search

gradle / gradle-build-action

Execute your Gradle build and trigger dependency submission
https://github.com/marketplace/actions/gradle-build-action
MIT License
671 stars 97 forks source link

Incorrect endpoint used to submit Dependency Graph on GitHub Enterprise #885

Closed n0rdy closed 1 year ago

n0rdy commented 1 year ago

Hello there!

Thanks for the development of this plugin, and especially for the recent Dependency Graph Submission feature - it's pretty useful to make Dependabot work with Gradle.

While configuring the workflow, I experienced the issue that happens in the post-action stage:

Warning: Unhandled error in Gradle post-action - job will continue: HttpError: Not Found
HttpError: Not Found
    at /runner/_work/_actions/gradle/gradle-build-action/v2/dist/post/index.js:50[98]
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

Some context:

jobs: gradle-action-detection: runs-on: [ ubuntu-latest ] permissions: contents: write steps:

The provided error happens for the Post Setup Gradle to generate and submit dependency graphs step.

Based on the logs, I can see that the error is originated here:

await submitDependencyGraphs(await uploadDependencyGraphs())

when the submitDependencyGraphs method is called.

I noticed that there is the exact endpoint hardcoded, so I wonder whether that could be somehow related to the differences between the regular GitHub and GitHub Enterprise: according to the GitHub Docs, there is a slight diff:

Maybe, it seems like this might be somehow resolved by the Octokit library you are using under the hood. However, I didn't manage to find the answer while browsing the codebase.

Also, I double-checked that:

Question: Is it me doing something wrong, or is it something that is not supported by this action?

Any help here is appreciated. Thanks a lot!

bigdaz commented 1 year ago

Thanks for your detailed report. I'm not able to test this action on GitHub Enterprise, so it's quite possible you've discovered a genuine issue.

It looks like we'll need to initialize Oktokit with your GitHub Enterprise server URL: https://github.com/octokit/octokit.js#constructor-options. The value should be available in the [GITHUB_SERVER_URL](https://docs.github.com/en/enterprise-cloud@latest/actions/learn-github-actions/variables#default-environment-variables) environment variable.

If you could fork the action, try this out, and submit a PR, that would really help.

n0rdy commented 1 year ago

Thanks for your detailed report. I'm not able to test this action on GitHub Enterprise, so it's quite possible you've discovered a genuine issue.

It looks like we'll need to initialize Oktokit with your GitHub Enterprise server URL: https://github.com/octokit/octokit.js#constructor-options. The value should be available in the [GITHUB_SERVER_URL](https://docs.github.com/en/enterprise-cloud@latest/actions/learn-github-actions/variables#default-environment-variables) environment variable.

If you could fork the action, try this out, and submit a PR, that would really help.

Hey! Thanks for the reply. I'll try to do the suggested fork approach, but it will take some time due to the security processes.

bigdaz commented 1 year ago

No problem. This should already be fixed on the main branch, and I plan to release a 2.8.1 with the fix shortly.

bigdaz commented 1 year ago

@n0rdy I've released v2.8.1 (aliased to v2) with the fix. It would be helpful if you could test and confirm that Dependency Submission now works for you on GitHub Enterprise.

n0rdy commented 1 year ago

@n0rdy I've released v2.8.1 (aliased to v2) with the fix. It would be helpful if you could test and confirm that Dependency Submission now works for you on GitHub Enterprise.

I gave it a try: the error is gone and the dependency graph was submitted - thanks a lot!

The Dependabot security update failed with the same error as I described within the issue report to another dependency submission action library, but I guess it's the issue on the Dependabot end.

Thanks again for the fix!