Skip to content
This repository has been archived by the owner on Jan 25, 2024. It is now read-only.

Calculates dependencies for a Gradle build-target and submits the list to the Dependency Submission API

License

Notifications You must be signed in to change notification settings

mikepenz/gradle-dependency-submission

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
 
 

Repository files navigation

Important

With the introduction of support for the Dependency Submission API into the official Gradle Build Action this project is officially deprecated. Please consider using the Gradle Build Action for new projects.


:octocat:

gradle-dependency-submission

... calculates dependencies for a Gradle build-target and submits the list to the Dependency Submission API.


What's included 🚀Setup 🛠️Sample 🖥️Contribute 🧬License 📓


What's included 🚀

  • Supports any Gradle project
    • Uses the Gradle dependencies task
  • Highly flexible configuration
  • Submits all maven dependencies via the Dependency Submission API

Note: This action executes the dependencies task of a given Gradle project, and will submit the dependency tree via the Dependency Submission API.

Note: At this time Gradle 7.5 or newer is required as it offers a new task to retrieve individual properties. (Used to retrieve build file path, and project name)

Setup

Configure the workflow

name: build
on:
  push:
    branches:
      - develop # run the action on your projects default branch

jobs:
  build:
    name: Dependencies
    runs-on: ubuntu-latest
    permissions: # The Dependency Submission API requires write permission
      contents: write
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3

      - name: Run snapshot action
        uses: mikepenz/gradle-dependency-submission@{latest}
        with:
          gradle-project-path: "gradle-example"
          gradle-build-module: ":app"
Root Module Config

The following example showcases a gradle module in the root, without a module name, and no sub-folder.

- name: Root Gradle Dependency Submission
  uses: mikepenz/gradle-dependency-submission@{latest}
  with:
    use-gradlew: false
    gradle-build-module: |-
      :
    gradle-build-configuration: |-
      compileClasspath

Multi Module Config

- name: Gradle Dependency Submission
  uses: mikepenz/gradle-dependency-submission@{latest}
  with:
    gradle-project-path: |-
      gradle-example
    gradle-build-module: |-
      :app
      :simple-app
    gradle-build-configuration: |-
      debugCompileClasspath

ℹ️ Currently the action has to be run on the default branch. Running it as part of a PR won't update the Dependency graph of your projects Insights - This seems to be a GitHub requirement.

Inputs

Input Description
use-gradlew Defines if ./gradlew or gradle cli will be used to retrieve the dependencies. Defaults to 'true' e.g. ./gradlew.
gradle-project-path Defines the path to the gradle project. Defaults to ''.
gradle-build-module Defines the module to retrieve the dependencies for. This is often :app. Defaults to ':'.
gradle-build-configuration Optional configuration filter, for which the dependencies are resolved. As example: Android projects - debugCompileClasspath, plain java projects - compileClasspath.
gradle-build-configuration-mapping Optional configuration to allow per module build configuration mapping. Provide one mapping per line in the format like: :module|compileClasspath
gradle-dependency-path Defines the path to the gradle dependency file, relative to the gradle-project-path. If not provided, automatically resolved via gradle and the module config.
sub-module-mode Defines how the action handles sub projects/modules. Possible options IGNORE, COMBINED, INDIVIDUAL, INDIVIDUAL_DEEP. Default: IGNORE.
include-build-environment Optional mode to enable the submission of the buildEnvironment as individual Manifest via the dependency submission API. Default: false.
fail-on-error Optional setting to enable an action failure in case any of the dependencies can not be parsed. Default: false.
correlator 'Optional correlator string to submit to GitHub to identify the dependency submission. Defaults to generating based on gradle-build-module and gradle-build-configuration.'
legacy-support 'Disabled by default. Optional setting to enable support for gradle versions below 7.5. Warning: When enabled, the action will retrieve all properties and retrieve the property value of interest. During the parsing this may include other properties. Prefer to upgrade to gradle 7.5 or newer instead!'
sub-module-mode Description
IGNORE Ignores sub projects/modules and skips over their dependencies. Only the core module is being imported.
COMBINED Combines and flattens the sub dependencies, and attaches them to the root of the parent module.
INDIVIDUAL Handles every single module as its own Manifest in the dependency submission API. Uses the gradle API to retrieve the module paths, and imports them individually.
INDIVIDUAL_DEEP Handles every single module as its own Manifest in the dependency submission API. Will call the dependencies task for every single sub project/module to gather the full tree. Uses the gradle API to retrieve the module paths, and imports them individually.

Sample 🖥️

Snapshot dependencies

Contribute 🧬

# Install the dependencies  
$ npm install

# Verify lint is happy
$ npm run lint -- --fix

# Build the typescript and package it for distribution
$ npm run build && npm run package

# Run the tests, use to debug, and test it out
$ npm test

Credits

Other actions

License

Copyright (C) 2022 Mike Penz

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.