Skip to content

Commit

Permalink
PI-2624 Enable Gradle configuration cache
Browse files Browse the repository at this point in the history
  • Loading branch information
marcus-bcl committed Nov 7, 2024
1 parent 9d9863c commit aa6b654
Show file tree
Hide file tree
Showing 12 changed files with 69 additions and 42 deletions.
15 changes: 7 additions & 8 deletions .github/actions/analyse/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,12 @@ name: Analyse
description: Publish test results to GitHub Actions, and analyse source code and results using Sonar

inputs:
token:
sonar-token:
description: Sonar token
required: true
gradle-encryption-key:
description: Gradle encryption key
required: true

runs:
using: "composite"
Expand Down Expand Up @@ -41,18 +44,14 @@ runs:
echo "ORG_GRADLE_PROJECT_version=$version" | tee -a "$GITHUB_ENV"
echo "version=$version" | tee -a "$GITHUB_OUTPUT"
- uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'

- uses: gradle/actions/setup-gradle@v4
- uses: ./.github/actions/setup-gradle
with:
cache-encryption-key: ${{ inputs.gradle-encryption-key }}
cache-read-only: true

- name: Sonar analysis
if: github.actor != 'dependabot[bot]'
run: ./gradlew sonar
shell: bash
env:
SONAR_TOKEN: ${{ inputs.token }}
SONAR_TOKEN: ${{ inputs.sonar-token }}
4 changes: 4 additions & 0 deletions .github/actions/cloud-platform-deploy/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ inputs:
ip-allowlists:
description: The HMPPS IP allow list groups to apply, in base64-encoded YAML format
required: true
gradle-encryption-key:
description: Gradle encryption key
required: true

runs:
using: composite
Expand All @@ -46,6 +49,7 @@ runs:
with:
project: ${{ inputs.project }}
version: ${{ inputs.version }}
gradle-encryption-key: ${{ inputs.gradle-encryption-key }}

- name: Authenticate
uses: ./.github/actions/cloud-platform-auth
Expand Down
12 changes: 5 additions & 7 deletions .github/actions/get-build-info/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ inputs:
version:
description: The version of the service to deploy
required: true
gradle-encryption-key:
description: Gradle encryption key
required: true

runs:
using: "composite"
Expand All @@ -20,15 +23,10 @@ runs:
with:
files: projects/${{ inputs.project }}/build.gradle.kts

- uses: actions/setup-java@v4
if: ${{ steps.gradle_file.outputs.files_exists == 'true' }}
with:
java-version: '21'
distribution: 'temurin'

- uses: gradle/actions/setup-gradle@v4
- uses: ./.github/actions/setup-gradle
if: ${{ steps.gradle_file.outputs.files_exists == 'true' }}
with:
cache-encryption-key: ${{ inputs.gradle-encryption-key }}
cache-read-only: true

- name: Get build info
Expand Down
28 changes: 28 additions & 0 deletions .github/actions/setup-gradle/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: Setup Gradle
description: Setup Java and Gradle actions

inputs:
cache-read-only:
description: |
When 'true', existing entries will be read from the cache but no entries will be written.
By default this value is 'false' for workflows on the GitHub default branch and 'true' for workflows on other branches.
required: false
default: ${{ github.event.repository != null && github.ref_name != github.event.repository.default_branch }}
cache-encryption-key:
description: |
A base64 encoded AES key used to encrypt the configuration-cache data. The key is exported as 'GRADLE_ENCRYPTION_KEY' for later steps.
A suitable key can be generated with `openssl rand -base64 16`.
Configuration-cache data will not be saved/restored without an encryption key being provided.
required: false

runs:
using: "composite"
steps:
- uses: actions/setup-java@v4
with:
java-version: 21
distribution: temurin
- uses: gradle/actions/setup-gradle@v4
with:
cache-encryption-key: ${{ inputs.cache-encryption-key }}
cache-read-only: ${{ inputs.cache-read-only }}
10 changes: 6 additions & 4 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ on:
force-deploy:
type: boolean
default: false
secrets:
GRADLE_ENCRYPTION_KEY:
required: true
description: Used for encrypting the Gradle cache. See https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#saving-configuration-cache-data
outputs:
version:
value: ${{ jobs.build-gradle.outputs.version }}
Expand Down Expand Up @@ -89,11 +93,9 @@ jobs:
changes: ${{ steps.check-changes.outputs.changes }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
- uses: ./.github/actions/setup-gradle
with:
java-version: '21'
distribution: 'temurin'
- uses: gradle/actions/setup-gradle@v4
cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}

