chore: Add SECURITY.md (#5768) #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Submission | |
| on: | |
| push: | |
| branches: [ 'main' ] | |
| permissions: | |
| contents: write | |
| jobs: | |
| dependency-submission: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup JDK 11 | |
| id: setup-java-11 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '11' | |
| - name: Set JAVA_HOME | |
| run: echo "JAVA_HOME=${{ steps.setup-java-11.outputs.path }}" >> $GITHUB_ENV | |
| - name: Setup gradle properties | |
| run: | | |
| .github/scripts/gradle-properties.sh >> gradle.properties | |
| cat gradle.properties | |
| - name: Generate and submit dependency graph | |
| uses: gradle/actions/dependency-submission@v3 | |
| env: | |
| # Dependencies derived from :server-jetty-app runtimeClasspath get a "runtime" scope and everything else gets | |
| # a "development" scope. Ideally, gradle would be able to pass along the finer dependency details (for | |
| # example, the exact configuration scopes), but this is a limitation of GitHub dependency submissions API, see | |
| # note in https://github.com/gradle/actions/tree/main/dependency-submission#limiting-the-dependencies-that-appear-in-the-dependency-graph | |
| DEPENDENCY_GRAPH_RUNTIME_INCLUDE_PROJECTS: ':server-jetty-app' | |
| DEPENDENCY_GRAPH_RUNTIME_INCLUDE_CONFIGURATIONS: 'runtimeClasspath' |