From ed14d8152a90e52f3901275ee5ba1fffca456e92 Mon Sep 17 00:00:00 2001 From: Arne Franken Date: Sat, 28 Sep 2024 19:53:05 +0200 Subject: [PATCH] Submit dependency versions for tracking Github security recommends this for every change on "main" --- .../upload-dependencies-of-dependenices.yml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/upload-dependencies-of-dependenices.yml diff --git a/.github/workflows/upload-dependencies-of-dependenices.yml b/.github/workflows/upload-dependencies-of-dependenices.yml new file mode 100644 index 00000000..90ae2b6e --- /dev/null +++ b/.github/workflows/upload-dependencies-of-dependenices.yml @@ -0,0 +1,32 @@ +name: "Dependency Submission API Upload" + +on: + push: + branches: [ main ] + +concurrency: + group: dependency-submission-${{ github.ref }} + cancel-in-progress: ${{ github.ref_name != 'main' }} + +jobs: + depSubmissionAPIUpload: + name: Analyze + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + with: + fetch-depth: 0 + - name: Set up JDK + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 + with: + java-version: 21 + distribution: 'temurin' + cache: 'maven' + - name: Build with Maven + run: ./mvnw -B -V -Dstyle.color=always clean verify + - name: Submit Dependency Snapshot + uses: advanced-security/maven-dependency-submission-action@v3