Merge pull request #334 from guardian/sbt-dependency-graph-459ff79c46…

…2695ea Submit sbt dependencies to GitHub for vulnerability monitoring
guardian · Jan 8, 2025 · ef76214 · ef76214
2 parents c4e3e67 + 6c2939f
commit ef76214
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 16 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,7 +13,7 @@ jobs:
       id-token: write
       contents: read
     name: salesforce-message-handler build
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Env
         run: env
@@ -30,9 +30,9 @@ jobs:
       - name: Setup Java
         uses: actions/setup-java@v4
         with:
-          distribution: 'corretto'
-          java-version: '21'
-          cache: 'sbt'
+          distribution: "corretto"
+          java-version: "21"
+          cache: "sbt"
 
       - name: Compile and package project
         run: sbt 'set test in assembly := {}' clean assembly
@@ -46,4 +46,4 @@ jobs:
             cfn:
               - ./cfn.yaml
             salesforce-message-handler:
-              - ./salesforce-message-handler.jar
+              - ./salesforce-message-handler.jar
diff --git a/.github/workflows/sbt-dependency-graph.yaml b/.github/workflows/sbt-dependency-graph.yaml
@@ -0,0 +1,30 @@
+name: Update Dependency Graph for sbt
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch: 
+jobs:
+  dependency-graph:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout branch
+        id: checkout
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - name: Install Java
+        id: java
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.2.0
+        with:
+          distribution: corretto
+          java-version: 17
+      - name: Install sbt
+        id: sbt
+        uses: sbt/setup-sbt@8a071aa780c993c7a204c785d04d3e8eb64ef272 # v1.1.0
+      - name: Submit dependencies
+        id: submit
+        uses: scalacenter/sbt-dependency-submission@64084844d2b0a9b6c3765f33acde2fbe3f5ae7d3 # v3.1.0
+      - name: Log snapshot for user validation
+        id: validate
+        run: cat ${{ steps.submit.outputs.snapshot-json-path }} | jq
+    permissions:
+      contents: write
diff --git a/.github/workflows/scala-steward.yml b/.github/workflows/scala-steward.yml
@@ -2,28 +2,24 @@ name: Test Scala-steward PRs
 
 on:
   pull_request:
-    branches: [ main ]
+    branches: [main]
 
 jobs:
   test:
     name: Test of Scala Steward PR
-        
+
     if: github.actor == 'scala-steward'
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     steps:
-      - 
-        name: Checkout repo
+      - name: Checkout repo
         uses: actions/checkout@v2
-      - 
-        name: Set up Java
+      - name: Set up Java
         uses: actions/setup-java@v1
         with:
           java-version: 11
-      - 
-        name: Compile production and test code
+      - name: Compile production and test code
         run: sbt Test/compile
-      - 
-        name: Run tests
+      - name: Run tests
         run: sbt test