateErrorMessage(jsonFile, error));
                }
                else {
                    throw error;
@ -140061,9 +140063,9 @@ function submitDependencyGraphs(dependencyGraphFiles) {
        }
    });
 }
-function buildWarningMessage(jsonFile, error) {
+function translateErrorMessage(jsonFile, error) {
    const relativeJsonFile = getRelativePathFromWorkspace(jsonFile);
-    const mainWarning = `Failed to submit dependency graph ${relativeJsonFile}.\n${String(error)}`;
+    const mainWarning = `Dependency submission failed for ${relativeJsonFile}.\n${String(error)}`;
    if (error.message === 'Resource not accessible by integration') {
        return `${mainWarning}
 Please ensure that the 'contents: write' permission is available for the workflow job.
@ -140118,6 +140120,12 @@ function findDependencyGraphFiles(dir) {
        return graphFiles;
    });
 }
+function warnOrFail(option, error) {
+    if (!(0, input_params_1.getDependencyGraphContinueOnFailure)()) {
+        throw new errors_1.PostActionJobFailure(error);
+    }
+    core.warning(`Failed to ${option} dependency graph. Will continue.\n${String(error)}`);
+}
 function getOctokit() {
    return github.getOctokit(getGithubToken());
 }
@ -140169,6 +140177,30 @@ function sanitize(value) {
 }


+/***/ }),
+
+/***/ 36976:
+/***/ ((__unused_webpack_module, exports) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.PostActionJobFailure = void 0;
+class PostActionJobFailure extends Error {
+    constructor(error) {
+        if (error instanceof Error) {
+            super(error.message);
+            this.name = error.name;
+            this.stack = error.stack;
+        }
+        else {
+            super(String(error));
+        }
+    }
+}
+exports.PostActionJobFailure = PostActionJobFailure;
+
+
 /***/ }),

