Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Submit gradle-aware dependency information to Github #5086

Merged
merged 1 commit into from
Feb 1, 2024
Merged

Submit gradle-aware dependency information to Github #5086

merged 1 commit into from
Feb 1, 2024

Conversation

devinrsmith
Copy link
Member

@devinrsmith devinrsmith commented Jan 30, 2024
edited
Loading

Currently, Github automatically ingests dependency information that is an easy-to-digest form (for example, something like Python's requirements.txt).

This PR uses the Github Dependency Submission API to add our projects dependency information as known by Gradle (group id, artifact id, version, etc) to Github. This allows for better dependency graph and code security information.

There's potential to use this information in the future to enhance our PR review process, specifically calling out new dependencies (https://github.com/actions/dependency-review-action).

https://docs.github.com/en/rest/dependency-graph/dependency-submission
https://github.com/gradle/actions/blob/main/dependency-submission/README.md

@devinrsmith devinrsmith self-assigned this Jan 30, 2024
@devinrsmith devinrsmith changed the title Add dependency submission WIP: Add dependency submission Jan 30, 2024
@devinrsmith
Submit gradle-aware dependency information to Github
edffd29 
Currently, Github automatically ingests dependency information that is an easy-to-digest form (for example, something like Python's requirements.txt).

This PR uses the Github Dependency Submission API to add our projects dependency information as known by Gradle (group id, artifact id, version, etc) to Github. This allows for better dependency graph and code security information.

There's potential to use this information in the future to enhance our PR review process, specifically calling out new dependencies (https://github.com/actions/dependency-review-action).

https://docs.github.com/en/rest/dependency-graph/dependency-submission
https://github.com/gradle/actions/blob/main/dependency-submission/README.md
@devinrsmith devinrsmith changed the title WIP: Add dependency submission Submit gradle-aware dependency information to Github Jan 30, 2024
@devinrsmith devinrsmith marked this pull request as ready for review January 30, 2024 22:41
@devinrsmith devinrsmith merged commit ce6b33e into deephaven:main Feb 1, 2024
20 of 23 checks passed
@devinrsmith devinrsmith deleted the gradle-dependency-submission branch February 1, 2024 18:13
@github-actions github-actions bot locked and limited conversation to collaborators Feb 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@rcaudy rcaudy rcaudy approved these changes

@jcferretti jcferretti Awaiting requested review from jcferretti jcferretti is a code owner

@JamesXNelson JamesXNelson Awaiting requested review from JamesXNelson JamesXNelson is a code owner

@mofojed mofojed Awaiting requested review from mofojed mofojed is a code owner

Assignees

@devinrsmith devinrsmith

Labels
NoDocumentationNeeded NoReleaseNotesNeeded No release notes are needed.
Projects
None yet
Milestone
1. January 2024 (end of month)
Development

Successfully merging this pull request may close these issues.
2 participants
@devinrsmith @rcaudy