From 18976f24ac4214155c2dc61c02542d4390b2bdda Mon Sep 17 00:00:00 2001 From: Dan Chao Date: Fri, 10 Apr 2026 22:29:52 -0700 Subject: [PATCH 1/3] Add dependency submission job --- .github/PklProject | 4 ++-- .github/PklProject.deps.json | 16 ++++++------- .github/dependabot.yml | 2 ++ .github/index.pkl | 36 ++++++++++++++++++++++++++++-- .github/jobs/BuildNativeJob.pkl | 3 ++- .github/workflows/__lockfile__.yml | 4 ++++ .github/workflows/main.yml | 15 +++++++++++++ .github/workflows/prb.yml | 21 +++++++++++++++++ 8 files changed, 88 insertions(+), 13 deletions(-) diff --git a/.github/PklProject b/.github/PklProject index 92d136964..07a11b8bb 100644 --- a/.github/PklProject +++ b/.github/PklProject @@ -2,9 +2,9 @@ amends "pkl:Project" dependencies { ["pkl.impl.ghactions"] { - uri = "package://pkg.pkl-lang.org/pkl-project-commons/pkl.impl.ghactions@1.5.0" + uri = "package://pkg.pkl-lang.org/pkl-project-commons/pkl.impl.ghactions@1.6.0" } ["gha"] { - uri = "package://pkg.pkl-lang.org/pkl-pantry/com.github.actions@1.2.0" + uri = "package://pkg.pkl-lang.org/pkl-pantry/com.github.actions@1.4.0" } } diff --git a/.github/PklProject.deps.json b/.github/PklProject.deps.json index 457d181d0..0a621f20f 100644 --- a/.github/PklProject.deps.json +++ b/.github/PklProject.deps.json @@ -3,16 +3,16 @@ "resolvedDependencies": { "package://pkg.pkl-lang.org/pkl-pantry/com.github.actions@1": { "type": "remote", - "uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/com.github.actions@1.3.1", + "uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/com.github.actions@1.4.0", "checksums": { - "sha256": "fd515da685ea126678c3ec684e84a4f992d43481cc1d75cb866cd55775f675f9" + "sha256": "e0b9a9f71071d6101e9d764c069b2ec4a597d5315cb6e4c265b3f0d90c2b482c" } }, "package://pkg.pkl-lang.org/pkl-project-commons/pkl.impl.ghactions@1": { "type": "remote", - "uri": "projectpackage://pkg.pkl-lang.org/pkl-project-commons/pkl.impl.ghactions@1.5.0", + "uri": "projectpackage://pkg.pkl-lang.org/pkl-project-commons/pkl.impl.ghactions@1.6.0", "checksums": { - "sha256": "2c1e0d9efcd65b3c3207bf535c325ebc0ec2ab169187b324c4bb70821cac0e51" + "sha256": "fbc3c456ea468a0fe6baa9b3d30167259ac04e721a41a10fe82d2970026f0b1d" } }, "package://pkg.pkl-lang.org/pkl-pantry/pkl.experimental.deepToTyped@1": { @@ -24,16 +24,16 @@ }, "package://pkg.pkl-lang.org/pkl-pantry/pkl.github.dependabotManagedActions@1": { "type": "remote", - "uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/pkl.github.dependabotManagedActions@1.0.3", + "uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/pkl.github.dependabotManagedActions@1.1.0", "checksums": { - "sha256": "d368900942efb88ed51a98f9614748b06c74ba43423f045fcd6dedb5dbdc0bea" + "sha256": "025fac778f2c5f75c8229fa4ec0f49ebdb99a61affe9aae489fefd8fccd92faa" } }, "package://pkg.pkl-lang.org/pkl-pantry/com.github.dependabot@1": { "type": "remote", - "uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/com.github.dependabot@1.0.0", + "uri": "projectpackage://pkg.pkl-lang.org/pkl-pantry/com.github.dependabot@1.0.1", "checksums": { - "sha256": "02ef6f25bfca5b1d095db73ea15de79d2d2c6832ebcab61e6aba90554382abcb" + "sha256": "0a4fe9b0983716ec49fb060b9e5e83f8c365eb899d517123b43134416a9574b6" } } } diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 73242dbcd..acca6fcb1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,8 @@ version: 2 updates: - package-ecosystem: github-actions + cooldown: + default-days: 7 directory: / ignore: - dependency-name: '*' diff --git a/.github/index.pkl b/.github/index.pkl index 787cc9666..fc4a7c829 100644 --- a/.github/index.pkl +++ b/.github/index.pkl @@ -22,6 +22,8 @@ testReports { excludeJobs { "bench" "github-release" + "dependency-submission" + "dependency-review" Regex("deploy-.*") } } @@ -114,6 +116,23 @@ local releaseJobs: PklJobs = new { ...buildNativeReleases } +local dependencySubmission: Workflow.Job = new { + `runs-on` = "ubuntu-latest" + permissions { + contents = "write" + } + steps { + module.catalog.`actions/checkout@v6` + (module.catalog.`actions/setup-java@v5`) { + with { + `java-version` = "25" + distribution = "temurin" + } + } + module.catalog.