Update gradle-actions-caching library to v0.9.0 (#996)

## What's Changed

> [!IMPORTANT]
> **Cache invalidation:** The cache protocol version has been bumped to `v2`, invalidating all cache entries written by earlier releases. The first build after upgrading will not find existing caches and will repopulate them from scratch.

### Improvements
* **Consistent cache-entry names in reports** — every extracted cache entry now has a single, unique name reported identically on both restore and save. Previously the restore report could show a raw glob pattern (e.g. `caches/modules-*/files-*/*/*/*/*/`) instead of a friendly name like `dependencies`. Bundled entries are named by artifact type, per-file entries by their Gradle-User-Home-relative path, and per-project entries by `project-<rootProjectName>`.

sources/src/actions/dependency-submission/post.ts

@@ -1,6 +1,6 @@
 import * as setupGradle from '../../setup-gradle'
 
-import {CacheConfig, SummaryConfig} from '../../configuration'
+import {CacheConfig, DevelocityConfig, SummaryConfig} from '../../configuration'
 import {handlePostActionError} from '../../errors'
 import {forceExit} from '../../force-exit'
 
@@ -14,7 +14,7 @@ process.on('uncaughtException', e => handlePostActionError(e))
  */
 export async function run(): Promise<void> {
     try {
-        await setupGradle.complete(new CacheConfig(), new SummaryConfig())
+        await setupGradle.complete(new CacheConfig(), new DevelocityConfig(), new SummaryConfig())
     } catch (error) {
         handlePostActionError(error)
     }

sources/src/actions/setup-gradle/post.ts

@@ -1,7 +1,7 @@
 import * as setupGradle from '../../setup-gradle'
 import * as dependencyGraph from '../../dependency-graph'
 
-import {CacheConfig, DependencyGraphConfig, SummaryConfig} from '../../configuration'
+import {CacheConfig, DependencyGraphConfig, DevelocityConfig, SummaryConfig} from '../../configuration'
 import {handlePostActionError} from '../../errors'
 import {emitDeprecationWarnings, restoreDeprecationState} from '../../deprecation-collector'
 import {forceExit} from '../../force-exit'
@@ -19,7 +19,7 @@ export async function run(): Promise<void> {
         restoreDeprecationState()
         emitDeprecationWarnings()
 
-        if (await setupGradle.complete(new CacheConfig(), new SummaryConfig())) {
+        if (await setupGradle.complete(new CacheConfig(), new DevelocityConfig(), new SummaryConfig())) {
             // Only submit the dependency graphs once per job
             await dependencyGraph.complete(new DependencyGraphConfig())
         }

sources/src/cache-service.ts

@@ -8,6 +8,8 @@ export interface CacheOptions {
     strictMatch: boolean
     cleanup: string
     encryptionKey?: string
+    develocityAccessToken?: string
+    develocityServerUrl?: string
     includes: string[]
     excludes: string[]
 }
@@ -27,6 +29,13 @@ export type CacheCleanupStatus =
     | 'disabled-config-cache-hit'
     | 'disabled-readonly'
 
+export type ProjectCacheStatus =
+    | 'not-enabled' // the hidden opt-in env var was not set (rendered as nothing)
+    | 'trial-expired' // past the hard trial expiry
+    | 'trial-not-licensed' // Develocity trial token missing or invalid
+    | 'no-encryption-key' // Cannot store due to missing encryption key
+    | 'enabled' // Trial in effect: will attempt to save project state
+
 export interface CacheEntryReport {
     entryName: string
     requestedKey?: string
@@ -47,6 +56,7 @@ export interface CacheEntryReport {
 export interface CacheReport {
     status: CacheStatus
     cleanup?: CacheCleanupStatus
+    projectCache?: ProjectCacheStatus
     entries: CacheEntryReport[]
 }
 

sources/src/caching-report.ts

@@ -1,4 +1,4 @@
-import {CacheCleanupStatus, CacheEntryReport, CacheReport, CacheStatus} from './cache-service'
+import {CacheCleanupStatus, CacheEntryReport, CacheReport, CacheStatus, ProjectCacheStatus} from './cache-service'
 
 const DOCS = 'https://github.com/gradle/actions/blob/main/docs/setup-gradle.md'
 const DISTRIBUTION = 'https://github.com/gradle/actions/blob/main/DISTRIBUTION.md'
@@ -28,6 +28,14 @@ const CLEANUP_COPY: Record<CacheCleanupStatus, string> = {
     'disabled-readonly': `[Cache cleanup](${DOCS}#configuring-cache-cleanup) is always disabled when the cache is read-only.`
 }
 
