-
Notifications
You must be signed in to change notification settings - Fork 2
40 lines (37 loc) · 1.33 KB
/
ci.dependency-graph.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: 'Dependency Graph'
'on':
workflow_call: {}
workflow_dispatch: {}
permissions:
contents: read
jobs:
build-graph:
name: 'Dependency Graph'
runs-on: ubuntu-latest
permissions:
contents: write # needed for graph write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.azul.com:443 api.github.com:443 cdn.azul.com:443 github.com:443 jpms.pkg.st:443
repo.maven.apache.org:443
- name: 'Setup: Checkout'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false
- name: 'Setup: Java 21'
uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
with:
java-version: '21'
distribution: 'zulu'
- name: 'Build: Maven Dependency Graph'
continue-on-error: true
uses: advanced-security/maven-dependency-submission-action@4f64ddab9d742a4806eeb588d238e4c311a8397d # v4.1.1
with:
directory: /home/runner/work/jpms/jpms/tools/graph
settings-file: /home/runner/work/jpms/jpms/tools/graph/settings.xml
ignore-maven-wrapper: true