`gradle/actions/dependency-submission@v6` + } +} + // By default, just run ./gradlew check on linux. // Trigger other checks based on GitHub PR description. Examples: // @@ -153,7 +172,16 @@ prb { nightlyMacOS = false } } - jobs = prbJobs2 |> toWorkflowJobs + jobs = (prbJobs2 |> toWorkflowJobs) { + ["dependency-review"] { + `runs-on` = "ubuntu-latest" + steps { + module.catalog.`actions/checkout@v6` + module.catalog.`actions/dependency-review-action@v4` + } + } + ["dependency-submission"] = dependencySubmission + } } build { @@ -161,7 +189,7 @@ build { } main { - jobs = + local _jobs = (buildAndTestJobs) { ["deploy-snapshot"] = ( new DeployJob { @@ -174,6 +202,10 @@ main { needs = buildAndTestJobs.keys.toListing() } } |> toWorkflowJobs + + jobs = (_jobs) { + ["dependency-submission"] = dependencySubmission + } } releaseBranch { diff --git a/.github/jobs/BuildNativeJob.pkl b/.github/jobs/BuildNativeJob.pkl index 7ec44c77c..7413992f7 100644 --- a/.github/jobs/BuildNativeJob.pkl +++ b/.github/jobs/BuildNativeJob.pkl @@ -23,7 +23,8 @@ preSteps { when (os == "linux" && !musl) { new { name = "Install deps" - run = "dnf install -y git binutils gcc glibc-devel zlib-devel libstdc++-static glibc-langpack-en" + run = + "dnf install -y git binutils gcc glibc-devel zlib-devel libstdc++-static glibc-langpack-en" } } } diff --git a/.github/workflows/__lockfile__.yml b/.github/workflows/__lockfile__.yml index 4f137becc..f14886284 100644 --- a/.github/workflows/__lockfile__.yml +++ b/.github/workflows/__lockfile__.yml @@ -22,6 +22,8 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: actions/create-github-app-token@v2 uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 + - name: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4 - name: actions/download-artifact@v6 uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 - name: actions/setup-java@v5 @@ -30,5 +32,7 @@ jobs: uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 - name: dawidd6/action-download-artifact@v11 uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + - name: gradle/actions/dependency-submission@v6 + uses: gradle/actions/dependency-submission@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6 - name: gradle/actions/setup-gradle@v5 uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f90d76e0f..044bef1a5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -831,6 +831,20 @@ jobs: ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.ORG_GRADLE_PROJECT_SONATYPEPASSWORD }} ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.ORG_GRADLE_PROJECT_SONATYPEUSERNAME }} run: ./gradlew --info --stacktrace --no-daemon -DpklMultiJdkTesting=true --no-parallel publishToSonatype + dependency-submission: + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 + with: + java-version: '25' + distribution: temurin + - uses: gradle/actions/dependency-submission@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6 + with: {} publish-test-results: if: '!cancelled()' needs: @@ -891,6 +905,7 @@ jobs: - pkl-doc-alpine-linux-amd64-snapshot - pkl-doc-windows-amd64-snapshot - deploy-snapshot + - dependency-submission - publish-test-results runs-on: ubuntu-latest steps: diff --git a/.github/workflows/prb.yml b/.github/workflows/prb.yml index fb3c4767b..7a3da7970 100644 --- a/.github/workflows/prb.yml +++ b/.github/workflows/prb.yml @@ -712,6 +712,27 @@ jobs: name: test-results-html-pkl-doc-windows-amd64-snapshot path: '**/build/reports/tests/**/*' if-no-files-found: ignore + dependency-review: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4 + dependency-submission: + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 + with: + java-version: '25' + distribution: temurin + - uses: gradle/actions/dependency-submission@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6 + with: {} upload-event-file: runs-on: ubuntu-latest steps: From aacc81f49260678a5de5576ba86dc3fbed5d2db2 Mon Sep 17 00:00:00 2001 From: Dan Chao Date: Wed, 15 Apr 2026 22:03:22 -0700 Subject: [PATCH 2/3] Remove dependency submission from prb --- .github/index.pkl | 45 +++++++++++------------------- .github/workflows/__lockfile__.yml | 2 -- .github/workflows/prb.yml | 21 -------------- 3 files changed, 17 insertions(+), 51 deletions(-) diff --git a/.github/index.pkl b/.github/index.pkl index fc4a7c829..1f581743d 100644 --- a/.github/index.pkl +++ b/.github/index.pkl @@ -116,23 +116,6 @@ local releaseJobs: PklJobs = new { ...buildNativeReleases } -local dependencySubmission: Workflow.Job = new { - `runs-on` = "ubuntu-latest" - permissions { - contents = "write" - } - steps { - module.catalog.