dependency-submission.yml

name: Dependency Submission

on:
  workflow_dispatch:
  push:
    branches: ["main", "master"]

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

permissions:
  contents: write

jobs:
  dependency-submission:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout sources
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - uses: actions/cache@v4
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
          restore-keys: gradle
  
      - name: Setup Java
        uses: actions/setup-java@v4
        with:
          distribution: "temurin"
          java-version: 17

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v4
  
      # Generates and submits a dependency graph for a Gradle project,
      # allowing GitHub to alert about reported vulnerabilities in project dependencies.
      #  The following workflow will generate a dependency graph for a 
      # Gradle project and submit it immediately to the repository via 
      # the Dependency Submission API.
      - name: Generate and submit dependency graph
        uses: gradle/actions/dependency-submission@v4