Comments (1)
Thanks for your interest and enthusiasm!
There are quite a few reasons that we can't yet (and maybe shouldn't ever) enable this by default for the setup-gradle
action:
- Generating a dependency graph is quite a new feature, and we aren't sure that it works in all cases. It should be more well used and tested before it's enabled by default.
- The
dependency-submission
workflow/job requirescontents: write
permissions. This might not be desirable for other workflows/jobs that are executing Gradle builds. - A CI pipeline may execute a large number of Gradle builds, and it may be wasteful if every one of the generated a separate dependency graph.
- It's common to only generate a dependency graph on pushes to
main
, and not for PRs and pushes to branches.
We recommend that dependency-submission
be configured in a workflow separate from your main build:
- The graph will be submitted faster, which can help when combined with the dependency-review-action
- There's less risk of a build failure changing the dependency graph result
Using a separate workflow is much like the way that code-scanning (CodeQL) is configured. We are in talks with GitHub to make it easier to add such a workflow, with an end goal to possibly have a "default" setup that doesn't even require adding a workflow file. This would be similar to enabling the default setup for code scanning.
That said, we are open to see how this functionality evolves and how it proves most useful. If we could find a fairly non-invasive way to have dependency-graph submitted for every repo that uses setup-gradle
, then that would be great!
from actions.
Related Issues (20)
- Failing to restore Gradle Cache because of "Error: Content-Length not found on blob response" HOT 5
- Does the build scan will reveal the secret key? HOT 1
- Error: Cache upload failed because file read failed with EBADF: bad file descriptor, read HOT 6
- dependency-submission triggered by tag on default branch does not update dependency results for repository HOT 7
- Indicate why cache is read-only in Job Summary
- Provide guidance on dependency-verification config when enabling build-scan publishing
- Develocity build scan publishing fails with v3.4.0 HOT 1
- Multiple GRADLE_USER_HOMEs HOT 1
- Provide info about configuration and project name for vulnerable dependency HOT 1
- Avoid downloading Gradle when version is pre-installed on runner
- gradle/actions/setup-gradle: 'wrapper' gradle-version does not use Gradle wrapper version HOT 3
- Gradle state from cache not restored from tags HOT 3
- Link to build scans are not reported in Job Summary HOT 2
- Add the July 02 Webinar to the documentation and references
- Support `runs-on/cache` (https://github.com/runs-on/cache) HOT 2
- Does the dependency-submission action support a monorepo configuration?
- Trouble caching build outputs HOT 2
- setup-grade action: Consider using D: drive on Windows Runners to address performance issues HOT 7
- Paths in `gradle-home-cache-excludes` are not honoured when restoring Gradle User Home from cache HOT 1
- Remove deprecated features in preparation for v4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from actions.