gradle/actions/dependency-submission@v4 uses wrong plugin repository url

[gabrieljones]

gradle/actions/dependency-submission@v4 seems to be interfering with build plugin resolution somehow.

I also have pluginManagement { repositories { ... } } set correctly in settings.gradle.kts.

Logs

Both of these are Gradle 8.14. The apparent difference is plugin v1.3.2 vs v1.4.0. In both cases the dependency graph plugin is downloaded from the correct location. The subsequent build plugin resolutions started to ignore the pluginManagement.repositories settings for some reason. I downgraded to v1.3.2 and still got the same error.

Before (working) (Gradle: 8.14):

Starting a Gradle Daemon (subsequent builds will be faster)
Generating dependency graph into '/home/runner/_work/cep-delivery/cep-delivery/dependency-graph-reports/dependency_submission-dependency-submission.json'
Resolving dependency graph plugin 1.3.2 from plugin repository: https://<corp-mirror>/iq-gradle
Develocity plugins resolution: https://<corp-mirror>/iq-gradle
Accepting Gradle Terms of Use: https://gradle.com/help/legal-terms-of-use
Setting uploadInBackground: false
> Task :ForceDependencyResolutionPlugin_resolveProjectDependencies
> Task :delivery-config:ForceDependencyResolutionPlugin_resolveProjectDependencies
> Task :delivery-library:ForceDependencyResolutionPlugin_resolveProjectDependencies
> Task :ForceDependencyResolutionPlugin_resolveAllDependencies
Constructing renderer: org.gradle.github.dependencygraph.GitHubDependencyGraphRenderer

GitHubDependencyGraphRenderer: Wrote dependency snapshot to 
/home/runner/_work/cep-delivery/cep-delivery/dependency-graph-reports/dependency_submission-dependency-submission.json
gradle/actions: Writing build results to /home/runner/_work/_temp/.gradle-actions/build-results/__gradle_actions-1747167[58](https://github.<corp-mirror>.com/<corp-mirror>/cep-delivery/actions/runs/9742327/job/35181808#step:4:60)2803.json

BUILD SUCCESSFUL in 1m 33s

After (broken) (Gradle: 8.14):

Starting a Gradle Daemon (subsequent builds will be faster)
Generating dependency graph into '/home/runner/_work/cep-delivery/cep-delivery/dependency-graph-reports/dependency_submission-dependency-submission.json'
Resolving dependency graph plugin 1.4.0 from plugin repository: https://<corp-mirror>/iq-gradle
Gradle build state was reused from the configuration-cache: Dependency Graph file will not be generated.

FAILURE: Build failed with an exception.

* What went wrong:
Could not resolve all artifacts for configuration 'classpath'.
> Could not resolve com.gradle:develocity-gradle-plugin:4.0.1.
  Required by:
      unspecified:unspecified:unspecified
   > Could not resolve com.gradle:develocity-gradle-plugin:4.0.1.
      > Could not get resource 'https://plugins.gradle.org/m2/com/gradle/develocity-gradle-plugin/4.0.1/develocity-gradle-plugin-4.0.1.pom'.
         > Could not GET 'https://plugins.gradle.org/m2/com/gradle/develocity-gradle-plugin/4.0.1/develocity-gradle-plugin-4.0.1.pom'.
            > Connect to plugins.gradle.org:443 [plugins.gradle.org/104.16.72.101, plugins.gradle.org/104.16.73.101] failed: Connect timed out
> Could not resolve com.gradle:common-custom-user-data-gradle-plugin:2.1.
  Required by:
      unspecified:unspecified:unspecified
   > Could not resolve com.gradle:common-custom-user-data-gradle-plugin:2.1.
      > Could not get resource 'https://plugins.gradle.org/m2/com/gradle/common-custom-user-data-gradle-plugin/2.1/common-custom-user-data-gradle-plugin-2.1.pom'.
         > Could not GET 'https://plugins.gradle.org/m2/com/gradle/common-custom-user-data-gradle-plugin/2.1/common-custom-user-data-gradle-plugin-2.1.pom'.
            > Connect to plugins.gradle.org:443 [plugins.gradle.org/104.16.72.101, plugins.gradle.org/104.16.73.101] failed: Connect timed out

[gabrieljones]

How do I set dependency-graph-plugin.version to 1.3.2?

Edit: Answer dependency-submission.yml

    - name: Generate and submit dependency graph
      uses: gradle/actions/dependency-submission@v4
      env:
        DEPENDENCY_GRAPH_PLUGIN_VERSION: 1.3.2

Edit2: While this did allow me to change the version of dependency graph plugin it did not fix the build plugins resolving to the wrong url. I expect the build plugins to resolve to our corporate mirror, not to plugins.gradle.org.

[bigdaz]

The dependency-graph plugin is loaded via an init-script, and init-scripts are necessarily processed before settings.gradle.kts. This means that the init-script is not aware of the plugin repository you have configured.

You can set the plugin repository URL as documented here. Unfortunately this documentation hasn't been shared/migrated into the dependency-submission action docs.

[gabrieljones]

    - name: Generate and submit dependency graph
      uses: gradle/actions/dependency-submission@v4
      env:
        GRADLE_PLUGIN_REPOSITORY_URL: "https://<corp-repo>"

This correctly downloads the dependency graph plugin from the corp-repo, but the plugins specified in settings.gradle.kts are downloading from plugins.gradle.org which fails. Somehow gradle/actions/dependency-submission@v4 interferes with the pluginManagement.repositories block in settings.gradle.kts

[bigdaz]

@jprinet Can you please investigate this issue as part of your GHA work?

[jprinet]

Hi @gabrieljones, I am not able to reproduce your issue I could successfully generate and submit a dependency graph while having some required custom pluginManagement.repositories (example here)

I also attempted to override GRADLE_PLUGIN_REPOSITORY_URL with https://plugins.gradle.org/m2/ in case (I don't have a binary manager to configure a custom repository URL)

Could you share more details? Ideally relevant part of your settings.gradle.kts and workflow descriptor?