+const PROJECT_CACHE_COPY: Record<ProjectCacheStatus, string> = {
+    'not-enabled': ``,
+    'trial-expired': `Project state (build-logic and configuration cache) was not cached - the Develocity caching trial has expired.`,
+    'trial-not-licensed': `Project state (build-logic and configuration cache) was not cached - a develocity-access-key and develocity-server-url is required.`,
+    'no-encryption-key': `Project state (build-logic and configuration cache) was not cached - a [cache-encryption-key](${DOCS}#cache-encryption-key) is required.`,
+    enabled: `Caching of project state (build-logic and configuration cache) was enabled.`
+}
+
 /**
  * Renders a cache report into the unified Job Summary markdown, with a consistent
  * skeleton across every variant: a section heading, a status line, an integrated
@@ -69,6 +77,11 @@ function renderCleanupLine(cleanup?: CacheCleanupStatus): string | undefined {
     return cleanup ? CLEANUP_COPY[cleanup] : undefined
 }
 
+function renderProjectCacheLine(projectCache?: ProjectCacheStatus): string | undefined {
+    // PROJECT_CACHE_COPY['not-enabled'] is '', which the .filter(Boolean) at the call site drops.
+    return projectCache ? PROJECT_CACHE_COPY[projectCache] : undefined
+}
+
 function renderProviderNote(providerNote?: ProviderNote): string | undefined {
     if (!providerNote) {
         return undefined
@@ -88,9 +101,10 @@ function renderDetails(report: CacheReport): string {
         : `Entries: ${restored} restored, ${saved} saved - Expand for more details`
 
     const cleanup = report.status === 'enabled' ? renderCleanupLine(report.cleanup) : undefined
+    const projectCache = renderProjectCacheLine(report.projectCache)
     const table = renderEntryTable(report.entries)
     const pre = `<pre>\n${renderEntryDetails(report.entries)}</pre>`
-    const body = [STATUS_COPY[report.status], cleanup, table, pre].filter(Boolean).join('\n\n')
+    const body = [STATUS_COPY[report.status], cleanup, projectCache, table, pre].filter(Boolean).join('\n\n')
 
     return `<details>
 <summary>${summary}</summary>

sources/src/develocity/build-scan.ts

@@ -1,8 +1,7 @@
 import * as core from '@actions/core'
 import {DevelocityConfig} from '../configuration'
-import {setupToken} from './short-lived-token'
 
-export async function setup(config: DevelocityConfig): Promise<void> {
+export function setup(config: DevelocityConfig): void {
     maybeExportVariable('DEVELOCITY_INJECTION_INIT_SCRIPT_NAME', 'gradle-actions.inject-develocity.init.gradle')
     maybeExportVariable('DEVELOCITY_INJECTION_CUSTOM_VALUE', 'gradle-actions')
 
@@ -39,12 +38,6 @@ export async function setup(config: DevelocityConfig): Promise<void> {
         maybeExportVariable('DEVELOCITY_INJECTION_TERMS_OF_USE_URL', config.getTermsOfUseUrl())
         maybeExportVariable('DEVELOCITY_INJECTION_TERMS_OF_USE_AGREE', config.getTermsOfUseAgree())
     }
-
-    return setupToken(
-        config.getDevelocityAccessKey(),
-        config.getDevelocityAllowUntrustedServer(),
-        config.getDevelocityTokenExpiry()
-    )
 }
 
 function maybeExportVariable(variableName: string, value: unknown): void {

sources/src/develocity/short-lived-token.ts

@@ -3,28 +3,41 @@ import * as httpm from '@actions/http-client'
 import {DevelocityConfig} from '../configuration'
 import {recordDeprecation} from '../deprecation-collector'
 
