From 221ee68d4a42ee3c76b4f156545282d569b28766 Mon Sep 17 00:00:00 2001 From: "gu-dependency-graph-integrator[bot]" <156913822+gu-dependency-graph-integrator[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 08:18:57 +0000 Subject: [PATCH] Submit sbt dependencies to GitHub for vulnerability monitoring (#27647) * Add sbt-dependency-graph.yaml * Update sbt-dependency-graph.yaml --------- Co-authored-by: gu-dependency-graph-integrator[bot] <156913822+gu-dependency-graph-integrator[bot]@users.noreply.github.com> Co-authored-by: Daniel Clifton <110032454+DanielCliftonGuardian@users.noreply.github.com> --- .github/workflows/sbt-dependency-graph.yaml | 30 +++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/sbt-dependency-graph.yaml diff --git a/.github/workflows/sbt-dependency-graph.yaml b/.github/workflows/sbt-dependency-graph.yaml new file mode 100644 index 00000000000..809be3caffb --- /dev/null +++ b/.github/workflows/sbt-dependency-graph.yaml @@ -0,0 +1,30 @@ +name: Update Dependency Graph for sbt +on: + push: + branches: + - main + workflow_dispatch: +jobs: + dependency-graph: + runs-on: ubuntu-latest + steps: + - name: Checkout branch + id: checkout + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - name: Install Java + id: java + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.2.0 + with: + distribution: corretto + java-version: 17 + - name: Install sbt + id: sbt + uses: sbt/setup-sbt@8a071aa780c993c7a204c785d04d3e8eb64ef272 # v1.1.0 + - name: Submit dependencies + id: submit + uses: scalacenter/sbt-dependency-submission@64084844d2b0a9b6c3765f33acde2fbe3f5ae7d3 # v3.1.0 + - name: Log snapshot for user validation + id: validate + run: cat ${{ steps.submit.outputs.snapshot-json-path }} | jq + permissions: + contents: write