https://github.com/actions/go-dependency-submission

Calculates dependencies for a Go build-target and submits the list to the Dependency Submission API
https://github.com/actions/go-dependency-submission

dependencies

Last synced: 4 days ago
JSON representation

Calculates dependencies for a Go build-target and submits the list to the Dependency Submission API

• Host: GitHub
• URL: https://github.com/actions/go-dependency-submission
• Owner: actions
• License: mit
• Created: 2022-06-14T16:25:57.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-07-08T21:56:46.000Z (6 months ago)
• Last Synced: 2024-12-31T08:12:17.894Z (11 days ago)
• Topics: dependencies
• Language: TypeScript
• Homepage:
• Size: 744 KB
• Stars: 51
• Watchers: 8
• Forks: 29
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE.txt
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: CODEOWNERS
  • Security: SECURITY.md

Awesome Lists containing this project

README

        
# Go Dependency Submission

This GitHub Action calculates dependencies for a Go build-target (a Go file with a

`main` function) and submits the list to the [Dependency submission API](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api). Dependencies then appear in your repository's dependency graph, and you'll receive Dependabot alerts and updates for vulnerable or out-of-date dependencies. 

### Running locally

Because we are checking in the Typescript output, you may see check failures if you don't generate the contents of `dist/` in a similar manner to our CI check. You can easily rectify this by regenerating in a codespace and using what we use in our workflow YAML:

```

npm ci --ignore-scripts

npm rebuild && npm run all

```

### Example

```yaml

name: Go Dependency Submission

on:

  push:

    branches:

      - main

# The API requires write permission on the repository to submit dependencies

permissions:

  contents: write

# Environment variables to configure Go and Go modules. Customize as necessary

env:

  GOPROXY: '' # A Go Proxy server to be used

  GOPRIVATE: '' # A list of modules are considered private and not requested from GOPROXY

jobs:

  go-action-detection:

    runs-on: ubuntu-latest

    steps:

      - name: 'Checkout Repository'

        uses: actions/checkout@v3

      - uses: actions/setup-go@v3

        with:

          go-version: ">=1.18.0"

      - name: Run snapshot action

        uses: actions/go-dependency-submission@v2

        with:

            # Required: Define the repo path to the go.mod file used by the

            # build target

            go-mod-path: go-example/go.mod

            #

            # Optional: Define the path of a build target (a file with a

            # `main()` function) If not defined, this Action will collect all

            # dependencies used by all build targets for the module, which may

            # include Go dependencies used by tests and tooling.

            go-build-target: go-example/cmd/octocat.go

```