 /***/ 23584:
@ -140332,7 +140364,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.JobSummaryOption = exports.DependencyGraphOption = exports.parseNumericInput = exports.getArtifactRetentionDays = exports.getDependencyGraphOption = exports.getPRCommentOption = exports.getJobSummaryOption = exports.isJobSummaryEnabled = exports.getGithubToken = exports.getJobMatrix = exports.getArguments = exports.getGradleVersion = exports.getBuildRootDirectory = exports.getCacheExcludes = exports.getCacheIncludes = exports.getCacheEncryptionKey = exports.isCacheCleanupEnabled = exports.isCacheDebuggingEnabled = exports.isCacheStrictMatch = exports.isCacheOverwriteExisting = exports.isCacheWriteOnly = exports.isCacheReadOnly = exports.isCacheDisabled = void 0;
+exports.JobSummaryOption = exports.DependencyGraphOption = exports.parseNumericInput = exports.getArtifactRetentionDays = exports.getDependencyGraphContinueOnFailure = exports.getDependencyGraphOption = exports.getPRCommentOption = exports.getJobSummaryOption = exports.isJobSummaryEnabled = exports.getGithubToken = exports.getJobMatrix = exports.getArguments = exports.getGradleVersion = exports.getBuildRootDirectory = exports.getCacheExcludes = exports.getCacheIncludes = exports.getCacheEncryptionKey = exports.isCacheCleanupEnabled = exports.isCacheDebuggingEnabled = exports.isCacheStrictMatch = exports.isCacheOverwriteExisting = exports.isCacheWriteOnly = exports.isCacheReadOnly = exports.isCacheDisabled = void 0;
 const core = __importStar(__nccwpck_require__(42186));
 const string_argv_1 = __nccwpck_require__(19663);
 function isCacheDisabled() {
@ -140437,6 +140469,10 @@ function getDependencyGraphOption() {
    throw TypeError(`The value '${val}' is not valid for 'dependency-graph'. Valid values are: [disabled, generate, generate-and-submit, generate-and-upload, download-and-submit]. The default value is 'disabled'.`);
 }
 exports.getDependencyGraphOption = getDependencyGraphOption;
+function getDependencyGraphContinueOnFailure() {
+    return getBooleanInput('dependency-graph-continue-on-failure', true);
+}
+exports.getDependencyGraphContinueOnFailure = getDependencyGraphContinueOnFailure;
 function getArtifactRetentionDays() {
    const val = core.getInput('artifact-retention-days');
    return parseNumericInput('artifact-retention-days', val, 0);
--- a/dist/main/index.js.map
+++ b/dist/main/index.js.map
--- a/dist/post/index.js
+++ b/dist/post/index.js
@ -137424,6 +137424,7 @@ const request_error_1 = __nccwpck_require__(10537);
 const path = __importStar(__nccwpck_require__(71017));
 const fs_1 = __importDefault(__nccwpck_require__(57147));
 const layout = __importStar(__nccwpck_require__(28182));
+const errors_1 = __nccwpck_require__(36976);
 const input_params_1 = __nccwpck_require__(23885);
 const DEPENDENCY_GRAPH_PREFIX = 'dependency-graph_';
 function setup(option) {
@ -137437,6 +137438,7 @@ function setup(option) {
        }
        core.info('Enabling dependency graph generation');
        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_ENABLED', 'true');
+        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_CONTINUE_ON_FAILURE', (0, input_params_1.getDependencyGraphContinueOnFailure)());
        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR', getJobCorrelator());
        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_ID', github.context.runId);
        core.exportVariable('GITHUB_DEPENDENCY_GRAPH_REF', github.context.ref);
@ -137462,7 +137464,7 @@ function complete(option) {
            }
        }
        catch (e) {
-            core.warning(`Failed to ${option} dependency graph. Will continue. ${String(e)}`);
+            warnOrFail(option, e);
        }
    });
 }
@ -137493,7 +137495,7 @@ function downloadAndSubmitDependencyGraphs() {
            yield submitDependencyGraphs(yield downloadDependencyGraphs());
        }
        catch (e) {
-            core.warning(`Download and submit dependency graph failed. Will continue. ${String(e)}`);
+            warnOrFail(input_params_1.DependencyGraphOption.DownloadAndSubmit, e);
        }
    });
 }
@ -137505,7 +137507,7 @@ function submitDependencyGraphs(dependencyGraphFiles) {
            }
            catch (error) {
                if (error instanceof request_error_1.RequestError) {
-                    core.warning(buildWarningMessage(jsonFile, error));
+                    throw new Error(translateErrorMessage(jsonFile, error));
                }
                else {
                    throw error;
@ -137514,9 +137516,9 @@ function submitDependencyGraphs(dependencyGraphFiles) {
        }
    });
 }
-function buildWarningMessage(jsonFile, error) {
+function translateErrorMessage(jsonFile, error) {
    const relativeJsonFile = getRelativePathFromWorkspace(jsonFile);
-    const mainWarning = `Failed to submit dependency graph ${relativeJsonFile}.\n${String(error)}`;
+    const mainWarning = `Dependency submission failed for ${relativeJsonFile}.\n${String(error)}`;
    if (error.message === 'Resource not accessible by integration') {
        return `${mainWarning}
 Please ensure that the 'contents: write' permission is available for the workflow job.
@ -137571,6 +137573,12 @@ function findDependencyGraphFiles(dir) {
        return graphFiles;
    });
 }
+function warnOrFail(option, error) {
+    if (!(0, input_params_1.getDependencyGraphContinueOnFailure)()) {
+        throw new errors_1.PostActionJobFailure(error);
+    }
+    core.warning(`Failed to ${option} dependency graph. Will continue.\n${String(error)}`);
+}
 function getOctokit() {
    return github.getOctokit(getGithubToken());
 }
@ -137622,6 +137630,30 @@ function sanitize(value) {
 }


+/***/ }),
+
+/***/ 36976:
+/***/ ((__unused_webpack_module, exports) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.PostActionJobFailure = void 0;
+class PostActionJobFailure extends Error {
+    constructor(error) {
+        if (error instanceof Error) {
+            super(error.message);
+            this.name = error.name;
+            this.stack = error.stack;
+        }
+        else {
+            super(String(error));
+        }
+    }
+}
+exports.PostActionJobFailure = PostActionJobFailure;
+
+
 /***/ }),