-export async function setupToken(
+/**
-    develocityAccessKey: string,
+ * Exchange the configured Develocity access key(s) for short-lived tokens, export them as the access
-    develocityAllowUntrustedServer: boolean | undefined,
+ * key env vars, and return the short-lived token matching the configured Develocity server URL (for
-    develocityTokenExpiry: string
+ * use as the `develocityAccessToken` cache option). Returns `undefined` when there is no access key,
-): Promise<void> {
+ * token fetching fails, or no token matches the configured server.
-    if (develocityAccessKey) {
+ */
-        try {
+export async function setupToken(config: DevelocityConfig): Promise<string | undefined> {
-            core.debug('Fetching short-lived token...')
+    const develocityAccessKey = config.getDevelocityAccessKey()
-            const tokens = await getToken(develocityAccessKey, develocityAllowUntrustedServer, develocityTokenExpiry)
+    if (!develocityAccessKey) {
-            if (tokens != null && !tokens.isEmpty()) {
+        return undefined
-                core.debug(`Got token(s), setting the access key env vars`)
-                const token = tokens.raw()
-                core.setSecret(token)
-                exportAccessKeyEnvVars(token)
-            } else {
-                handleMissingAccessToken()
-            }
-        } catch (e) {
-            handleMissingAccessToken()
-            core.warning(`Failed to fetch short-lived token, reason: ${e}`)
-        }
     }
+    try {
+        core.debug('Fetching short-lived token...')
+        const tokens = await getToken(
+            develocityAccessKey,
+            config.getDevelocityAllowUntrustedServer(),
+            config.getDevelocityTokenExpiry()
+        )
+        if (tokens != null && !tokens.isEmpty()) {
+            core.debug(`Got token(s), setting the access key env vars`)
+            const token = tokens.raw()
+            core.setSecret(token)
+            exportAccessKeyEnvVars(token)
+            for (const k of tokens.keys) {
+                core.setSecret(k.key)
+            }
+            const serverUrl = config.getDevelocityUrl()
+            return serverUrl ? resolveTokenForServer(tokens, serverUrl) : undefined
+        }
+        handleMissingAccessToken()
+    } catch (e) {
+        handleMissingAccessToken()
+        core.warning(`Failed to fetch short-lived token, reason: ${e}`)
+    }
+    return undefined
 }
 
 function exportAccessKeyEnvVars(value: string): void {
@@ -174,3 +187,20 @@ export class DevelocityAccessCredentials {
         return this.accessKeyRegexp.test(allKeys)
     }
 }
+
+/**
+ * Resolve the token whose hostname matches a given Develocity server URL. Returns `undefined`
+ * (fail-closed) when the server URL is empty or no token matches the server's host.
+ */
+export function resolveTokenForServer(tokens: DevelocityAccessCredentials, serverUrl: string): string | undefined {
+    if (!serverUrl) {
+        return undefined
+    }
+    let host: string
+    try {
+        host = new URL(serverUrl).hostname
+    } catch {
+        host = serverUrl // tolerate a bare hostname (no scheme)
+    }
+    return tokens.keys.find(k => k.hostname === host)?.key
+}

sources/src/job-summary.ts

@@ -13,6 +13,8 @@ export async function generateJobSummary(
     providerNote: ProviderNote | undefined,
     config: SummaryConfig
 ): Promise<void> {
+    core.startGroup('Generating Job Summary')
+
     const errors = renderErrors()
     if (errors) {
         core.summary.addRaw(errors)
@@ -23,19 +25,17 @@ export async function generateJobSummary(
     const summaryTable = renderSummaryTable(buildResults)
     const cachingReport = renderCachingReport(cacheReport, providerNote)
     const hasFailure = anyFailed(buildResults)
-    if (config.shouldGenerateJobSummary(hasFailure)) {
-        core.info('Generating Job Summary')
 
+    core.info(summaryTable)
+    core.info('============================')
+    core.info(cachingReport)
+
+    if (config.shouldGenerateJobSummary(hasFailure)) {
         core.summary.addRaw(summaryTable)
         core.summary.addRaw(cachingReport)
         await core.summary.write()
-    } else {
-        core.info('============================')
-        core.info(summaryTable)
-        core.info('============================')
-        core.info(cachingReport)
-        core.info('============================')
     }
+    core.endGroup()
 
     if (config.canAddPRComment()) {
         await minimizeObsoletePRComments()

sources/src/setup-gradle.ts

@@ -5,6 +5,7 @@ import * as path from 'path'
 import * as os from 'os'
 import * as jobSummary from './job-summary'
 import * as buildScan from './develocity/build-scan'
+import {setupToken} from './develocity/short-lived-token'
 
 import {loadBuildResults, markBuildResultsProcessed} from './build-results'
 import {getCacheService, getProviderNote} from './cache-service-loader'
@@ -21,6 +22,8 @@ import {initializeGradleUserHome} from './gradle-user-home'
 
 const GRADLE_SETUP_VAR = 'GRADLE_BUILD_ACTION_SETUP_COMPLETED'
 const GRADLE_USER_HOME = 'GRADLE_USER_HOME'
+// Short-lived Develocity token for the configured server, resolved during setup and reused on save.
+const DEVELOCITY_CACHE_TOKEN = 'DEVELOCITY_CACHE_TOKEN'
 
 export async function setup(
     cacheConfig: CacheConfig,
@@ -44,17 +47,27 @@ export async function setup(
 
     initializeGradleUserHome(userHome, gradleUserHome, cacheConfig.getCacheEncryptionKey())
 
