Comments (4)
vorburger
commented on May 27, 2024
OK, so according to https://github.com/marketplace?query=dependency+submission+gradle, there are apparently (at least) 2-3 choices here:
- https://github.com/marketplace/actions/gradle-buildjet-action
- https://github.com/marketplace/actions/gradle-build-action
- https://github.com/marketplace/actions/gradle-dependency-submission
The 1. looks, to me, like an extremely suspicious rip-off from 2. so let's stay clear of that! (Note it has 0 Stars, and the exact same README... that's kind of textbook what one would do if I tried to take over a popular GitHub Action for malicious purposes! It may also be harmless, of course; but let's not find out.)
The 2. looks great, albeit a bit.. overwhelming? It does lots of great looking stuff (optimized caching; thank you!) - but I'm not 100% convinced we could use it JUST to Generate and Submit a GitHub Dependency Graph ... maybe, or maybe not; I have a hunch that until we sort out that whole Build with Google Kokoro vs. GitHub Action can of worms, it could be overkill. Its doc also refers to https://github.com/gradle/github-dependency-graph-gradle-plugin, with a README that says support coming in a future release, which doesn't inspire confidence in me (and each new Gradle plugin can be a PITA for future upgrades; I've been there).
The 3. looks simpler and focused only on dependency submission, and is apparently essentially based on just e.g. ./gradlew demo:dependencies - without requiring adding any additional Gradle plugins - I like the sound of that! Hear Gradle 7.5 or newer is required but that's cool because we're on 8.0. I'll therefore further pursue this choice!
from android-fhir.
vorburger
commented on May 27, 2024
I'm dumb... 😺 this project already uses 2. (I just didn't see it at first, because it's in an "included" YAML); #2208 enables it.
from android-fhir.
omarismail94
commented on May 27, 2024
Im not sure if the Gradle Dependency Plugin supports Kotlin: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems
from android-fhir.
vorburger
commented on May 27, 2024
Im not sure if the Gradle Dependency Plugin supports Kotlin: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems
I have a hunch that it will work, because this Kotlin Android project ultimately still just manages it's dependencies using what the doc you are linking to refers to as the Maven Ecosystem...
Review #2208 and if OK for you merge it, and we'll find out!
from android-fhir.
Related Issues (20)
- Declare dependencies differently, so that Dependabot "sees" them (and "group" dependencies which Dependabot already sees) HOT 4
- Run Flank in GitHub Action HOT 6
- AndroidxTest JAR duplicates on testImplementation scope of `common` module
- Build Failure: CodeQL detected code written in Java/Kotlin but could not process any of it. HOT 4
- Too many Email Notifications since Committers (Maintainers) seem to automagically get added as reviewers now? HOT 3
- Exception with the Flow while using Obfuscation and Shrink Resource in release build HOT 4
- Search query takes more time while loading service data HOT 10
- Error with Json Patch HOT 3
- Migrate to Kotlin Multiplatform HOT 3
- Getting Page not found for example of applying custom component implementation in Github Page. HOT 1
- Test $apply using Measles Immunization mini-IG HOT 1
- Questionnaire content style customization HOT 3
- Bug Report: Calculated Expression Fails to Update Beyond Initial Changes in Questionnaire HOT 1
- SyncUploadProgress Only Emits on Batch Success, Delaying Database Consolidation HOT 1
- help info box disappears after changing answer HOT 2
- Ability to Dump Application's Database HOT 7
- Concurrent Sync Worker execution can lead to data inconsistencies
- Uploader should not be responsible for creating patches
- Inaccurate tracking of SyncJobStatus due to "completion-event" preceding room db update
- PerResourceLocalChangeFetcher gives back incorrect total changes to be uploaded
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from android-fhir.