 /***/ 23885:
@ -137653,7 +137685,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.JobSummaryOption = exports.DependencyGraphOption = exports.parseNumericInput = exports.getArtifactRetentionDays = exports.getDependencyGraphOption = exports.getPRCommentOption = exports.getJobSummaryOption = exports.isJobSummaryEnabled = exports.getGithubToken = exports.getJobMatrix = exports.getArguments = exports.getGradleVersion = exports.getBuildRootDirectory = exports.getCacheExcludes = exports.getCacheIncludes = exports.getCacheEncryptionKey = exports.isCacheCleanupEnabled = exports.isCacheDebuggingEnabled = exports.isCacheStrictMatch = exports.isCacheOverwriteExisting = exports.isCacheWriteOnly = exports.isCacheReadOnly = exports.isCacheDisabled = void 0;
+exports.JobSummaryOption = exports.DependencyGraphOption = exports.parseNumericInput = exports.getArtifactRetentionDays = exports.getDependencyGraphContinueOnFailure = exports.getDependencyGraphOption = exports.getPRCommentOption = exports.getJobSummaryOption = exports.isJobSummaryEnabled = exports.getGithubToken = exports.getJobMatrix = exports.getArguments = exports.getGradleVersion = exports.getBuildRootDirectory = exports.getCacheExcludes = exports.getCacheIncludes = exports.getCacheEncryptionKey = exports.isCacheCleanupEnabled = exports.isCacheDebuggingEnabled = exports.isCacheStrictMatch = exports.isCacheOverwriteExisting = exports.isCacheWriteOnly = exports.isCacheReadOnly = exports.isCacheDisabled = void 0;
 const core = __importStar(__nccwpck_require__(42186));
 const string_argv_1 = __nccwpck_require__(19663);
 function isCacheDisabled() {
@ -137758,6 +137790,10 @@ function getDependencyGraphOption() {
    throw TypeError(`The value '${val}' is not valid for 'dependency-graph'. Valid values are: [disabled, generate, generate-and-submit, generate-and-upload, download-and-submit]. The default value is 'disabled'.`);
 }
 exports.getDependencyGraphOption = getDependencyGraphOption;
+function getDependencyGraphContinueOnFailure() {
+    return getBooleanInput('dependency-graph-continue-on-failure', true);
+}
+exports.getDependencyGraphContinueOnFailure = getDependencyGraphContinueOnFailure;
 function getArtifactRetentionDays() {
    const val = core.getInput('artifact-retention-days');
    return parseNumericInput('artifact-retention-days', val, 0);
@ -138021,6 +138057,7 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.run = void 0;
 const core = __importStar(__nccwpck_require__(42186));
 const setupGradle = __importStar(__nccwpck_require__(18652));
+const errors_1 = __nccwpck_require__(36976);
 process.on('uncaughtException', e => handleFailure(e));
 function run() {
    return __awaiter(this, void 0, void 0, function* () {
@ -138028,6 +138065,10 @@ function run() {
            yield setupGradle.complete();
        }
        catch (error) {
+            if (error instanceof errors_1.PostActionJobFailure) {
+                core.setFailed(String(error));
+                return;
+            }
            handleFailure(error);
        }
    });
--- a/dist/post/index.js.map
+++ b/dist/post/index.js.map
--- a/src/dependency-graph.ts
+++ b/src/dependency-graph.ts
@ -10,7 +10,13 @@ import * as path from 'path'
 import fs from 'fs'

 import * as layout from './repository-layout'
-import {DependencyGraphOption, getJobMatrix, getArtifactRetentionDays} from './input-params'
+import {PostActionJobFailure} from './errors'
+import {
+    DependencyGraphOption,
+    getDependencyGraphContinueOnFailure,
+    getJobMatrix,
+    getArtifactRetentionDays
+} from './input-params'

 const DEPENDENCY_GRAPH_PREFIX = 'dependency-graph_'

@ -26,6 +32,7 @@ export async function setup(option: DependencyGraphOption): Promise<void> {

    core.info('Enabling dependency graph generation')
    core.exportVariable('GITHUB_DEPENDENCY_GRAPH_ENABLED', 'true')
+    core.exportVariable('GITHUB_DEPENDENCY_GRAPH_CONTINUE_ON_FAILURE', getDependencyGraphContinueOnFailure())
    core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR', getJobCorrelator())
    core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_ID', github.context.runId)
    core.exportVariable('GITHUB_DEPENDENCY_GRAPH_REF', github.context.ref)
@ -51,7 +58,7 @@ export async function complete(option: DependencyGraphOption): Promise<void> {
                await uploadDependencyGraphs(await findGeneratedDependencyGraphFiles())
        }
    } catch (e) {
-        core.warning(`Failed to ${option} dependency graph. Will continue. ${String(e)}`)
+        warnOrFail(option, e)
    }
 }

@ -78,7 +85,7 @@ async function downloadAndSubmitDependencyGraphs(): Promise<void> {
    try {
        await submitDependencyGraphs(await downloadDependencyGraphs())
    } catch (e) {
-        core.warning(`Download and submit dependency graph failed. Will continue. ${String(e)}`)
+        warnOrFail(DependencyGraphOption.DownloadAndSubmit, e)
    }
 }

