actions/gradle
1
0
Fork 0
mirror of https://github.com/gradle/actions.git synced 2026-03-24 12:54:31 +08:00
Code Issues Packages Projects Releases Wiki Activity
gradle/dependency-submission
History
Leonard Brünings 9e6b5adc6e
Add typing information for use by typesafegithub (#814) 
Introduces type descriptor YAML files for GitHub
Actions in the repository, improving type safety and documentation for
action inputs and outputs. It also adds a new GitHub Actions workflow to
validate these typings automatically on pushes and pull requests. The
changes are grouped into the addition of type descriptor files for
various actions and the automation of their validation.

https://github.com/typesafegithub/github-actions-typing

**Type descriptor files for GitHub Actions:**

* Added `action-types.yml` files to `setup-gradle`,
`dependency-submission`, and `wrapper-validation` actions, specifying
input and output types for each action to improve type safety and
documentation.
[[1]](diffhunk://#diff-542de74831b6dc1954ff20a4c329b170053c82087ea7df742bd536156133f25bR1-R171)
[[2]](diffhunk://#diff-44708a3af3d0f3cfed1873f9b77d7e815c6c14e941fa3dd5ed08835a69d67855R1-R146)
[[3]](diffhunk://#diff-3fe1028d7aa5ee815c90fa580d4f62e646f0b9a4b7372f227fc131a56948ace0R1-R17)

**Automation and validation:**

* Introduced a new GitHub Actions workflow
`.github/workflows/ci-validate-typings.yml` to automatically validate
action typings on pushes to `main` and `release/**` branches, as well as
on pull requests. This uses the `github-actions-typing` action for
validation.
2026-03-23 12:06:12 -06:00
..
action-types.yml
Add typing information for use by typesafegithub (#814)
2026-03-23 12:06:12 -06:00
action.yml
Upgrade to node 24
2025-09-15 01:37:28 +09:00
README.md
Bump actions used in docs (#792)
2026-03-23 11:53:33 -06:00

README.md

The dependency-submission action

Generates and submits a dependency graph for a Gradle project, allowing GitHub to alert about reported vulnerabilities in your project dependencies.

The following workflow will generate a dependency graph for a Gradle project and submit it immediately to the repository via the Dependency Submission API. For most projects, this default configuration should be all that you need.

Simply add this as a new workflow file to your repository (eg .github/workflows/dependency-submission.yml).

name: Dependency Submission

on:
  push:
    branches: ['main']

permissions:
  contents: write

jobs:
  dependency-submission:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
      uses: actions/checkout@v6
    - name: Setup Java
      uses: actions/setup-java@v5
      with:
        distribution: 'temurin'
        java-version: 17
    - name: Generate and submit dependency graph
      uses: gradle/actions/dependency-submission@v5

See the full action documentation for more advanced usage scenarios.