`actions/checkout@v6` - (module.catalog.`actions/setup-java@v5`) { - with { - `java-version` = "25" - distribution = "temurin" - } - } - module.catalog.`gradle/actions/dependency-submission@v6` - } -} - // By default, just run ./gradlew check on linux. // Trigger other checks based on GitHub PR description. Examples: // @@ -172,16 +155,7 @@ prb { nightlyMacOS = false } } - jobs = (prbJobs2 |> toWorkflowJobs) { - ["dependency-review"] { - `runs-on` = "ubuntu-latest" - steps { - module.catalog.`actions/checkout@v6` - module.catalog.`actions/dependency-review-action@v4` - } - } - ["dependency-submission"] = dependencySubmission - } + jobs = prbJobs2 |> toWorkflowJobs } build { @@ -204,7 +178,22 @@ main { } |> toWorkflowJobs jobs = (_jobs) { - ["dependency-submission"] = dependencySubmission + ["dependency-submission"] { + `runs-on` = "ubuntu-latest" + permissions { + contents = "write" + } + steps { + module.catalog.`actions/checkout@v6` + (module.catalog.`actions/setup-java@v5`) { + with { + `java-version` = "25" + distribution = "temurin" + } + } + module.catalog.`gradle/actions/dependency-submission@v6` + } + } } } diff --git a/.github/workflows/__lockfile__.yml b/.github/workflows/__lockfile__.yml index f14886284..885e3b51a 100644 --- a/.github/workflows/__lockfile__.yml +++ b/.github/workflows/__lockfile__.yml @@ -22,8 +22,6 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: actions/create-github-app-token@v2 uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 - - name: actions/dependency-review-action@v4 - uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4 - name: actions/download-artifact@v6 uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 - name: actions/setup-java@v5 diff --git a/.github/workflows/prb.yml b/.github/workflows/prb.yml index 7a3da7970..fb3c4767b 100644 --- a/.github/workflows/prb.yml +++ b/.github/workflows/prb.yml @@ -712,27 +712,6 @@ jobs: name: test-results-html-pkl-doc-windows-amd64-snapshot path: '**/build/reports/tests/**/*' if-no-files-found: ignore - dependency-review: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - with: - persist-credentials: false - - uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4 - dependency-submission: - permissions: - contents: write - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - with: - persist-credentials: false - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 - with: - java-version: '25' - distribution: temurin - - uses: gradle/actions/dependency-submission@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6 - with: {} upload-event-file: runs-on: ubuntu-latest steps: From a104fb4fd28e51ccdc8811e9898d8d70048ae233 Mon Sep 17 00:00:00 2001 From: Dan Chao Date: Wed, 15 Apr 2026 22:10:46 -0700 Subject: [PATCH 3/3] Accept Workflow.Job too --- .github/index.pkl | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/.github/index.pkl b/.github/index.pkl index 1f581743d..a7082dc00 100644 --- a/.github/index.pkl +++ b/.github/index.pkl @@ -42,11 +42,15 @@ local gradleCheckWindows = (baseGradleCheck) { os = "windows" } -local typealias PklJobs = Mapping +local typealias PklJobs = Mapping local toWorkflowJobs: (PklJobs) -> Workflow.Jobs = (it) -> new Workflow.Jobs { for (k, v in it) { - [k] = v.job + when (v is PklJob) { + [k] = v.job + } else { + [k] = v + } } } @@ -163,7 +167,7 @@ build { } main { - local _jobs = + jobs = (buildAndTestJobs) { ["deploy-snapshot"] = ( new DeployJob { @@ -175,26 +179,23 @@ main { ) { needs = buildAndTestJobs.keys.toListing() } - } |> toWorkflowJobs - - jobs = (_jobs) { - ["dependency-submission"] { - `runs-on` = "ubuntu-latest" - permissions { - contents = "write" - } - steps { - module.catalog.`actions/checkout@v6` - (module.catalog.`actions/setup-java@v5`) { - with { - `java-version` = "25" - distribution = "temurin" + ["dependency-submission"] { + `runs-on` = "ubuntu-latest" + permissions { + contents = "write" + } + steps { + module.catalog.`actions/checkout@v6` + (module.catalog.`actions/setup-java@v5`) { + with { + `java-version` = "25" + distribution = "temurin" + } } + module.catalog.`gradle/actions/dependency-submission@v6` } - module.catalog.`gradle/actions/dependency-submission@v6` } - } - } + } |> toWorkflowJobs } releaseBranch {