@ -88,7 +95,7 @@ async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<v
            await submitDependencyGraphFile(jsonFile)
        } catch (error) {
            if (error instanceof RequestError) {
-                core.warning(buildWarningMessage(jsonFile, error))
+                throw new Error(translateErrorMessage(jsonFile, error))
            } else {
                throw error
            }
@ -96,9 +103,9 @@ async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<v
    }
 }

-function buildWarningMessage(jsonFile: string, error: RequestError): string {
+function translateErrorMessage(jsonFile: string, error: RequestError): string {
    const relativeJsonFile = getRelativePathFromWorkspace(jsonFile)
-    const mainWarning = `Failed to submit dependency graph ${relativeJsonFile}.\n${String(error)}`
+    const mainWarning = `Dependency submission failed for ${relativeJsonFile}.\n${String(error)}`
    if (error.message === 'Resource not accessible by integration') {
        return `${mainWarning}
 Please ensure that the 'contents: write' permission is available for the workflow job.
@ -160,6 +167,14 @@ async function findDependencyGraphFiles(dir: string): Promise<string[]> {
    return graphFiles
 }

+function warnOrFail(option: String, error: unknown): void {
+    if (!getDependencyGraphContinueOnFailure()) {
+        throw new PostActionJobFailure(error)
+    }
+
+    core.warning(`Failed to ${option} dependency graph. Will continue.\n${String(error)}`)
+}
+
 function getOctokit(): InstanceType<typeof GitHub> {
    return github.getOctokit(getGithubToken())
 }
--- a/src/errors.ts
+++ b/src/errors.ts
@ -0,0 +1,11 @@
+export class PostActionJobFailure extends Error {
+    constructor(error: unknown) {
+        if (error instanceof Error) {
+            super(error.message)
+            this.name = error.name
+            this.stack = error.stack
+        } else {
+            super(String(error))
+        }
+    }
+}
--- a/src/input-params.ts
+++ b/src/input-params.ts
@ -107,6 +107,10 @@ export function getDependencyGraphOption(): DependencyGraphOption {
    )
 }

+export function getDependencyGraphContinueOnFailure(): boolean {
+    return getBooleanInput('dependency-graph-continue-on-failure', true)
+}
+
 export function getArtifactRetentionDays(): number {
    const val = core.getInput('artifact-retention-days')
    return parseNumericInput('artifact-retention-days', val, 0)
--- a/src/post.ts
+++ b/src/post.ts
@ -1,5 +1,6 @@
 import * as core from '@actions/core'
 import * as setupGradle from './setup-gradle'
+import {PostActionJobFailure} from './errors'

 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
 // @actions/toolkit when a failed upload closes the file descriptor causing any in-process reads to
@ -13,6 +14,11 @@ export async function run(): Promise<void> {
    try {
        await setupGradle.complete()
    } catch (error) {
+        if (error instanceof PostActionJobFailure) {
+            core.setFailed(String(error))
+            return
+        }
+
        handleFailure(error)
    }
 }
--- a/src/resources/init-scripts/gradle-build-action.github-dependency-graph-gradle-plugin-apply.groovy
+++ b/src/resources/init-scripts/gradle-build-action.github-dependency-graph-gradle-plugin-apply.groovy
@ -9,7 +9,7 @@ buildscript {
    maven { url pluginRepositoryUrl }
  }
  dependencies {
-    classpath "org.gradle:github-dependency-graph-gradle-plugin:1.1.0"
+    classpath "org.gradle:github-dependency-graph-gradle-plugin:1.1.1"
  }
 }
 apply plugin: org.gradle.github.GitHubDependencyGraphPlugin
--- a/src/resources/init-scripts/gradle-build-action.github-dependency-graph.init.gradle
+++ b/src/resources/init-scripts/gradle-build-action.github-dependency-graph.init.gradle
@ -6,8 +6,13 @@ if (getVariable('GITHUB_DEPENDENCY_GRAPH_ENABLED') != "true") {
 }

 // Do not run for unsupported versions of Gradle
-if (GradleVersion.current().baseVersion < GradleVersion.version("5.0")) {
-  println "::warning::Dependency Graph is not supported for Gradle versions < 5.0. No dependency snapshot will be generated."
+def gradleVersion = GradleVersion.current().baseVersion
+if (gradleVersion < GradleVersion.version("5.2") ||
+    (gradleVersion >= GradleVersion.version("7.0") && gradleVersion < GradleVersion.version("7.1"))) {
+  if (getVariable('GITHUB_DEPENDENCY_GRAPH_CONTINUE_ON_FAILURE') != "true") {
+    throw new GradleException("Dependency Graph is not supported for ${gradleVersion}. No dependency snapshot will be generated.")
+  }
+  println "::warning::Dependency Graph is not supported for ${gradleVersion}. No dependency snapshot will be generated."
  return
 }

