From 477be17b8d9e19930882d4219aafe081bce596c6 Mon Sep 17 00:00:00 2001
From: marko-bekhta <marko.prykladna@gmail.com>
Date: Tue, 16 Apr 2024 21:14:59 +0200
Subject: [PATCH] Update Develocity build scan configuration

---
 .github/workflows/atlas.yml                   |  4 +--
 .github/workflows/contributor-build.yml       |  4 +--
 ci/snapshot-publish.Jenkinsfile               |  2 +-
 ...rprise.gradle => gradle-develocity.gradle} | 25 ++++++++++++-------
 settings.gradle                               |  8 +++---
 5 files changed, 25 insertions(+), 18 deletions(-)
 rename gradle/{gradle-enterprise.gradle => gradle-develocity.gradle} (70%)

diff --git a/.github/workflows/atlas.yml b/.github/workflows/atlas.yml
index 5d6f742447..425acb8bd1 100644
--- a/.github/workflows/atlas.yml
+++ b/.github/workflows/atlas.yml
@@ -94,7 +94,7 @@ jobs:
           # WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
           # WARNING: As this runs on untrusted nodes, we use the same access key as for PRs:
           #          it has limited access, essentially it can only push build scans.
-          GRADLE_ENTERPRISE_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR || '' }}"
+          DEVELOCITY_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR || '' }}"
         run: ./ci/build-github.sh
         shell: bash
       - name: Publish Develocity build scan for previous build
@@ -103,7 +103,7 @@ jobs:
           ./gradlew buildScanPublishPrevious
         env:
           # WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
-          GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }}
       - name: Upload test reports (if Gradle failed)
         uses: actions/upload-artifact@v4
         if: failure()
diff --git a/.github/workflows/contributor-build.yml b/.github/workflows/contributor-build.yml
index 4fca587c84..23eea4c044 100644
--- a/.github/workflows/contributor-build.yml
+++ b/.github/workflows/contributor-build.yml
@@ -102,7 +102,7 @@ jobs:
           # Don't populate Develocity cache in pull requests as that's potentially dangerous
           POPULATE_REMOTE_GRADLE_CACHE: "${{ github.event_name == 'push' }}"
           # WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
-          GRADLE_ENTERPRISE_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY || '' }}"
+          DEVELOCITY_ACCESS_KEY: "${{ github.event_name == 'push' && secrets.GRADLE_ENTERPRISE_ACCESS_KEY || '' }}"
         run: ./ci/build-github.sh
         shell: bash
       - name: Publish Develocity build scan for previous build (pull request)
@@ -111,7 +111,7 @@ jobs:
           ./gradlew buildScanPublishPrevious
         env:
           # WARNING: exposes secrets, so must only be passed to a step that doesn't run unapproved code.
-          GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY_PR }}
       - name: Upload test reports (if Gradle failed)
         uses: actions/upload-artifact@v4
         if: failure()
diff --git a/ci/snapshot-publish.Jenkinsfile b/ci/snapshot-publish.Jenkinsfile
index be02d00d2e..12b64977ee 100644
--- a/ci/snapshot-publish.Jenkinsfile
+++ b/ci/snapshot-publish.Jenkinsfile
@@ -33,7 +33,7 @@ pipeline {
 				withCredentials([
 					usernamePassword(credentialsId: 'ossrh.sonatype.org', usernameVariable: 'hibernatePublishUsername', passwordVariable: 'hibernatePublishPassword'),
 					usernamePassword(credentialsId: 'plugins.gradle.org', usernameVariable: 'hibernatePluginPortalUsername', passwordVariable: 'hibernatePluginPortalPassword'),
-					string(credentialsId: 'ge.hibernate.org-access-key', variable: 'GRADLE_ENTERPRISE_ACCESS_KEY'),
+					string(credentialsId: 'ge.hibernate.org-access-key', variable: 'DEVELOCITY_ACCESS_KEY'),
 					string(credentialsId: 'release.gpg.passphrase', variable: 'SIGNING_PASS'),
 					file(credentialsId: 'release.gpg.private-key', variable: 'SIGNING_KEYRING')
 				]) {
diff --git a/gradle/gradle-enterprise.gradle b/gradle/gradle-develocity.gradle
similarity index 70%
rename from gradle/gradle-enterprise.gradle
rename to gradle/gradle-develocity.gradle
index cbc92874ce..25660c40d2 100644
--- a/gradle/gradle-enterprise.gradle
+++ b/gradle/gradle-develocity.gradle
@@ -36,21 +36,28 @@ static java.util.Optional<String> getSetting(String name) {
     return java.util.Optional.ofNullable(sysProp);
 }
 
-gradleEnterprise {
+develocity {
     server = 'https://ge.hibernate.org'
 
     buildScan {
-        captureTaskInputFiles = true
-        publishAlways()
-        publishIfAuthenticated()
+        capture {
+            fileFingerprints = true
+        }
+        publishing.onlyIf { it.authenticated }
+
+        obfuscation {
+            // Don't share ip addresses
+            ipAddresses { addresses -> addresses.collect { address -> "0.0.0.0" } }
+        }
 
         uploadInBackground = !settings.ext.isCiEnvironment
 
-        tag "jdk-${extensions.jdkVersions.test.launcher}"
-        tag extensions.db
-        value 'database', extensions.db
-        if ( extensions.hasProperty( 'ci.node' ) ) {
-            tag extensions.property( 'ci.node' )
+        tag "jdk-${settings.extensions.jdkVersions.test.launcher}"
+        tag settings.extensions.db
+        value 'database', settings.extensions.db
+
+        if ( settings.extensions.findByName( 'ci.node' ) ) {
+            tag settings.extensions.findByName( 'ci.node' )
         }
     }
 }
\ No newline at end of file
diff --git a/settings.gradle b/settings.gradle
index 0bfd71cd46..35541d2bd7 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -20,7 +20,7 @@ pluginManagement {
 plugins {
     id 'org.hibernate.orm.build.env-settings'
     id 'org.hibernate.orm.build.jdks-settings'
-    id 'com.gradle.enterprise' version '3.17'
+    id 'com.gradle.develocity' version '3.17.1'
     id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.0'
 }
 
@@ -284,7 +284,7 @@ String overrideableVersion(String settingName, String defaultVersion) {
 
 rootProject.name = 'hibernate-orm'
 
-apply from: file( 'gradle/gradle-enterprise.gradle' )
+apply from: file( 'gradle/gradle-develocity.gradle' )
 
 if ( !JavaVersion.current().java11Compatible ) {
     throw new GradleException( "Gradle must be run with Java 11 or later" )
@@ -295,10 +295,10 @@ buildCache {
         // do not use local build cache for CI jobs, period!
         enabled = !settings.ext.isCiEnvironment
     }
-    remote(gradleEnterprise.buildCache) {
+    remote(develocity.buildCache) {
         enabled = true
         // Check access key presence to avoid build cache errors on PR builds when access key is not present
-        def accessKey = System.getenv("GRADLE_ENTERPRISE_ACCESS_KEY")
+        def accessKey = System.getenv("DEVELOCITY_ACCESS_KEY")
         push = settings.ext.populateRemoteBuildCache && accessKey
     }
 }