- name: Set version
id: version
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ jobs:
build:
name: Build
uses: ./.github/workflows/build.yml
secrets:
GRADLE_ENCRYPTION_KEY: ${{ secrets.GRADLE_ENCRYPTION_KEY }}

post-build:
name: Post-build
Expand All @@ -29,7 +31,8 @@ jobs:
- uses: actions/checkout@v4
- uses: ./.github/actions/analyse
with:
token: ${{ secrets.SONAR_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}

lint:
name: Lint
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ jobs:
namespace: ${{ secrets.KUBE_NAMESPACE }}
token: ${{ secrets.KUBE_TOKEN }}
ip-allowlists: ${{ vars.HMPPS_IP_ALLOWLIST_GROUPS_YAML }}
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}

- uses: docker/login-action@v3
if: ${{ steps.check_files.outputs.files_exists == 'true' && steps.enabled.outputs.enabled == 'true' }}
Expand Down
9 changes: 2 additions & 7 deletions .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -67,15 +67,10 @@ jobs:
echo "has_rest_api=$(yq '. | has("api_path")' 'projects/${{ matrix.project }}/tech-docs/config/tech-docs.yml')" | tee -a "$GITHUB_OUTPUT"
echo "has_async_api=$(test -f 'projects/${{ matrix.project }}/tech-docs/source/asyncapi-reference.html.md.erb' && echo 'true' || echo 'false')" | tee -a "$GITHUB_OUTPUT"
- uses: actions/setup-java@v4
if: steps.check_config.outputs.has_rest_api == 'true' || steps.check_config.outputs.has_async_api == 'true'
with:
java-version: '21'
distribution: 'temurin'

- uses: gradle/actions/setup-gradle@v4
- uses: ./.github/actions/setup-gradle
if: steps.check_config.outputs.has_rest_api || steps.check_config.outputs.has_async_api
with:
cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
cache-read-only: true

- name: Host API specs
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ jobs:
with:
push: true
force-deploy: "${{ inputs.force-deploy || false }}"
secrets: inherit
secrets:
GRADLE_ENCRYPTION_KEY: ${{ secrets.GRADLE_ENCRYPTION_KEY }}

post-build:
name: Post-build
Expand All @@ -41,7 +42,8 @@ jobs:
- uses: actions/checkout@v4
- uses: ./.github/actions/analyse
with:
token: ${{ secrets.SONAR_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}

deploy-to-test:
name: Deploy to test
Expand Down
8 changes: 2 additions & 6 deletions .github/workflows/security.yml
Original file line number Diff line number Diff line change
Expand Up @@ -145,13 +145,9 @@ jobs:
- get-projects
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
java-version: 21
distribution: temurin

- uses: gradle/actions/setup-gradle@v4
- uses: ./.github/actions/setup-gradle
with:
cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
cache-read-only: true

- name: Build jars
Expand Down
8 changes: 2 additions & 6 deletions .github/workflows/templates.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,9 @@ jobs:
steps:
- uses: actions/checkout@v4

- uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'

- uses: gradle/actions/setup-gradle@v4
- uses: ./.github/actions/setup-gradle
with:
cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
cache-read-only: true

- name: Render project template
Expand Down
5 changes: 4 additions & 1 deletion gradle.properties
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
org.gradle.caching=true
org.gradle.parallel=true
org.gradle.caching=true
org.gradle.configuration-cache=true
org.gradle.configuration-cache.problems=warn
# Remove the above line once https://github.com/n0mer/gradle-git-properties/pull/235 is released
org.gradle.jvmargs=-Xmx4g "-XX:MaxMetaspaceSize=1g"
systemProp.sonar.host.url=https://sonarcloud.io
systemProp.sonar.organization=ministryofjustice
Expand Down

0 comments on commit aa6b654

Please sign in to comment.