search

gradle / gradle-build-action

Execute your Gradle build and trigger dependency submission
https://github.com/marketplace/actions/gradle-build-action
MIT License
679 stars 97 forks source link

configuration cache doesn't appear to be saved #871

Closed xenoterracide closed 1 year ago

xenoterracide commented 1 year ago

at least from what this line, that otherwise had a cache hit told me

bigdaz commented 1 year ago

You're right. This functionality was disabled in v2.4.2. The underlying reason is detailed in this vulnerability report: https://github.com/gradle/gradle-build-action/security/advisories/GHSA-h3qr-39j9-4r5v

xenoterracide commented 1 year ago

someone should report the vulnerability at github that secrets should never be stored in environment variables (the real vulnerability, their code)... urgh. Also obnoxious that github does this when a repository doesn't use secrets, although they always inject their own... again their own vulnerability.