Update dependency-submission parameter for consistency

Instead of using 'dependency-graph-action' with some slightly better
values, we now use 'dependency-graph' as the parameter name with a subset
of the options available to 'setup-gradle'.
This commit is contained in:
daz 2024-01-29 09:48:54 -07:00
parent b2288963e8
commit 11fb430abc
No known key found for this signature in database
4 changed files with 18 additions and 35 deletions

View file

@ -20,6 +20,6 @@ jobs:
uses: ./dependency-submission uses: ./dependency-submission
with: with:
build-root-directory: .github/workflow-samples/groovy-dsl build-root-directory: .github/workflow-samples/groovy-dsl
dependency-graph-action: generate-and-save dependency-graph: generate-and-upload
env: env:
GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository

View file

@ -20,4 +20,4 @@ jobs:
- name: Download and submit dependency graph - name: Download and submit dependency graph
uses: ./dependency-submission uses: ./dependency-submission
with: with:
dependency-graph-action: retrieve-and-submit dependency-graph: download-and-submit

View file

@ -62,7 +62,7 @@ jobs:
cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
# Do not attempt to submit the dependency-graph. Save it as a workflow artifact. # Do not attempt to submit the dependency-graph. Save it as a workflow artifact.
dependency-graph-action: generate-and-save dependency-graph: generate-and-upload
``` ```
## Integrating the `dependency-review-action` ## Integrating the `dependency-review-action`
@ -107,8 +107,8 @@ This `contents: write` permission is [not available for any workflow that is tri
This limitation is designed to prevent a malicious pull request from effecting repository changes. This limitation is designed to prevent a malicious pull request from effecting repository changes.
Because of this restriction, we require 2 separate workflows in order to generate and submit a dependency graph: Because of this restriction, we require 2 separate workflows in order to generate and submit a dependency graph:
1. The first workflow runs directly against the pull request sources and will `generate-and-save` the dependency graph. 1. The first workflow runs directly against the pull request sources and will `generate-and-upload` the dependency graph.
2. The second workflow is triggered on `workflow_run` of the first workflow, and will `retrieve-and-submit` the previously saved dependency graph. 2. The second workflow is triggered on `workflow_run` of the first workflow, and will `download-and-submit` the previously saved dependency graph.
***Main workflow file*** ***Main workflow file***
```yaml ```yaml
@ -125,15 +125,15 @@ jobs:
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Generate and submit dependency graph - name: Generate and save dependency graph
uses: gradle/actions/dependency-submission@v3-beta uses: gradle/actions/dependency-submission@v3-beta
with: with:
dependency-graph-action: generate-and-save dependency-graph: generate-and-upload
``` ```
***Dependent workflow file*** ***Dependent workflow file***
```yaml ```yaml
name: Retrieve and submit dependency graph name: Download and submit dependency graph
on: on:
workflow_run: workflow_run:
@ -147,10 +147,10 @@ jobs:
submit-dependency-graph: submit-dependency-graph:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Retrieve and submit dependency graph - name: Download and submit dependency graph
uses: gradle/actions/dependency-submission@v3-beta uses: gradle/actions/dependency-submission@v3-beta
with: with:
dependency-graph-action: retrieve-and-submit # Download saved dependency-graph and submit dependency-graph: download-and-submit # Download saved dependency-graph and submit
``` ```
### Integrating `dependency-review-action` for pull requests from public forked repositories ### Integrating `dependency-review-action` for pull requests from public forked repositories
@ -180,7 +180,7 @@ jobs:
retry-on-snapshot-warnings-timeout: 600 retry-on-snapshot-warnings-timeout: 600
``` ```
The `retry-on-snapshot-warnings-timeout` (in seconds) needs to be long enough to allow the entire `Generate and save dependency graph` and `Retrieve and submit dependency graph` workflows (above) to complete. The `retry-on-snapshot-warnings-timeout` (in seconds) needs to be long enough to allow the entire `Generate and save dependency graph` and `Download and submit dependency graph` workflows (above) to complete.
## Gradle version compatibility ## Gradle version compatibility

