Enable Develocity build scans

.github/workflows/auto-spotless-check.yml

@@ -36,6 +36,8 @@ jobs:
 
       - name: Spotless
         run: ./gradlew spotlessApply
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
       - id: create-patch
         name: Create patch file

.github/workflows/build-common.yml

@@ -36,6 +36,8 @@ jobs:
 
       - name: Spotless
         run: ./gradlew spotlessCheck ${{ inputs.no-build-cache && '--no-build-cache' || '' }}
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
   build:
     runs-on: ubuntu-latest
@@ -55,6 +57,8 @@ jobs:
 
       - name: Build
         run: ./gradlew build -x spotlessCheck -x test ${{ inputs.no-build-cache && '--no-build-cache' || '' }}
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
       - name: Check for jApiCmp diffs
         # The jApiCmp diff compares current to latest, which isn't appropriate for release branches
@@ -117,6 +121,8 @@ jobs:
           "-Porg.gradle.java.installations.auto-download=false"
           "-PmaxTestRetries=${{ inputs.max-test-retries }}"
           ${{ inputs.no-build-cache && '--no-build-cache' || '' }}
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
       - name: Build scan
         if: ${{ !cancelled() && hashFiles('build-scan.txt') != '' }}

.github/workflows/build-daily.yml

@@ -14,6 +14,8 @@ jobs:
     uses: ./.github/workflows/build-common.yml
     with:
       no-build-cache: true
+    secrets:
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
   link-check:
     uses: ./.github/workflows/reusable-link-check.yml

.github/workflows/build.yml

@@ -12,6 +12,8 @@ permissions:
 jobs:
   common:
     uses: ./.github/workflows/build-common.yml
+    secrets:
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
   # Link check is disabled for push events to avoid unnecessary CI failures
   # (these failures will instead be captured by the daily scheduled run)
@@ -42,3 +44,4 @@ jobs:
           SONATYPE_KEY: ${{ secrets.SONATYPE_KEY }}
           GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
           GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}

.github/workflows/codeql.yml

@@ -63,6 +63,8 @@ jobs:
         # --no-daemon is required for codeql to observe the compilation
         # (see https://docs.github.com/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis#specifying-build-commands)
         run: ./gradlew assemble --no-build-cache --no-daemon
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
       - name: Perform CodeQL analysis
         uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v4.30.9

.github/workflows/copilot-setup-steps.yml

@@ -32,3 +32,5 @@ jobs:
 
       - name: Build project and download dependencies
         run: ./gradlew build -x test
+        env:
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}

.github/workflows/owasp-dependency-check-daily.yml

@@ -32,6 +32,7 @@ jobs:
       - run: ./gradlew dependencyCheckAnalyze
         env:
           NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
       - name: Upload report
         if: always()

.github/workflows/release.yml

@@ -13,6 +13,8 @@ permissions:
 jobs:
   common:
     uses: ./.github/workflows/build-common.yml
+    secrets:
+      DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
   release:
     permissions:
@@ -97,6 +99,7 @@ jobs:
           SONATYPE_KEY: ${{ secrets.SONATYPE_KEY }}
           GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
           GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
 
       - name: Download artifacts from Maven Central (when already published)
         if: ${{ inputs.already-published }}
@@ -240,6 +243,7 @@ jobs:
         env:
           VERSION: ${{ needs.release.outputs.version }}
           PRIOR_VERSION: ${{ needs.release.outputs.prior-version }}
+          DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
         run: |
           ./gradlew japicmp -PapiBaseVersion=$PRIOR_VERSION -PapiNewVersion=$VERSION
           ./gradlew --refresh-dependencies japicmp

settings.gradle.kts

@@ -24,11 +24,32 @@ dependencyResolutionManagement {
   }
 }
 
+val develocityServer = "https://develocity.opentelemetry.io"
+val isCI = System.getenv("CI") != null
+val develocityAccessKey = System.getenv("DEVELOCITY_ACCESS_KEY") ?: ""
+
+// if develocity access key is not given and we are in CI, then we publish to scans.gradle.com
+val useScansGradleCom = isCI && develocityAccessKey.isEmpty()
+
 develocity {
+  if (useScansGradleCom) {
+    buildScan {
+      termsOfUseUrl = "https://gradle.com/help/legal-terms-of-use"
+      termsOfUseAgree = "yes"
+    }
+  } else {
+    server = develocityServer
+    buildScan {
+      publishing.onlyIf { it.isAuthenticated }
+    }
+  }
+
   buildScan {
-    publishing.onlyIf { System.getenv("CI") != null }
-    termsOfUseUrl.set("https://gradle.com/help/legal-terms-of-use")
-    termsOfUseAgree.set("yes")
+    uploadInBackground = !isCI
+
+    capture {
+      fileFingerprints = true
+    }
 
     buildScanPublished {
       File("build-scan.txt").printWriter().use { writer ->
@@ -38,6 +59,14 @@ develocity {
   }
 }
 
+if (!useScansGradleCom) {
+  buildCache {
+    remote(develocity.buildCache) {
+      isPush = isCI && develocityAccessKey.isNotEmpty()
+    }
+  }
+}
+
 rootProject.name = "opentelemetry-java-contrib"
 
 include(":aws-resources")