Skip to content

Add dependency submission#1523

Merged
bioball merged 3 commits intoapple:mainfrom
bioball:dependency-submission
Apr 16, 2026
Merged

Add dependency submission#1523
bioball merged 3 commits intoapple:mainfrom
bioball:dependency-submission

Conversation

@bioball
Copy link
Copy Markdown
Member

@bioball bioball commented Apr 15, 2026

This adds jobs to add Gradle dependencies to GitHub's dependency submission API, and to review when these dependencies change.

HT154
HT154 approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@HT154 HT154 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving to unblock, but a couple small things

Comment thread .github/index.pkl Outdated
module.catalog.`actions/checkout@v6`
(module.catalog.`actions/setup-java@v5`) {
with {
`java-version` = "25"
Copy link
Copy Markdown
Contributor

@HT154 HT154 Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably best to pull this out somewhere so it's not in multiple places in our GHA configs

Copy link
Copy Markdown
Member Author

@bioball bioball Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't think of an easy place to put this off the bat, so I'm just going to keep this as-is. Maybe we can refactor things, but I'll consider this as out-of-scope for now.

Comment thread .github/index.pkl Outdated
Comment on lines +206 to +208
jobs = (_jobs) {
["dependency-submission"] = dependencySubmission
}
Copy link
Copy Markdown
Contributor

@HT154 HT154 Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a little awkward. Can toWorkflowJobs just pass Workflow.Job instances through instead?

Copy link
Copy Markdown
Member Author

@bioball bioball Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea!

@HT154
Copy link
Copy Markdown
Contributor

HT154 commented Apr 15, 2026

Looks like dependency submission needs

permissions:
  contents: write

Do we really need to be doing this on PRs?

@bioball
Copy link
Copy Markdown
Member Author

bioball commented Apr 16, 2026

I have contents: write set on the job level, but it looks like it needs to be on the workflow level in order for it to work.

The goal was to have dependency changes reviewed by dependency-review-action, but I think we can try tackling that later (if at all). I'll remove that from the PRB builds.

@bioball bioball merged commit a8500b6 into apple:main Apr 16, 2026
17 checks passed
@bioball bioball deleted the dependency-submission branch April 16, 2026 05:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HT154 HT154 HT154 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bioball @HT154