2024-04-04 22:38:14 +00:00
|
|
|
## The `dependency-submission` action
|
2024-01-22 22:35:22 +00:00
|
|
|
|
2024-04-04 22:38:14 +00:00
|
|
|
Generates and submits a dependency graph for a Gradle project, allowing GitHub to alert about reported vulnerabilities in your project dependencies.
|
2024-01-22 22:35:22 +00:00
|
|
|
|
|
|
|
The following workflow will generate a dependency graph for a Gradle project and submit it immediately to the repository via the
|
|
|
|
Dependency Submission API. For most projects, this default configuration should be all that you need.
|
|
|
|
|
|
|
|
Simply add this as a new workflow file to your repository (eg `.github/workflows/dependency-submission.yml`).
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
name: Dependency Submission
|
|
|
|
|
2024-04-18 15:39:15 +00:00
|
|
|
on:
|
|
|
|
push:
|
|
|
|
branches: ['main']
|
2024-01-22 22:35:22 +00:00
|
|
|
|
|
|
|
permissions:
|
|
|
|
contents: write
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
dependency-submission:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Checkout sources
|
|
|
|
uses: actions/checkout@v4
|
2024-04-05 20:45:05 +00:00
|
|
|
- name: Setup Java
|
|
|
|
uses: actions/setup-java@v4
|
|
|
|
with:
|
|
|
|
distribution: 'temurin'
|
|
|
|
java-version: 17
|
2024-01-22 22:35:22 +00:00
|
|
|
- name: Generate and submit dependency graph
|
2024-01-29 16:52:29 +00:00
|
|
|
uses: gradle/actions/dependency-submission@v3
|
2024-01-22 22:35:22 +00:00
|
|
|
```
|
|
|
|
|
2024-04-04 22:38:14 +00:00
|
|
|
See the [full action documentation](../docs/dependency-submission.md) for more advanced usage scenarios.
|