Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

feat: add sbt dependency submission action #402

Merged
merged 3 commits into from
Feb 6, 2024
Merged

Conversation

tjsilver
Copy link
Contributor

@tjsilver tjsilver commented Jan 31, 2024

What is the purpose of this change?

Adds a workflow that updates the dependency graph with SBT dependencies, using the third party (from Scalacenter) SBT Dependency Submission workflow.

What is the value of this change and how do we measure success?

This wil allow Dependabot to report on vulnerabilites in Scala dependencies.

This has been tested on push to this branch and created a snapshot of the dependencies. (See them under snapshots > manifests > com.gu:janus... > resolved).

When it is run on main after this PR is merged, the Scala dependencies should appear in the dependency graph in this repo.

@tjsilver tjsilver changed the title feat: add dependency graph action feat: add sbt dependency submission action Feb 5, 2024
@tjsilver tjsilver marked this pull request as ready for review February 5, 2024 16:45
@tjsilver tjsilver requested review from adamnfish and a team February 5, 2024 16:45
name: Update Dependency Graph
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use v4 of actions/checkout?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good spot, this was the workflow recommended on the action's page, so will try in a follow-up PR.

@tjsilver tjsilver merged commit c161fed into main Feb 6, 2024
4 checks passed
@tjsilver tjsilver deleted the ts/af/dependency-graph branch February 6, 2024 09:42
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants