Provide cache-encryption-key as action input

This makes it easier for users to enable config-cache saving in their workflow.

Config-cache data will only be saved/restored when the key is provided,
and the key is exported as `GRADLE_ENCRYPTION_KEY` for use in subsequent steps.
This commit is contained in:
daz 2023-12-20 19:02:27 -07:00
parent ae24bf6608
commit a738af78ea
No known key found for this signature in database
3 changed files with 46 additions and 5 deletions

View file

@ -40,6 +40,13 @@ inputs:
required: false required: false
default: false default: false
cache-encryption-key:
description: |
A base64 encoded AES key used to encrypt the configuration-cache data. The key is exported as 'GRADLE_ENCRYPTION_KEY' for later steps.
A suitable key can be generated with `openssl rand -base64 16`.
Configuration-cache data will not be saved/restored without an encryption key being provided.
required: false
gradle-home-cache-includes: gradle-home-cache-includes:
description: Paths within Gradle User Home to cache. description: Paths within Gradle User Home to cache.
required: false required: false

View file

@ -1,5 +1,6 @@
import path from 'path' import path from 'path'
import fs from 'fs' import fs from 'fs'
import crypto from 'crypto'
import * as core from '@actions/core' import * as core from '@actions/core'
import * as glob from '@actions/glob' import * as glob from '@actions/glob'
@ -351,14 +352,43 @@ export class ConfigurationCacheEntryExtractor extends AbstractEntryExtractor {
* entry is not reusable. * entry is not reusable.
*/ */
async restore(listener: CacheListener): Promise<void> { async restore(listener: CacheListener): Promise<void> {
if (listener.fullyRestored) { if (!listener.fullyRestored) {
return super.restore(listener) core.info('Not restoring configuration-cache state, as Gradle User Home was not fully restored')
for (const cacheEntry of this.loadExtractedCacheEntries()) {
listener.entry(cacheEntry.pattern).markNotRestored('Gradle User Home not fully restored')
}
return
} }
core.info('Not restoring configuration-cache state, as Gradle User Home was not fully restored') if (!params.getCacheEncryptionKey()) {
for (const cacheEntry of this.loadExtractedCacheEntries()) { core.info('Not restoring configuration-cache state, as no encryption key was provided')
listener.entry(cacheEntry.pattern).markRequested('NOT_RESTORED') for (const cacheEntry of this.loadExtractedCacheEntries()) {
listener.entry(cacheEntry.pattern).markNotRestored('No encryption key provided')
}
return
} }
const encryptionKey = this.getAESEncryptionKey()
core.exportVariable('GRADLE_ENCRYPTION_KEY', encryptionKey)
return await super.restore(listener)
}
async extract(listener: CacheListener): Promise<void> {
if (!params.getCacheEncryptionKey()) {
core.info('Not saving configuration-cache state, as no encryption key was provided')
for (const cacheEntry of this.getExtractedCacheEntryDefinitions()) {
listener.entry(cacheEntry.pattern).markNotSaved('No encryption key provided')
}
return
}
await super.extract(listener)
}
private getAESEncryptionKey(): string | undefined {
const secret = params.getCacheEncryptionKey()
const key = crypto.pbkdf2Sync(secret, '', 1000, 16, 'sha256')
return key.toString('base64')
} }
/** /**

View file

@ -29,6 +29,10 @@ export function isCacheCleanupEnabled(): boolean {
return getBooleanInput('gradle-home-cache-cleanup') return getBooleanInput('gradle-home-cache-cleanup')
} }
export function getCacheEncryptionKey(): string {
return core.getInput('cache-encryption-key')
}
export function getCacheIncludes(): string[] { export function getCacheIncludes(): string[] {
return core.getMultilineInput('gradle-home-cache-includes') return core.getMultilineInput('gradle-home-cache-includes')
} }