mirror of
https://github.com/gradle/actions
synced 2024-11-27 11:52:24 +00:00
Update dependency-submission parameter for consistency
Instead of using 'dependency-graph-action' with some slightly better values, we now use 'dependency-graph' as the parameter name with a subset of the options available to 'setup-gradle'.
This commit is contained in:
parent
b2288963e8
commit
11fb430abc
4 changed files with 18 additions and 35 deletions
|
@ -20,6 +20,6 @@ jobs:
|
|||
uses: ./dependency-submission
|
||||
with:
|
||||
build-root-directory: .github/workflow-samples/groovy-dsl
|
||||
dependency-graph-action: generate-and-save
|
||||
dependency-graph: generate-and-upload
|
||||
env:
|
||||
GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository
|
||||
|
|
|
@ -20,4 +20,4 @@ jobs:
|
|||
- name: Download and submit dependency graph
|
||||
uses: ./dependency-submission
|
||||
with:
|
||||
dependency-graph-action: retrieve-and-submit
|
||||
dependency-graph: download-and-submit
|
||||
|
|
|
@ -62,7 +62,7 @@ jobs:
|
|||
cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
|
||||
|
||||
# Do not attempt to submit the dependency-graph. Save it as a workflow artifact.
|
||||
dependency-graph-action: generate-and-save
|
||||
dependency-graph: generate-and-upload
|
||||
```
|
||||
|
||||
## Integrating the `dependency-review-action`
|
||||
|
@ -107,8 +107,8 @@ This `contents: write` permission is [not available for any workflow that is tri
|
|||
This limitation is designed to prevent a malicious pull request from effecting repository changes.
|
||||
|
||||
Because of this restriction, we require 2 separate workflows in order to generate and submit a dependency graph:
|
||||
1. The first workflow runs directly against the pull request sources and will `generate-and-save` the dependency graph.
|
||||
2. The second workflow is triggered on `workflow_run` of the first workflow, and will `retrieve-and-submit` the previously saved dependency graph.
|
||||
1. The first workflow runs directly against the pull request sources and will `generate-and-upload` the dependency graph.
|
||||
2. The second workflow is triggered on `workflow_run` of the first workflow, and will `download-and-submit` the previously saved dependency graph.
|
||||
|
||||
***Main workflow file***
|
||||
```yaml
|
||||
|
@ -125,15 +125,15 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v4
|
||||
- name: Generate and submit dependency graph
|
||||
- name: Generate and save dependency graph
|
||||
uses: gradle/actions/dependency-submission@v3-beta
|
||||
with:
|
||||
dependency-graph-action: generate-and-save
|
||||
dependency-graph: generate-and-upload
|
||||
```
|
||||
|
||||
***Dependent workflow file***
|
||||
```yaml
|
||||
name: Retrieve and submit dependency graph
|
||||
name: Download and submit dependency graph
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
|
@ -147,10 +147,10 @@ jobs:
|
|||
submit-dependency-graph:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Retrieve and submit dependency graph
|
||||
- name: Download and submit dependency graph
|
||||
uses: gradle/actions/dependency-submission@v3-beta
|
||||
with:
|
||||
dependency-graph-action: retrieve-and-submit # Download saved dependency-graph and submit
|
||||
dependency-graph: download-and-submit # Download saved dependency-graph and submit
|
||||
```
|
||||
|
||||
### Integrating `dependency-review-action` for pull requests from public forked repositories
|
||||
|
@ -180,7 +180,7 @@ jobs:
|
|||
retry-on-snapshot-warnings-timeout: 600
|
||||
```
|
||||
|
||||
The `retry-on-snapshot-warnings-timeout` (in seconds) needs to be long enough to allow the entire `Generate and save dependency graph` and `Retrieve and submit dependency graph` workflows (above) to complete.
|
||||
The `retry-on-snapshot-warnings-timeout` (in seconds) needs to be long enough to allow the entire `Generate and save dependency graph` and `Download and submit dependency graph` workflows (above) to complete.