View file

@ -16,13 +16,13 @@ inputs:
A suitable key can be generated with `openssl rand -base64 16`. A suitable key can be generated with `openssl rand -base64 16`.
Configuration-cache data will not be saved/restored without an encryption key being provided. Configuration-cache data will not be saved/restored without an encryption key being provided.
required: false required: false
dependency-graph-action: dependency-graph:
description: | description: |
Specifies how the dependency-graph should be handled by this action. By default a dependency-graph will be generated and submitted. Specifies how the dependency-graph should be handled by this action. By default a dependency-graph will be generated and submitted.
Valid values are: Valid values are:
'generate-and-submit' (default): Generates a dependency graph for the project and submits it in the same Job. 'generate-and-submit' (default): Generates a dependency graph for the project and submits it in the same Job.
'generate-and-save': Generates a dependency graph for the project and saves it as a workflow artifact. 'generate-and-upload': Generates a dependency graph for the project and saves it as a workflow artifact.
'retrieve-and-submit': Retrieves a previously saved dependency-graph and submits it to the repository. 'download-and-submit': Retrieves a previously saved dependency-graph and submits it to the repository.
The `generate-and-upload` and `download-and-submit` options are designed to be used in an untrusted workflow scenario, The `generate-and-upload` and `download-and-submit` options are designed to be used in an untrusted workflow scenario,
where the workflow generating the dependency-graph cannot (or should not) be given the `contents: write` permissions where the workflow generating the dependency-graph cannot (or should not) be given the `contents: write` permissions
@ -50,28 +50,11 @@ inputs:
runs: runs:
using: "composite" using: "composite"
steps: steps:
- name: Generate and submit dependency graph - name: Generate dependency graph
if: ${{ inputs.dependency-graph-action == 'generate-and-submit' }} if: ${{ inputs.dependency-graph == 'generate-and-submit' || inputs.dependency-graph == 'generate-and-upload' }}
uses: gradle/actions/setup-gradle@v3-beta uses: gradle/actions/setup-gradle@v3-beta
with: with:
dependency-graph: 'generate-and-submit' dependency-graph: ${{ inputs.dependency-graph }}
dependency-graph-continue-on-failure: false
gradle-version: ${{ inputs.gradle-version }}
build-root-directory: ${{ inputs.build-root-directory }}
cache-encryption-key: ${{ inputs.cache-encryption-key }}
build-scan-publish: ${{ inputs.build-scan-publish }}
build-scan-terms-of-service-url: ${{ inputs.build-scan-terms-of-service-url }}
build-scan-terms-of-service-agree: ${{ inputs.build-scan-terms-of-service-agree }}
arguments: |
--no-configure-on-demand
--dependency-verification=off
:ForceDependencyResolutionPlugin_resolveAllDependencies
${{ inputs.additional-arguments }}
- name: Generate and save dependency graph
if: ${{ inputs.dependency-graph-action == 'generate-and-save' }}
uses: gradle/actions/setup-gradle@v3-beta
with:
dependency-graph: generate-and-upload
dependency-graph-continue-on-failure: false dependency-graph-continue-on-failure: false
gradle-version: ${{ inputs.gradle-version }} gradle-version: ${{ inputs.gradle-version }}
build-root-directory: ${{ inputs.build-root-directory }} build-root-directory: ${{ inputs.build-root-directory }}
@ -85,7 +68,7 @@ runs:
:ForceDependencyResolutionPlugin_resolveAllDependencies :ForceDependencyResolutionPlugin_resolveAllDependencies
${{ inputs.additional-arguments }} ${{ inputs.additional-arguments }}
- name: Download and submit dependency graph - name: Download and submit dependency graph
if: ${{ inputs.dependency-graph-action == 'retrieve-and-submit' }} if: ${{ inputs.dependency-graph == 'download-and-submit' }}
uses: gradle/actions/setup-gradle@v3-beta uses: gradle/actions/setup-gradle@v3-beta
with: with:
dependency-graph: download-and-submit dependency-graph: download-and-submit