+    // Exchange the long-lived access key(s) for short-lived tokens, resolving the token for the
+    // configured Develocity server and retaining it for the post-action (save) step.
+    const develocityServerUrl = develocityConfig.getDevelocityUrl() || undefined
+    const cacheToken = await setupToken(develocityConfig)
+    core.saveState(DEVELOCITY_CACHE_TOKEN, cacheToken ?? '')
+
     const cacheService = await getCacheService(cacheConfig)
-    await cacheService.restore(gradleUserHome, cacheOptionsFrom(cacheConfig))
+    await cacheService.restore(gradleUserHome, cacheOptionsFrom(cacheConfig, develocityServerUrl, cacheToken))
 
     await wrapperValidator.validateWrappers(wrapperValidationConfig, getWorkspaceDirectory(), gradleUserHome)
 
-    await buildScan.setup(develocityConfig)
+    buildScan.setup(develocityConfig)
 
     return true
 }
 
-export async function complete(cacheConfig: CacheConfig, summaryConfig: SummaryConfig): Promise<boolean> {
+export async function complete(
+    cacheConfig: CacheConfig,
+    develocityConfig: DevelocityConfig,
+    summaryConfig: SummaryConfig
+): Promise<boolean> {
     if (!core.getState(GRADLE_SETUP_VAR)) {
         core.info('Gradle setup post-action only performed for first gradle/actions step in workflow.')
         return false
@@ -64,8 +77,14 @@ export async function complete(cacheConfig: CacheConfig, summaryConfig: SummaryC
     const buildResults = loadBuildResults()
 
     const gradleUserHome = core.getState(GRADLE_USER_HOME)
+    const develocityServerUrl = develocityConfig.getDevelocityUrl() || undefined
+    const cacheToken = core.getState(DEVELOCITY_CACHE_TOKEN) || undefined
     const cacheService = await getCacheService(cacheConfig)
-    const cacheReport = await cacheService.save(gradleUserHome, buildResults, cacheOptionsFrom(cacheConfig))
+    const cacheReport = await cacheService.save(
+        gradleUserHome,
+        buildResults,
+        cacheOptionsFrom(cacheConfig, develocityServerUrl, cacheToken)
+    )
     await jobSummary.generateJobSummary(buildResults, cacheReport, getProviderNote(cacheConfig), summaryConfig)
 
     markBuildResultsProcessed()
@@ -75,7 +94,11 @@ export async function complete(cacheConfig: CacheConfig, summaryConfig: SummaryC
     return true
 }
 
-function cacheOptionsFrom(config: CacheConfig): CacheOptions {
+function cacheOptionsFrom(
+    config: CacheConfig,
+    develocityServerUrl: string | undefined,
+    develocityAccessToken: string | undefined
+): CacheOptions {
     return {
         disabled: config.isCacheDisabled(),
         readOnly: config.isCacheReadOnly(),
@@ -84,6 +107,8 @@ function cacheOptionsFrom(config: CacheConfig): CacheOptions {
         strictMatch: config.isCacheStrictMatch(),
         cleanup: config.getCacheCleanupOption(),
         encryptionKey: config.getCacheEncryptionKey() || undefined,
+        develocityAccessToken,
+        develocityServerUrl,
         includes: config.getCacheIncludes(),
         excludes: config.getCacheExcludes()
     }

sources/test/jest/caching-report.test.ts

@@ -79,6 +79,41 @@ describe('renderCachingReport', () => {
         expect(md).toContain('<summary>Entries: 1 restored, 0 saved - Expand for more details</summary>')
     })
 
+    it('renders the project-cache status line inside the details', () => {
+        const report: CacheReport = {
+            status: 'enabled',
+            cleanup: 'enabled',
+            projectCache: 'enabled',
+            entries: [entry()]
+        }
+        const md = renderCachingReport(report, ENHANCED)
+
+        const detailsBody = md.slice(md.indexOf('</summary>'))
+        expect(detailsBody).toContain(
+            'Caching of project state (build-logic and configuration cache) was enabled.'
+        )
+    })
+
+    it('renders nothing for the not-enabled project-cache status', () => {
+        const report: CacheReport = {
+            status: 'enabled',
+            cleanup: 'enabled',
+            projectCache: 'not-enabled',
+            entries: [entry()]
+        }
+        const md = renderCachingReport(report, ENHANCED)
+
+        expect(md).not.toContain('Project state')
+        expect(md).not.toContain('build-logic')
+    })
+
+    it('omits the project-cache line when the status is absent', () => {
+        const report: CacheReport = {status: 'enabled', cleanup: 'enabled', entries: [entry()]}
+        const md = renderCachingReport(report, ENHANCED)
+
+        expect(md).not.toContain('Project state')
+    })
+
     it('renders a compact disabled report with no note and no details', () => {
         const report: CacheReport = {status: 'disabled', entries: []}
         const md = renderCachingReport(report, undefined)

sources/test/jest/short-lived-token.test.ts

@@ -1,7 +1,7 @@
 import nock from "nock";
 import {describe, expect, it} from '@jest/globals'
 
