mirror of
https://github.com/gradle/actions.git
synced 2026-06-12 14:40:39 +00:00
Björn Kautler
a740661292
This PR adds a missing enum value, and makes strings that are actually
delimited lists those lists, so that you for example in the generated
Kotlin bindings can simply do
```kotlin
additionalArguments = listOf(
"--info",
"--stacktrace",
"--show-version"
)
```
instead of needing to do
```kotlin
additionalArguments = listOf(
"--info",
"--stacktrace",
"--show-version"
).joinToString(" ")
```
or writing it all in one line as one string.
This is also how the typings for older versions are in the typing
catalog.
Theoretically, this is a breaking changes as the typings define the API
surface of the action and from the typings bindings are generated. I'll
leave it up to you how you handle it regarding version increase or when
to merge.
The dependency-submission action
Generates and submits a dependency graph for a Gradle project, allowing GitHub to alert about reported vulnerabilities in your project dependencies.
The following workflow will generate a dependency graph for a Gradle project and submit it immediately to the repository via the Dependency Submission API. For most projects, this default configuration should be all that you need.
Simply add this as a new workflow file to your repository (eg .github/workflows/dependency-submission.yml).
name: Dependency Submission
on:
push:
branches: ['main']
permissions:
contents: write
jobs:
dependency-submission:
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v6
- name: Setup Java
uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: 17
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v6
See the full action documentation for more advanced usage scenarios.