GitHub Action
Sbt Dependency Submission
A Github action to submit the dependency graph of an sbt build to the Github Dependency submission API.
Before running the workflow, make sure that the Dependency Graph
feature is enabled in the settings of your repository (Settings
> Code Security and Analysis
).
The graph of your sbt build will be visible in the Dependency Graph page of the Insights
tab.
Enable Dependabot in your project settings to receive alerts for vulnerabilities that affect your sbt project.
Any sbt project whose sbt version is equal to or greater than 1.3.
Create a Github Action file under .github/workflows
containing the following definition.
# .github/workflows/dependency-graph.yml
name: Update Dependency Graph
on:
push:
branches:
- main # default branch of the project
jobs:
dependency-graph:
name: Update Dependency Graph
runs-on: ubuntu-latest # or windows-latest, or macOS-latest
permissions:
contents: write # this permission is needed to submit the dependency graph
steps:
- uses: actions/checkout@v3
- uses: scalacenter/sbt-dependency-submission@v1
The relative path of the working directory of your sbt build.
Default value is .
A list of space-separated names of modules to ignore. The action will not resolve nor submit the dependencies of these modules.
The name of a module contains the name of the project and its binary version.
Example: foo_2.13 bar_2.13
In this example the snapshot will not contain the graphs of foo_2.13
and bar_3
.
steps:
- uses: actions/checkout@v3
- uses: scalacenter/sbt-dependency-submission@v1
with:
base-dir: ./my-scala-project
projects: foo_2.13 bar_3
This error happens when the Dependency Graph
feature is disabled.
You can enable it in Settings
> Code Security and Analysis
.