diff --git a/.github/workflows/dependency-submission-save.yml b/.github/workflows/dependency-submission-save.yml new file mode 100644 index 00000000..b34e9bb1 --- /dev/null +++ b/.github/workflows/dependency-submission-save.yml @@ -0,0 +1,30 @@ +name: Test dependency-submission save + +on: + workflow_dispatch: + push: + +permissions: + contents: read + +env: + GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true + +jobs: + dependency-submission-save: + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v4 + - name: Checkout gradle-build-action for samples + uses: actions/checkout@v4 + with: + repository: gradle/gradle-build-action + path: gradle-build-action + - name: Generate and save dependency graph + uses: ./dependency-submission + with: + build-root-directory: gradle-build-action/.github/workflow-samples/groovy-dsl + dependency-graph-action: generate-and-upload + env: + GITHUB_DEPENDENCY_GRAPH_REF: 'refs/tags/v0.0.1' # Use a different ref to avoid updating the real dependency graph for the repository diff --git a/.github/workflows/dependency-submission-submit.yml b/.github/workflows/dependency-submission-submit.yml new file mode 100644 index 00000000..aba1f441 --- /dev/null +++ b/.github/workflows/dependency-submission-submit.yml @@ -0,0 +1,23 @@ +name: Test dependency-submission submit + +on: + workflow_run: + workflows: ['Test dependency-submission save'] + types: [completed] + +permissions: + contents: write + +env: + GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true + +jobs: + dependency-submission-submit: + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v4 + - name: Download and submit dependency graph + uses: ./dependency-submission + with: + dependency-graph-action: download-and-submit diff --git a/.github/workflows/dependency-submission.yml b/.github/workflows/dependency-submission.yml index 62c3a76e..f6cbdd62 100644 --- a/.github/workflows/dependency-submission.yml +++ b/.github/workflows/dependency-submission.yml @@ -1,4 +1,4 @@ -name: Smoke test dependency-submission +name: Test dependency-submission on: workflow_dispatch: diff --git a/.github/workflows/setup-gradle.yml b/.github/workflows/setup-gradle.yml index 4a7ecd2c..960b7c86 100644 --- a/.github/workflows/setup-gradle.yml +++ b/.github/workflows/setup-gradle.yml @@ -1,4 +1,4 @@ -name: Smoke test setup-gradle +name: Test setup-gradle on: workflow_dispatch: diff --git a/dependency-submission/action.yml b/dependency-submission/action.yml index 9ef80842..c3c192bf 100644 --- a/dependency-submission/action.yml +++ b/dependency-submission/action.yml @@ -16,13 +16,26 @@ inputs: A suitable key can be generated with `openssl rand -base64 16`. Configuration-cache data will not be saved/restored without an encryption key being provided. required: false + dependency-graph-action: + description: | + Specifies how the dependency-graph should be handled by this action. By default a dependency-graph will be generated and submitted. + Valid values are: + 'generate-and-submit' (default): Generates a dependency graph for the project and submits it in the same Job. + 'generate-and-upload': Generates a dependency graph for the project and saves it as a workflow artifact. + 'download-and-submit': Downloads a previously saved dependency-graph and submits it to the repository. + + The `generate-and-upload` and `download-and-submit` options are designed to be used in an untrusted workflow scenario, + where the workflow generating the dependency-graph cannot (or should not) be given the `contents: write` permissions + required to submit via the Dependency Submission API. + required: false + default: 'generate-and-submit' runs: using: "composite" steps: - uses: gradle/gradle-build-action@v3-beta with: - dependency-graph: generate-and-submit + dependency-graph: ${{ inputs.dependency-graph-action }} dependency-graph-continue-on-failure: false gradle-version: ${{ inputs.gradle-version }} build-root-directory: ${{ inputs.build-root-directory }}