starred/pkl
1
0
Fork 0
mirror of https://github.com/apple/pkl.git synced 2026-05-30 10:30:53 +02:00
Code Issues 198 Packages Projects Releases 10 Wiki Activity

Add dependency submission (#1523)

Browse Source 
This adds jobs to add Gradle dependencies to [GitHub's dependency
submission
API](https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/using-the-dependency-submission-api),
and to review when these dependencies change.
This commit is contained in:
Daniel Chao
2026-04-15 22:21:17 -07:00
committed by GitHub
parent 4faf35a66a
commit a8500b6b03
7 changed files with 55 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/PklProject
+2 -2
View File
@@ -2,9 +2,9 @@ amends "pkl:Project"
dependencies {
["pkl.impl.ghactions"] {
uri = "package://pkg.pkl-lang.org/pkl-project-commons/pkl.impl.ghactions@1.5.0"
uri = "package://pkg.pkl-lang.org/pkl-project-commons/pkl.impl.ghactions@1.6.0"
}
["gha"] {
uri = "package://pkg.pkl-lang.org/pkl-pantry/com.github.actions@1.2.0"
uri = "package://pkg.pkl-lang.org/pkl-pantry/com.github.actions@1.4.0"
}
}
.github/PklProject.deps.json
+8 -8
View File
@@ -3,16 +3,16 @@
"resolvedDependencies": {
"package://pkg.pkl-lang.org/pkl-pantry/com.github.actions@1": {
"type": "remote",
"uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/com.github.actions@1.3.1",
"uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/com.github.actions@1.4.0",
"checksums": {
"sha256": "fd515da685ea126678c3ec684e84a4f992d43481cc1d75cb866cd55775f675f9"
"sha256": "e0b9a9f71071d6101e9d764c069b2ec4a597d5315cb6e4c265b3f0d90c2b482c"
}
},
"package://pkg.pkl-lang.org/pkl-project-commons/pkl.impl.ghactions@1": {
"type": "remote",
"uri": "projectpackage://pkg.pkl-lang.org/pkl-project-commons/pkl.impl.ghactions@1.5.0",
"uri": "projectpackage://pkg.pkl-lang.org/pkl-project-commons/pkl.impl.ghactions@1.6.0",
"checksums": {
"sha256": "2c1e0d9efcd65b3c3207bf535c325ebc0ec2ab169187b324c4bb70821cac0e51"
"sha256": "fbc3c456ea468a0fe6baa9b3d30167259ac04e721a41a10fe82d2970026f0b1d"
}
},
"package://pkg.pkl-lang.org/pkl-pantry/pkl.experimental.deepToTyped@1": {
@@ -24,16 +24,16 @@
},
"package://pkg.pkl-lang.org/pkl-pantry/pkl.github.dependabotManagedActions@1": {
"type": "remote",
"uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/pkl.github.dependabotManagedActions@1.0.3",
"uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/pkl.github.dependabotManagedActions@1.1.0",
"checksums": {
"sha256": "d368900942efb88ed51a98f9614748b06c74ba43423f045fcd6dedb5dbdc0bea"
"sha256": "025fac778f2c5f75c8229fa4ec0f49ebdb99a61affe9aae489fefd8fccd92faa"
}
},
"package://pkg.pkl-lang.org/pkl-pantry/com.github.dependabot@1": {
"type": "remote",
"uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/com.github.dependabot@1.0.0",
"uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/com.github.dependabot@1.0.1",
"checksums": {
"sha256": "02ef6f25bfca5b1d095db73ea15de79d2d2c6832ebcab61e6aba90554382abcb"
"sha256": "0a4fe9b0983716ec49fb060b9e5e83f8c365eb899d517123b43134416a9574b6"
}
}
}
.github/dependabot.yml
+2
View File
@@ -1,6 +1,8 @@
version: 2
updates:
- package-ecosystem: github-actions
cooldown:
default-days: 7
directory: /
ignore:
- dependency-name: '*'
.github/index.pkl
+24 -2
View File
@@ -22,6 +22,8 @@ testReports {
excludeJobs {
"bench"
"github-release"
"dependency-submission"
"dependency-review"
Regex("deploy-.*")
}
}
@@ -40,11 +42,15 @@ local gradleCheckWindows = (baseGradleCheck) {
os = "windows"
}
local typealias PklJobs = Mapping<String, PklJob>
local typealias PklJobs = Mapping<String, PklJob | *Workflow.Job>
local toWorkflowJobs: (PklJobs) -> Workflow.Jobs = (it) -> new Workflow.Jobs {
for (k, v in it) {
[k] = v.job
when (v is PklJob) {
[k] = v.job
} else {
[k] = v
}
}
}
@@ -173,6 +179,22 @@ main {
) {
needs = buildAndTestJobs.keys.toListing()
}
["dependency-submission"] {
`runs-on` = "ubuntu-latest"
permissions {
contents = "write"
}
steps {
module.catalog.`actions/checkout@v6`
(module.catalog.`actions/setup-java@v5`) {
with {
`java-version` = "25"
distribution = "temurin"
}
}
module.catalog.`gradle/actions/dependency-submission@v6`
}
}
} |> toWorkflowJobs
}
.github/jobs/BuildNativeJob.pkl
+2 -1
View File
@@ -23,7 +23,8 @@ preSteps {
when (os == "linux" && !musl) {
new {
name = "Install deps"
run = "dnf install -y git binutils gcc glibc-devel zlib-devel libstdc++-static glibc-langpack-en"
run =
"dnf install -y git binutils gcc glibc-devel zlib-devel libstdc++-static glibc-langpack-en"
}
}
}
.github/workflows/__lockfile__.yml
Generated
+2
View File
@@ -30,5 +30,7 @@ jobs:
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
- name: dawidd6/action-download-artifact@v11
uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
- name: gradle/actions/dependency-submission@v6
uses: gradle/actions/dependency-submission@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6
- name: gradle/actions/setup-gradle@v5
uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5
.github/workflows/main.yml
Generated
+15
View File
@@ -831,6 +831,20 @@ jobs:
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.ORG_GRADLE_PROJECT_SONATYPEPASSWORD }}
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.ORG_GRADLE_PROJECT_SONATYPEUSERNAME }}
run: ./gradlew --info --stacktrace --no-daemon -DpklMultiJdkTesting=true --no-parallel publishToSonatype
dependency-submission:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
with:
java-version: '25'
distribution: temurin
- uses: gradle/actions/dependency-submission@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6
with: {}
publish-test-results:
if: '!cancelled()'
needs:
@@ -891,6 +905,7 @@ jobs:
- pkl-doc-alpine-linux-amd64-snapshot
- pkl-doc-windows-amd64-snapshot
- deploy-snapshot
- dependency-submission
- publish-test-results
runs-on: ubuntu-latest
steps: