actions/dependency-submission/action.yml

name: Gradle Dependency Submission
description: Generates a dependency graph for a Gradle project and submits it via the Dependency Submission API

inputs:
  gradle-version:
    description: |
      Gradle version to use. If specified, this Gradle version will be downloaded, added to the PATH and used for invoking Gradle.
      If not provided, it is assumed that the project uses the Gradle Wrapper.      
    required: false
  build-root-directory:
    description: Path to the root directory of the build. Default is the root of the GitHub workspace.
    required: false
  cache-encryption-key:
    description: |
      A base64 encoded AES key used to encrypt the configuration-cache data. The key is exported as 'GRADLE_ENCRYPTION_KEY' for later steps. 
      A suitable key can be generated with `openssl rand -base64 16`.
      Configuration-cache data will not be saved/restored without an encryption key being provided.      
    required: false
  dependency-graph-action:
    description: |
      Specifies how the dependency-graph should be handled by this action. By default a dependency-graph will be generated and submitted.
      Valid values are:
        'generate-and-submit' (default): Generates a dependency graph for the project and submits it in the same Job.
        'generate-and-save': Generates a dependency graph for the project and saves it as a workflow artifact.
        'retrieve-and-submit': Retrieves a previously saved dependency-graph and submits it to the repository.

      The `generate-and-upload` and `download-and-submit` options are designed to be used in an untrusted workflow scenario,
      where the workflow generating the dependency-graph cannot (or should not) be given the `contents: write` permissions
      required to submit via the Dependency Submission API.      
    required: false
    default: 'generate-and-submit'

runs:
  using: "composite"
  steps:
    - name: Generate and submit dependency graph
      if: ${{ inputs.dependency-graph-action == 'generate-and-submit' }}
      uses: gradle/gradle-build-action@v3-beta
      with:
        dependency-graph: 'generate-and-submit'
        dependency-graph-continue-on-failure: false
        gradle-version: ${{ inputs.gradle-version }}
        build-root-directory: ${{ inputs.build-root-directory }}
        cache-encryption-key: ${{ inputs.cache-encryption-key }}
        arguments: |
          --no-configure-on-demand
          --dependency-verification=off
          --stacktrace
          :ForceDependencyResolutionPlugin_resolveAllDependencies          
    - name: Generate and save dependency graph
      if: ${{ inputs.dependency-graph-action == 'generate-and-save' }}
      uses: gradle/gradle-build-action@v3-beta
      with:
        dependency-graph: generate-and-upload
        dependency-graph-continue-on-failure: false
        gradle-version: ${{ inputs.gradle-version }}
        build-root-directory: ${{ inputs.build-root-directory }}
        cache-encryption-key: ${{ inputs.cache-encryption-key }}
        arguments: |
          --no-configure-on-demand
          --dependency-verification=off
          --stacktrace
          :ForceDependencyResolutionPlugin_resolveAllDependencies          
    - name: Download and submit dependency graph
      if: ${{ inputs.dependency-graph-action == 'retrieve-and-submit' }}
      uses: gradle/gradle-build-action@v3-beta
      with:
        dependency-graph: download-and-submit
        dependency-graph-continue-on-failure: false
        cache-disabled: true