|
||||
|
||||
## Gradle version compatibility
|
||||
|
||||
|
|
|
@ -16,13 +16,13 @@ inputs:
|
|||
A suitable key can be generated with `openssl rand -base64 16`.
|
||||
Configuration-cache data will not be saved/restored without an encryption key being provided.
|
||||
required: false
|
||||
dependency-graph-action:
|
||||
dependency-graph:
|
||||
description: |
|
||||
Specifies how the dependency-graph should be handled by this action. By default a dependency-graph will be generated and submitted.
|
||||
Valid values are:
|
||||
'generate-and-submit' (default): Generates a dependency graph for the project and submits it in the same Job.
|
||||
'generate-and-save': Generates a dependency graph for the project and saves it as a workflow artifact.
|
||||
'retrieve-and-submit': Retrieves a previously saved dependency-graph and submits it to the repository.
|
||||
'generate-and-upload': Generates a dependency graph for the project and saves it as a workflow artifact.
|
||||
'download-and-submit': Retrieves a previously saved dependency-graph and submits it to the repository.
|
||||
|
||||
The `generate-and-upload` and `download-and-submit` options are designed to be used in an untrusted workflow scenario,
|
||||
where the workflow generating the dependency-graph cannot (or should not) be given the `contents: write` permissions
|
||||
|
@ -50,28 +50,11 @@ inputs:
|
|||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Generate and submit dependency graph
|
||||
if: ${{ inputs.dependency-graph-action == 'generate-and-submit' }}
|
||||
- name: Generate dependency graph
|
||||
if: ${{ inputs.dependency-graph == 'generate-and-submit' || inputs.dependency-graph == 'generate-and-upload' }}
|
||||
uses: gradle/actions/setup-gradle@v3-beta
|
||||
with:
|
||||
dependency-graph: 'generate-and-submit'
|
||||
dependency-graph-continue-on-failure: false
|
||||
gradle-version: ${{ inputs.gradle-version }}
|
||||
build-root-directory: ${{ inputs.build-root-directory }}
|
||||
cache-encryption-key: ${{ inputs.cache-encryption-key }}
|
||||
build-scan-publish: ${{ inputs.build-scan-publish }}
|
||||
build-scan-terms-of-service-url: ${{ inputs.build-scan-terms-of-service-url }}
|
||||
build-scan-terms-of-service-agree: ${{ inputs.build-scan-terms-of-service-agree }}
|
||||
arguments: |
|
||||
--no-configure-on-demand
|
||||
--dependency-verification=off
|
||||
:ForceDependencyResolutionPlugin_resolveAllDependencies
|
||||
${{ inputs.additional-arguments }}
|
||||
- name: Generate and save dependency graph
|
||||
if: ${{ inputs.dependency-graph-action == 'generate-and-save' }}
|
||||
uses: gradle/actions/setup-gradle@v3-beta
|
||||
with:
|
||||
dependency-graph: generate-and-upload
|
||||
dependency-graph: ${{ inputs.dependency-graph }}
|
||||
dependency-graph-continue-on-failure: false
|
||||
gradle-version: ${{ inputs.gradle-version }}
|
||||
build-root-directory: ${{ inputs.build-root-directory }}
|
||||
|
@ -85,7 +68,7 @@ runs:
|
|||
:ForceDependencyResolutionPlugin_resolveAllDependencies
|
||||
${{ inputs.additional-arguments }}
|
||||
- name: Download and submit dependency graph
|
||||
if: ${{ inputs.dependency-graph-action == 'retrieve-and-submit' }}
|
||||
if: ${{ inputs.dependency-graph == 'download-and-submit' }}
|
||||
uses: gradle/actions/setup-gradle@v3-beta
|
||||
with:
|
||||
dependency-graph: download-and-submit
|
||||
|
|
Loading…
Reference in a new issue