BREAKING CHANGE: Require cache_key input (#1792)

Fixes
github/continuous-ai-for-accessibility#39
(Hubber access only)

It’s common for someone to scan one site, then edit their workflow to
scan a different site. When this happens, if `cache_key` is not
provided, the results of the second site’s scan overwrite the first’s.
To avoid data loss, this PR makes `cache_key` a required input.

Allowed characters are `A-Za-z0-9._/-`, so these are all valid example
`cache_key` values:
- `cached_findings-main`
- `cached_findings-github.com-main.json`
- `github.com/settings-pages/cached_findings.json` (this creates
directories)

`cache_key` doesn’t need to be a hardcoded string. It can be generated
in an earlier workflow step, e.g.:
```YAML
- name: Generate cache key
  id: generate_cache_key
  shell: bash
  run: |
    CACHE_KEY=$(printf 'cached_findings-%s-%s.json' "${{ matrix.id }}" "${{ github.ref_name }}" | tr -cs 'A-Za-z0-9._-' '_')
    echo "cache_key=$CACHE_KEY" >> $GITHUB_OUTPUT
```

Author: smockle

README.md

@@ -96,7 +96,7 @@ Trigger the workflow manually or automatically based on your configuration. The
 | `urls` | Yes | Newline-delimited list of URLs to scan | `https://primer.style`<br>`https://primer.style/octicons` |
 | `repository` | Yes | Repository (with owner) for issues and PRs | `primer/primer-docs` |
 | `token` | Yes | PAT with write permissions (see above) | `${{ secrets.GH_TOKEN }}` |
-| `cache_key` | No | Custom key for caching findings across runs<br>Allowed: `A-Za-z0-9._/-` | `cached_findings-main-primer.style.json` |
+| `cache_key` | Yes | Key for caching findings across runs<br>Allowed: `A-Za-z0-9._/-` | `cached_findings-main-primer.style.json` |
 | `login_url` | No | If scanned pages require authentication, the URL of the login page | `https://github.com/login` |
 | `username` | No | If scanned pages require authentication, the username to use for login | `some-user` |
 | `password` | No | If scanned pages require authentication, the password to use for login | `correct-horse-battery-staple` |

action.yml

@@ -13,8 +13,8 @@ inputs:
     description: "Personal access token (PAT) with fine-grained permissions 'contents: write', 'issues: write', and 'pull_requests: write'"
     required: true
   cache_key:
-    description: "Custom key for caching findings across runs"
-    required: false
+    description: "Key for caching findings across runs"
+    required: true
   login_url:
     description: "If scanned pages require authentication, the URL of the login page"
     required: false
@@ -35,21 +35,11 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - name: Generate cache key
-      id: cache_key
-      shell: bash
-      run: |
-        CACHE_KEY="${{ inputs.cache_key }}"
-        if [[ -z "$CACHE_KEY" ]]; then
-          # If cache_key is not provided, generate a default one using the branch name, replacing characters (e.g. `/`) which would create unexpected paths.
-          CACHE_KEY=$(printf 'cached_findings-%s' "${{ github.ref_name }}" | tr -cs 'A-Za-z0-9._-' '_')
-        fi
-        echo "cache_key=$CACHE_KEY" >> $GITHUB_OUTPUT
     - name: Restore cached_findings
       id: restore
       uses: ./.github/actions/gh-cache/cache
       with:
-        key: ${{ steps.cache_key.outputs.cache_key }}
+        key: ${{ inputs.cache_key }}
         token: ${{ inputs.token }}
     - if: ${{ inputs.login_url && inputs.username && inputs.password && !inputs.auth_context }}
       name: Authenticate
@@ -84,7 +74,7 @@ runs:
     - name: Save cached_findings
       uses: ./.github/actions/gh-cache/cache
       with:
-        key: ${{ steps.cache_key.outputs.cache_key }}
+        key: ${{ inputs.cache_key }}
         value: ${{ steps.file.outputs.findings }}
         token: ${{ inputs.token }}