Skip to content

sschuberth/github-dependency-graph-gradle-plugin

BranchesTags
 
 

Repository files navigation

GitHub Dependency Graph Gradle Plugin

A Gradle plugin for generating a GitHub dependency graph for a Gradle build, which can be uploaded to the GitHub Dependency Submission API.

Usage

This plugin is designed to be used in a GitHub Actions workflow, with support coming in a future release of the Gradle Build Action.

For other uses, the core plugin (org.gradle.github.GitHubDependencyGraphPlugin) should be applied to the Gradle instance via a Gradle init script as follows:

import org.gradle.github.GitHubDependencyGraphPlugin
initscript {
  repositories {
    maven {
      url = uri("https://plugins.gradle.org/m2/")
    }
  }
  dependencies {
    classpath("org.gradle:github-dependency-graph-gradle-plugin:+")
  }
}
apply plugin: GitHubDependencyGraphPlugin

This causes 2 separate plugins to be applied, that can be used independently:

  • GitHubDependencyExtractorPlugin collects all dependencies that are resolved during a build execution and writes these to a file. The output file can be found at <root>/build/reports/github-depenency-graph-snapshots/<job-correlator>.json.
  • ForceDependencyResolutionPlugin creates a GitHubDependencyGraphPlugin_generateDependencyGraph task that will attempt to resolve all dependencies for a Gradle build, by simply invoking dependencies on all projects.

Required environment variables

The following environment variables configure the snapshot generated by the GitHubDependencyExtractorPlugin. See the GitHub Dependency Submission API docs for details:

  • GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR: Sets the job.correlator value for the dependency submission
  • GITHUB_DEPENDENCY_GRAPH_JOB_ID: Sets the job.id value for the dependency submission
  • GITHUB_REF: Sets the ref value for the dependency submission
  • GITHUB_SHA: Sets the sha value for the dependency submission
  • GITHUB_WORKSPACE: Sets the root directory of the github repository
  • GITHUB_DEPENDENCY_GRAPH_REPORT_DIR (optional): Specifies where the dependency graph report will be generated

Building/Testing

To build and test this plugin, run the following task:

./gradlew check

To self-test this plugin and generate a dependency graph for this repository, run:

./plugin-self-test-local

The generated dependency graph will be submitted to GitHub only if you supply a GitHub API token via the environment variable GITHUB_TOKEN.

About

Gradle Plugin for Extracting Dependency Information to send to GitHub

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Languages

  • Kotlin 47.2%
  • Groovy 38.1%
  • Java 13.7%
  • Shell 1.0%