Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unique job matrix #80

Closed
wants to merge 0 commits into from
Closed

Unique job matrix #80

wants to merge 0 commits into from

Conversation

david-wiggs
Copy link
Contributor

This addresses #73 - @ebickle would you be able to test this by targeting david-wiggs/maven-dependency-submission-action@unique-job-matrix and give some feedback?

ebickle
ebickle reviewed May 7, 2024
View reviewed changes
action.yml Outdated Show resolved Hide resolved
src/index.ts Outdated Show resolved Hide resolved
src/snapshot-generator.ts Outdated Show resolved Hide resolved
README.md Outdated
with:
java-version: ${{ matrix.java-version }}
- name: Submit Dependency Snapshot
uses: advanced-security/maven-dependency-submission-action@v3
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few updates here - right now the ${{ matrix.pom-file }} isn't running a different dependency submission. For the repos I work on (e.g. monorepo Java with multiple project roots) Iike to use the directory input like this:

matrix:
  include:
    - java-version: 8
      directory: project1
    - java-version: 11
      directory: project2

Then for submission you could recommend something like this:

   - name: Submit Dependency Snapshot
      uses: advanced-security/maven-dependency-submission-action@v3
      with:
        directory: ${{ matrix.directory }}
        correlator: ${{ github.job }}-${{ matrix.directory }}

A file-based approach is possible but I believe it's more complex since mavenArgs would have to be set. I might be wrong though!

(Note there's no need to specify token: ${{ secrets.GITHUB_TOKEN }} since that's the default).

One thing I'm not sure about is what the character limits are for the correlator in the dependency submission snapshot - might be worth checking to ensure common path characters work. Job Ids are fairly restricted in terms of what they support, but that might not be true for submitted correlators.

Also recommend updating the action versions to the latest (non-deprecated) versions.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One thing I'm not sure about is what the character limits are for the correlator in the dependency submission snapshot - might be worth checking to ensure common path characters work.

👋🏽 from Dependency Graph! The correlator value can be any string, but we do trim it to 255 characters at most. If you think that limit is too low, we may be able to raise it.

AFAIK, we do not return any kind of error when the correlator is too long, we just silently trim it. So watch out for that.

@ebickle
Copy link

ebickle commented May 7, 2024

@david-wiggs this is going to help out a lot with our more complex configurations, thank you! I'm tossed some ideas in as comments on the draft PR - they're all just rough ideas, nothing necessary at all. Might be a day or two until I can give it a try, but I'll let you know when I do!

@ebickle ebickle mentioned this pull request Jul 15, 2024
Closed
@david-wiggs david-wiggs mentioned this pull request Jul 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juxtin juxtin juxtin left review comments

@ebickle ebickle ebickle left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@david-wiggs @ebickle @juxtin