-import {DevelocityAccessCredentials, getToken} from "../../src/develocity/short-lived-token";
+import {DevelocityAccessCredentials, getToken, resolveTokenForServer} from "../../src/develocity/short-lived-token";
 
 describe('short lived tokens', () => {
     it('parse valid access key should return an object', async () => {
@@ -134,3 +134,42 @@ describe('short lived tokens with retry', () => {
             .toBeNull()
     })
 })
+
+describe('resolveTokenForServer', () => {
+    const credentials = (...pairs: [string, string][]): DevelocityAccessCredentials =>
+        DevelocityAccessCredentials.of(pairs.map(([hostname, key]) => ({hostname, key})))
+
+    it('returns the token matching the server host from a full URL', () => {
+        const tokens = credentials(['ge.example.com', 'key1'], ['other', 'key2'])
+        expect(resolveTokenForServer(tokens, 'https://ge.example.com')).toBe('key1')
+    })
+
+    it('matches on hostname, ignoring scheme, port and path', () => {
+        const tokens = credentials(['ge.example.com', 'key1'])
+        expect(resolveTokenForServer(tokens, 'https://ge.example.com:8443/path')).toBe('key1')
+    })
+
+    it('tolerates a bare hostname with no scheme', () => {
+        const tokens = credentials(['ge.example.com', 'key1'])
+        expect(resolveTokenForServer(tokens, 'ge.example.com')).toBe('key1')
+    })
+
+    it('selects the matching token when multiple are present', () => {
+        const tokens = credentials(['dev', 'key1'], ['ge.example.com', 'key2'])
+        expect(resolveTokenForServer(tokens, 'https://ge.example.com')).toBe('key2')
+    })
+
+    it('returns undefined when no token matches the server host', () => {
+        const tokens = credentials(['ge.example.com', 'key1'])
+        expect(resolveTokenForServer(tokens, 'https://other.example.com')).toBeUndefined()
+    })
+
+    it('returns undefined for an empty server URL', () => {
+        const tokens = credentials(['ge.example.com', 'key1'])
+        expect(resolveTokenForServer(tokens, '')).toBeUndefined()
+    })
+
+    it('returns undefined when there are no tokens', () => {
+        expect(resolveTokenForServer(credentials(), 'https://ge.example.com')).toBeUndefined()
+    })
+})

sources/vendor/gradle-actions-caching/index.d.ts

@@ -37,6 +37,8 @@ export declare interface CacheOptions {
     strictMatch: boolean;
     cleanup: 'always' | 'on-success' | 'never';
     encryptionKey?: string;
+    develocityAccessToken?: string;
+    develocityServerUrl?: string;
     includes: string[];
     excludes: string[];
 }
@@ -45,12 +47,22 @@ export declare interface CacheOptions {
 export declare interface CacheReport {
     status: CacheStatus;
     cleanup?: CacheCleanupStatus;
+    projectCache?: ProjectCacheStatus;
     entries: CacheEntryReport[];
 }
 
 /** @public */
 export declare type CacheStatus = 'enabled' | 'read-only' | 'write-only' | 'disabled' | 'disabled-existing-home' | 'not-available';
 
+/**
+ * Status of project-entry caching (build-logic artifacts + configuration-cache data) for a run.
+ * The first three are set on restore (always ungated); the rest are set on save and reflect the
+ * two-tier gate (opt-in + Develocity trial, then encryption key + Gradle version). Still beta.
+ *
+ * @public
+ */
+declare type ProjectCacheStatus = 'not-enabled' | 'trial-expired' | 'trial-not-licensed' | 'no-encryption-key' | 'enabled';
+
 /** @public */
 export declare function restore(gradleUserHome: string, cacheOptions: CacheOptions): Promise<void>;
 

sources/vendor/gradle-actions-caching/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gradle-actions-caching",
-  "version": "0.7.0",
+  "version": "0.9.0",
   "type": "module",
   "main": "./index.js",
   "types": "./index.d.ts",