--- a/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy
+++ b/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/BaseInitScriptTest.groovy
@ -24,6 +24,7 @@ class BaseInitScriptTest extends Specification {
    static final TestGradleVersion GRADLE_5_X = new TestGradleVersion(GradleVersion.version('5.6.4'), 8, 12)
    static final TestGradleVersion GRADLE_6_NO_BUILD_SERVICE = new TestGradleVersion(GradleVersion.version('6.5.1'), 8, 14)
    static final TestGradleVersion GRADLE_6_X = new TestGradleVersion(GradleVersion.version('6.9.4'), 8, 15)
+    static final TestGradleVersion GRADLE_7_1 = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
    static final TestGradleVersion GRADLE_7_X = new TestGradleVersion(GradleVersion.version('7.6.2'), 8, 19)
    static final TestGradleVersion GRADLE_8_0 = new TestGradleVersion(GradleVersion.version('8.0.2'), 8, 19)
    static final TestGradleVersion GRADLE_8_X = new TestGradleVersion(GradleVersion.version('8.5'), 8, 19)
--- a/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestDependencyGraph.groovy
+++ b/test/init-scripts/src/test/groovy/com/gradle/gradlebuildaction/TestDependencyGraph.groovy
@ -1,11 +1,16 @@
 package com.gradle.gradlebuildaction

+import org.gradle.util.GradleVersion
+
 import static org.junit.Assume.assumeTrue

 class TestDependencyGraph extends BaseInitScriptTest {
    def initScript = 'gradle-build-action.github-dependency-graph.init.gradle'

-    static final List<TestGradleVersion> NO_DEPENDENCY_GRAPH_VERSIONS = [GRADLE_3_X, GRADLE_4_X]
+    static final TestGradleVersion GRADLE_5_1 = new TestGradleVersion(GradleVersion.version('5.1.1'), 8, 12)
+    static final TestGradleVersion GRADLE_7_0 = new TestGradleVersion(GradleVersion.version('7.0.1'), 8, 12)
+
+    static final List<TestGradleVersion> NO_DEPENDENCY_GRAPH_VERSIONS = [GRADLE_3_X, GRADLE_4_X, GRADLE_5_1, GRADLE_7_0]
    static final List<TestGradleVersion> DEPENDENCY_GRAPH_VERSIONS = ALL_VERSIONS - NO_DEPENDENCY_GRAPH_VERSIONS

    def "does not produce dependency graph when not enabled"() {
@ -56,7 +61,23 @@ class TestDependencyGraph extends BaseInitScriptTest {

        then:
        assert !reportsDir.exists()
-        assert result.output.contains("::warning::Dependency Graph is not supported")
+        assert result.output.contains("::warning::Dependency Graph is not supported for ${testGradleVersion}")
+
+        where:
+        testGradleVersion << NO_DEPENDENCY_GRAPH_VERSIONS
+    }
+
+    def "fails build when enabled for older Gradle versions if continue-on-failure is false"() {
+        assumeTrue testGradleVersion.compatibleWithCurrentJvm
+
+        when:
+        def vars = envVars
+        vars.put('GITHUB_DEPENDENCY_GRAPH_CONTINUE_ON_FAILURE', 'false')
+        def result = runAndFail(['help'], initScript, testGradleVersion.gradleVersion, [], vars)
+
+        then:
+        assert !reportsDir.exists()
+        assert result.output.contains("Dependency Graph is not supported for ${testGradleVersion}")

        where:
        testGradleVersion << NO_DEPENDENCY_GRAPH_VERSIONS
@ -109,6 +130,7 @@ class TestDependencyGraph extends BaseInitScriptTest {
    def getEnvVars() {
        return [
            GITHUB_DEPENDENCY_GRAPH_ENABLED: "true",
+            GITHUB_DEPENDENCY_GRAPH_CONTINUE_ON_FAILURE: "true",
            GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR: "CORRELATOR",
            GITHUB_DEPENDENCY_GRAPH_JOB_ID: "1",
            GITHUB_DEPENDENCY_GRAPH_REF: "main",