A GitHub action to submit your dependency graph from your Mill build to GitHub via their Dependency Submission API.
The main benifits of doing this are:
- Being able to see your dependency graph on GitHub in your Insights tab. For example you can see this here for this plugin.
- If enabled, Dependabot can send you alerts about security vulnerabilities in your dependencies.
- Make sure in your repo settings the Dependency Graph feature is enabled as well as Dependabot Alerts if you'd like them. (Settings -> Code security and analysis)
Create a workflow with the following:
name: github-dependency-graph
# The API requires write permission on the repository to submit dependencies
permissions:
contents: write
on:
push:
branches:
- main
jobs:
submit-dependency-graph:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: coursier/cache-action@v6
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
- uses: ckipp01/mill-dependency-submission@v1
You can also just run the following command from the root of your workspace which will create the file for you:
curl -o .github/workflows/github-dependency-graph.yml --create-dirs https://raw.githubusercontent.com/ckipp01/mill-github-dependency-graph/main/.github/workflows/github-dependency-graph.yml
The relative path of the working directory of your build (where your
.mill-version and build.sc are). This defaults to .
.
Override the default version of ckipp01/mill-github-dependency-graph plugin that is used internally.
This error happens when the Dependency Graph
feature is disabled. You can
enable it in Settings
> Code Security and Analysis
.
You can see further explanation on the inner workings of the Mill plugin in ckipp01/mill-github-dependency-graph.