Skip to content

Commit

Permalink
GitHub: add dependency actions
Browse files Browse the repository at this point in the history
  • Loading branch information
cobexer committed Oct 30, 2024
1 parent 2578f8b commit c469454
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 6 deletions.
17 changes: 11 additions & 6 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,13 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

version: 2
updates:
- package-ecosystem: "gradle"
directory: "/"
reviewers:
- "@gradle/ge-build-platform"
schedule:
interval: "daily"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
labels:
- "@dev-productivity"
26 changes: 26 additions & 0 deletions .github/workflows/dependency-review-action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Dependency review for pull requests

on:
workflow_dispatch:
pull_request:

permissions:
contents: write

jobs:
dependency-submission:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21

- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v3
with:
build-scan-publish: false

- name: Perform dependency review
uses: actions/dependency-review-action@v3
26 changes: 26 additions & 0 deletions .github/workflows/dependency-submission.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Dependency Submission

on:
workflow_dispatch:
push:
branches:
- master

permissions:
contents: write

jobs:
dependency-submission:
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 21
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v3
with:
build-scan-publish: false

0 comments on commit c469454

Please sign in to comment.