Conversation
| run-name: Running Dependency Submission | ||
|
|
||
| on: | ||
| workflow_dispatch: |
There was a problem hiding this comment.
what process will call this workflow? At what frequency?
There was a problem hiding this comment.
Note that the reference here https://github.com/marketplace/actions/build-with-gradle#the-dependency-submission-action
And also the PostNL one get triggered by pushes to branches
Either change the trigger or add a comment explaning the current one
ninovanhooff
left a comment
ninovanhooff
left a comment
There was a problem hiding this comment.
Thanks @AnneKlapwijk.
This would be a nice addition, but the trigger for this workflow is unclear to me
| @@ -0,0 +1,25 @@ | |||
| # https://docs.github.com/en/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories#gradle | |||
There was a problem hiding this comment.
I found this link to be more helpful: https://github.com/marketplace/actions/build-with-gradle#the-dependency-submission-action
| run-name: Running Dependency Submission | ||
|
|
||
| on: | ||
| workflow_dispatch: |
There was a problem hiding this comment.
Note that the reference here https://github.com/marketplace/actions/build-with-gradle#the-dependency-submission-action
And also the PostNL one get triggered by pushes to branches
Either change the trigger or add a comment explaning the current one
| - name: Setup Java | ||
| uses: actions/setup-java@v4 | ||
| with: | ||
| distribution: "temurin" |
There was a problem hiding this comment.
we use corretto 21 elsewhere, might be nice to keep that in sync. Corretto might advantages for Apple silicon. https://whichjdk.com/#apple-silicon
3 participants
Why is this important?
We want to be informed of vulnerabilities in our dependencies
See: https://github.com/Q42/PostNL.Android/pull/3612
Notes