In case you missed it, Gradle configuration caching is no longer enabled by default in certain scenarios. Here’s what you need to know to ensure your builds leverage this feature effectively.
Important Note: To avoid potentially leaking secrets in the configuration-cache entry, the action will only save or restore configuration-cache data if the
cache-encryption-keyparameter is set.
Contents
- 1 What is Gradle Configuration Cache?
- 2 The Issue with Default Caching in GitHub Actions
- 3 Minimal Example: What Not to Do
- 4 The Solution: Enable Secure Configuration Caching
- 5 Avoid Improper Caching Configurations
- 6 Use the Correct Configuration
- 7 Results: Faster Builds with Secure Caching
- 8 Bonus: Dependency Graph Insights
What is Gradle Configuration Cache?
Gradle configuration cache is typically enabled using either:
- The CLI parameter:
gradle --configuration-cache - The gradle.properties file:
org.gradle.configuration-cache=true
Configuration caching can significantly reduce build times by reusing the results of the configuration phase between builds. However, recent changes require additional steps to ensure its functionality in environments like GitHub Actions.
The Issue with Default Caching in GitHub Actions
While optimizing my CI/CD pipeline for faster builds, I came across the following log message, which indicates that gradle’s configuration cache state is not saved because no encryption key was provided:
“Not saving configuration-cache state, as no encryption key was provided.”
Minimal Example: What Not to Do
Below is a minimal example of a GitHub Actions configuration. While functional, it lacks proper setup for Gradle configuration caching.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | jobs: build: runs-on: ubuntu-latest permissions: contents: write packages: write id-token: write steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v4 with: java-version: '17' distribution: 'temurin' # removed cache line - name: Setup Gradle uses: gradle/actions/setup-gradle@v4 with: dependency-graph: generate-and-submit # bonus - dependency graph cache-encryption-key: ${{ secrets.GRADLE_CACHE_ENCRYPTION_KEY }} |
The Solution: Enable Secure Configuration Caching
To resolve this issue, follow these steps to Generate a Valid Encryption Key:
Create a secure encryption key to protect your Gradle configuration cache:
1 | openssl rand -base64 16 |
Example output:
1 | fKLIcOtr1ieP7FwDspepqA== |
Save this key as a GitHub Actions secret:
- Navigate to Repository Settings > Secrets and variables > Actions.
- Add a new secret with the name
GRADLE_CACHE_ENCRYPTION_KEYand paste the generated key.
Avoid Improper Caching Configurations
These methods are less secure and conflict with configuration caching best practices.
- Avoid using
actions/cacheconfigured to cache the Gradle User Home, as described in this example. - Avoid using
actions/setup-javawith thecache: gradleoption, as described here.
Use the Correct Configuration
Here’s the updated configuration:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | jobs: build: runs-on: ubuntu-latest permissions: contents: write packages: write id-token: write steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v4 with: java-version: '17' distribution: 'temurin' # removed cache line - name: Setup Gradle uses: gradle/actions/setup-gradle@v4 with: dependency-graph: generate-and-submit # bonus - dependency graph cache-encryption-key: ${{ secrets.GRADLE_CACHE_ENCRYPTION_KEY }} |
Results: Faster Builds with Secure Caching
By implementing the above configuration, my build times improved significantly—from 13 minutes to 5,5 minutes.
Bonus: Dependency Graph Insights
While setting up your pipeline, you can also enable the dependency-graph feature. This will generate and submit a dependency graph to your GitHub project view, providing valuable insights into your project’s dependencies.