Skip to content

Add dependency-submission workflow to collect gradle dependencies #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ostinru wants to merge 1 commit into
base: merge-with-upstream
Choose a base branch
from
Open

Add dependency-submission workflow to collect gradle dependencies #29

ostinru wants to merge 1 commit into from

Conversation

@ostinru
Copy link
Collaborator

@ostinru ostinru commented Jan 20, 2026

Gradle Dependency Submission for cloudberry-pxf

GitHub can collect[1] gradle dependencies on its own. However It fails to collect it when build.gradle is located in the nested directory.

Adding new github-action workflow that mimics what github doing automatically[2].

[1] https://github.blog/changelog/2025-05-27-dependency-auto-submission-now-supports-gradle/
[2] https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-automatic-dependency-submission-for-your-repository#gradle-projects

@ostinru
Copy link
Collaborator Author

ostinru commented Jan 20, 2026

Hi! This PR is intended to collect gradle dependencies and show vulnerable ones in Security section of this repository. It increases amount of dependencies from ~100 to ~400.

Note: this workflow requires write permission, so it is triggered only on push to master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ostinru