starred/pkl
1
0
Fork 0
mirror of https://github.com/apple/pkl.git synced 2026-05-25 16:19:20 +02:00
Code Issues 198 Packages Projects Releases 10 Wiki Activity
724 Commits 13 Branches 21 Tags
1b6e89c971d2be28cca344ceb84d628f694c76ac
Commit Graph

15 Commits

Author SHA1 Message Date
Daniel Chao e07ff96de8 Switch CodeQL to use PklCI API (#1555) 2026-04-23 11:28:16 -07:00
Daniel Chao a33e431433 Enable codeql scanning (#1532) 
This enables security vulnerability scanning using CodeQL.
 2026-04-20 11:28:31 -07:00
Daniel Chao 4058f391a3 Fix dependabot (#1537) 
Looks like `directory` is a required property; we should also fix our
schema but that's orthogonal to this actual fix.
 2026-04-20 11:17:31 -07:00
Daniel Chao 07c68239b9 Remove lockfiles, manage Gradle dependencies with Dependabot (#1535) 
Dependabot currently does not update lockfiles in multi-module projects
(see https://github.com/dependabot/dependabot-core/issues/14633)

To work around this issue, we will simply remove our lockfiles, and
change our version catalog to use fully specified versions.
The removal of lockfiles introduces two issues:

1. It is less visible what our dependency graph is
2. Our builds are potentially non-reproducible

To work around this, two mitigations are in place:

1. Enable `failOnDynamicVersions()`, which causes Gradle to fail the
build if any dependencies declare a version range
2. Enable GitHub dependency submission, which provides insight into the
project SBOM
 2026-04-20 09:29:33 -07:00
Daniel Chao 2dd0e2de21 Only include *runtimeClasspath and *compileClasspath dependencies (#1529) 2026-04-16 17:09:08 -07:00
Daniel Chao a8500b6b03 Add dependency submission (#1523) 
This adds jobs to add Gradle dependencies to [GitHub's dependency
submission
API](https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/using-the-dependency-submission-api),
and to review when these dependencies change.
 2026-04-15 22:21:17 -07:00
Daniel Chao 9d41518553 Bump pkl.impl.ghactions to 1.0.1 (#1358) 2025-12-09 10:53:04 -08:00
Daniel Chao b7ccc67bd8 Adjust CI to not publish test results for deploy-snapshot (#1357) 2025-12-08 09:56:57 -08:00
Daniel Chao 2de1d5b9d2 Build linux executables that link to glibc 2.17 (#1352) 
Fixes an unintentional breakage in 0.30.1 that bumped the required glibc to 2.34.
 2025-12-05 15:24:27 -08:00
Jen Basch c73fc87583 Fix release publishing (#1343) 2025-12-03 15:13:31 -08:00
Daniel Chao c5b98d6510 CI job polish (#1341) 
Avoids issues where setup-java post-task cacheing will hang with "device
or resource busy".
 2025-12-03 15:11:33 -08:00
Jen Basch db6ff394d7 Fix fetch depth for gradle-compatibility and java-executables-* CI jobs (#1339) 2025-12-03 10:34:03 -08:00
Islon Scherer 6c3683c55e Fix snapshot publishing (#1330) 2025-11-26 09:17:14 +01:00
Daniel Chao bc5d675b6e Fix macos/amd64 image builds (#1322) 2025-11-17 12:16:28 -08:00
Daniel Chao f948ba2a20 Switch to GitHub Actions (#1315) 
This switches our builds over to GitHub Actions!

TODO:

* Add macOS/amd64 native-image builds; this isn't working right now
* Patch musl with security patches
* Add benchmark jobs over time

As part of this build, PRBs will now only run `./gradlew check` on Linux,
but other jobs can be run using slash commands, e.g. `[windows]`
to run `./gradle check` on Windows.
 2025-11-13 16:03:05 -08:00