Set both DEVELOCITY_ACCESS_KEY and GRADLE_ENTERPRISE_ACCESS_KEY env vars

.github/workflows/integ-test-inject-develocity.yml

@@ -67,21 +67,28 @@ jobs:
       with:
         script: |
           core.setFailed('No Build Scan detected')
-    - name: Check short lived token
-      if: ${{ matrix.plugin-version == '3.17.3' }}
+    - name: Check short lived token (DEVELOCITY_ACCESS_KEY)
       run: "[ ${#DEVELOCITY_ACCESS_KEY} -gt 500 ] || (echo 'DEVELOCITY_ACCESS_KEY does not look like a short lived token'; exit 1)"
+    - name: Check short lived token (GRADLE_ENTERPRISE_ACCESS_KEY)
+      run: "[ ${#GRADLE_ENTERPRISE_ACCESS_KEY} -gt 500 ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY does not look like a short lived token'; exit 1)"
 
   inject-develocity-with-access-key:
     env:
       DEVELOCITY_INJECTION_ENABLED: true
       DEVELOCITY_URL: 'https://ge.solutions-team.gradle.com'
-      DEVELOCITY_PLUGIN_VERSION: 3.17.3
+      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
       DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0'
     strategy:
       fail-fast: false
       matrix:
         gradle: [current, 7.6.2, 6.9.4, 5.6.4]
         os: ${{fromJSON(inputs.runner-os)}}
+        plugin-version: [3.16.2, 3.17.3]
+        include:
+          - plugin-version: 3.16.2
+            accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
+          - plugin-version: 3.17.3
+            accessKeyEnv: DEVELOCITY_ACCESS_KEY
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout sources
@@ -105,8 +112,10 @@ jobs:
         id: gradle
         working-directory: .github/workflow-samples/no-ge
         run: gradle help
-      - name: Check short lived token
+      - name: Check short lived token (DEVELOCITY_ACCESS_KEY)
         run: "[ ${#DEVELOCITY_ACCESS_KEY} -gt 500 ] || (echo 'DEVELOCITY_ACCESS_KEY does not look like a short lived token'; exit 1)"
+      - name: Check short lived token (GRADLE_ENTERPRISE_ACCESS_KEY)
+        run: "[ ${#GRADLE_ENTERPRISE_ACCESS_KEY} -gt 500 ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY does not look like a short lived token'; exit 1)"
       - name: Check Build Scan url
         if: ${{ !steps.gradle.outputs.build-scan-url }}
         uses: actions/github-script@v7
@@ -118,10 +127,21 @@ jobs:
     env:
       DEVELOCITY_INJECTION_ENABLED: true
       DEVELOCITY_URL: 'https://localhost:3333/'
-      DEVELOCITY_PLUGIN_VERSION: 3.17.3
+      DEVELOCITY_PLUGIN_VERSION: ${{ matrix.plugin-version }}
       DEVELOCITY_CCUD_PLUGIN_VERSION: '2.0'
       # Access key also set as an env var, we want to check it does not leak
-      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+      ${{matrix.accessKeyEnv}}: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
+    strategy:
+      fail-fast: false
+      matrix:
+        gradle: [ current, 7.6.2, 6.9.4, 5.6.4 ]
+        os: ${{fromJSON(inputs.runner-os)}}
+        plugin-version: [ 3.16.2, 3.17.3 ]
+        include:
+          - plugin-version: 3.16.2
+            accessKeyEnv: GRADLE_ENTERPRISE_ACCESS_KEY
+          - plugin-version: 3.17.3
+            accessKeyEnv: DEVELOCITY_ACCESS_KEY
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
@@ -144,5 +164,7 @@ jobs:
         id: gradle
         working-directory: .github/workflow-samples/no-ge
         run: gradle help
-      - name: Check access key is blank
+      - name: Check access key is blank (DEVELOCITY_ACCESS_KEY)
         run: "[ \"${DEVELOCITY_ACCESS_KEY}\" == \"\" ] || (echo 'DEVELOCITY_ACCESS_KEY has leaked!'; exit 1)"
+      - name: Check access key is blank (GRADLE_ENTERPRISE_ACCESS_KEY)
+        run: "[ \"${GRADLE_ENTERPRISE_ACCESS_KEY}\" == \"\" ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY has leaked!'; exit 1)"

sources/src/configuration.ts

@@ -201,7 +201,12 @@ export class BuildScanConfig {
     }
 
     getDevelocityAccessKey(): string {
-        return core.getInput('develocity-access-key') || process.env['DEVELOCITY_ACCESS_KEY'] || ''
+        return (
+            core.getInput('develocity-access-key') ||
+            process.env['DEVELOCITY_ACCESS_KEY'] ||
+            process.env['GRADLE_ENTERPRISE_ACCESS_KEY'] ||
+            ''
+        )
     }
 
     getDevelocityTokenExpiry(): string {

sources/src/develocity/short-lived-token.ts

@@ -7,27 +7,30 @@ export async function setupToken(
     enforceUrl: string | undefined,
     develocityUrl: string | undefined
 ): Promise<void> {
-    const develocityAccesskeyEnvVar = 'DEVELOCITY_ACCESS_KEY'
     if (develocityAccessKey) {
         try {
             core.debug('Fetching short-lived token...')
             const tokens = await getToken(enforceUrl, develocityUrl, develocityAccessKey, develocityTokenExpiry)
             if (tokens != null && !tokens.isEmpty()) {
-                core.debug(`Got token(s), setting the ${develocityAccesskeyEnvVar} env var`)
+                core.debug(`Got token(s), setting the access key env vars`)
                 const token = tokens.raw()
                 core.setSecret(token)
-                core.exportVariable(develocityAccesskeyEnvVar, token)
+                exportAccessKeyEnvVars(token)
             } else {
                 // In case of not being able to generate a token we set the env variable to empty to avoid leaks
-                core.exportVariable(develocityAccesskeyEnvVar, '')
+                exportAccessKeyEnvVars('')
             }
         } catch (e) {
-            core.exportVariable(develocityAccesskeyEnvVar, '')
+            exportAccessKeyEnvVars('')
             core.warning(`Failed to fetch short-lived token, reason: ${e}`)
         }
     }
 }
 
+function exportAccessKeyEnvVars(value: string): void {
+    ;['DEVELOCITY_ACCESS_KEY', 'GRADLE_ENTERPRISE_ACCESS_KEY'].forEach(key => core.exportVariable(key, value))
+}
+
 export async function getToken(
     enforceUrl: string | undefined,
     serverUrl: string | undefined,