Daz DeBoer
Daz DeBoer
With the introduction of `gradle/actions/dependency-submission`, it is now simpler (and recommended) to use a separate workflow for generation and submission of GitHub Dependency Graph. This workflow attempts to detect and...
As mentioned in the README, this action is being replaced by `gradle/actions/setup-gradle`. Please report bugs and feature requests at https://github.com/gradle/actions. Thanks!
@oehme commented on [Thu Oct 06 2016](https://github.com/gradle/composite-builds/issues/76) Properties (both in gradle.properties and passed via `-P`) should be passed to included builds. --- @adammurdoch commented on [Wed Mar 08 2017](https://github.com/gradle/composite-builds/issues/76#issuecomment-285193550) Maybe....
"Immutable workspace contents have been modified" failure when workspace contents are not modified
### Current Behavior A build can fail with `Immutable workspace contents have been modified` without any modification of the directory in question. ### Expected Behavior This error should only occur...
The [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) is central to all aspects of GitHub supply chain security, including [Dependency Review on PRs](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review) and [Dependabot Security Alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). The goal is to make it easy...
When using the plugin without the correct environment variables set, the resulting exception looks like: ``` Caused by: org.gradle.api.GradleException: The GitHubDependencyGraphPlugin plugin encountered errors while writing the dependency snapshot json...
When configure-on-demand is enabled, the `ForceDependencyResolutionPlugin_resolveAllDependencies` task is not registered.
Unfortunately this isn't so simple, since Gradle isn't a library published to a standard repository. - [ ] Determine correct PURL to use for Gradle Build Tool itself - [...
When a workflow Job includes both a `setup-gradle` and `dependency-submission` step, all of the Gradle executions _after_ the dependency-submission step will unexpectedly generate (but not submit) dependency graph files. This...
Currently, there are some key configuration inputs to the GitHub Dependency Graph plugin that can only be provided via environment variables. The full list is [here](https://github.com/gradle/github-dependency-graph-gradle-plugin?tab=readme-ov-file#required-environment-variables), [here](https://github.com/gradle/github-dependency-graph-gradle-plugin?tab=readme-ov-file#filtering-which-gradle-configurations-contribute-to-the-dependency-graph) and [here](https://github.com/gradle/github-dependency-graph-gradle-plugin?tab=readme-ov-file#controlling-the-scope-of-dependencies-in-the-dependency-graph). We...