Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AAE-23198 Dependency Graph Submission on push in common build action #643

Merged
merged 2 commits into from
Jun 17, 2024
Merged

AAE-23198 Dependency Graph Submission on push in common build action #643

merged 2 commits into from
Jun 17, 2024

Conversation

wojciech-piotrowiak
Copy link
Contributor

Checklist

  • Jira Reference (also in PR title):
  • README updated after adding/changing behaviour of an action
  • Proposed version increment for release:
    • Patch (bugfix)
    • Minor (new feature)
    • Major (breaking changes)
  • External PR link where changes has been tested:

Description

@wojciech-piotrowiak wojciech-piotrowiak self-assigned this Jun 14, 2024
@wojciech-piotrowiak wojciech-piotrowiak requested a review from a team as a code owner June 14, 2024 11:54
atchertchian
atchertchian reviewed Jun 14, 2024
View reviewed changes
.github/actions/maven-build-and-tag/action.yml Outdated
uses: advanced-security/maven-dependency-submission-action@5d0f9011b55d6268922128af45275986303459c3 # v4.0.3
env:
MAVEN_USERNAME: ${{ inputs.maven-username }}
MAVEN_PASSWORD: ${{ inputs.maven-password }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about settings file?

please also rename the PR title to more meaningful

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, done
Did a test pr to check it and it works https://github.com/Alfresco/alfresco-identity-adapter-service/actions/runs/9515759065/job/26230694053?pr=925

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looking at extra dependencies retrieved by this build, I wonder if it should be in the saved cache (so this step should be higher), wdyt?

also I'm not sure where the result is visible/uploaded: you gave a link to the PR but this is not supposed to be run on PRs, am I missing something?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved it even higher; that action may use dependencies removed on the end.

There is no direct clickable result, GH analyzes the output and creates security issues like this: https://github.com/Alfresco/hxp-process-services/security/dependabot/23

@wojciech-piotrowiak wojciech-piotrowiak force-pushed the feature/AAE-23198-submission-action-in-build branch from 0f422a2 to 4c4db5b Compare June 14, 2024 12:11
@wojciech-piotrowiak wojciech-piotrowiak changed the title AAE-23198 Submission in common build action AAE-23198 Dependency Graph Submission on push in common build action Jun 14, 2024
@wojciech-piotrowiak wojciech-piotrowiak merged commit 566875c into master Jun 17, 2024
3 checks passed
@wojciech-piotrowiak wojciech-piotrowiak deleted the feature/AAE-23198-submission-action-in-build branch June 17, 2024 07:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@atchertchian atchertchian atchertchian approved these changes

Assignees

@wojciech-piotrowiak wojciech-piotrowiak

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wojciech-piotrowiak @atchertchian