Example Dependency Submission Action
ActionsTags
(2)Verified
@github/dependency-submission-toolkit is a TypeScript library for creating
dependency snapshots and submitting them to the dependency submission API.
Snapshots are a set of dependencies grouped by manifest with some related
metadata. A manifest can be a physical file or a more abstract representation of
a dependency grouping (such processing of program outputs). After submission to
the API, the included dependencies appear in the repository's
dependency graph.
npm install @github/dependency-submission-toolkit
You may use classes from @github/dependency-submission-toolkit to help in
building your own GitHub Action for submitting dependencies to the Dependency
Submission API. At a high level, the steps to use the classes are:
- 
Create a PackageCacheof all of the packages that could be included in your manifest, as well define as the relationships between them.
- 
Using the packages defined in PackageCache, create aManifestor aBuildTarget, which defines the dependencies of the build environment or specific build artifact.
- 
Create a Snapshotto include one or moreManifestsorBuildTargets. The snapshot is the base container for submitting dependencies to the Dependency Submission API.
- 
Follow the instructions for Creating a JavaScript Action. These include: - Defining an action.ymlaction metadata file
- Compiling the JavaScript into a single script using ncc
- Testing your action in a workflow
 
- Defining an 
A full example action using this library is included in the example/
directory. This example uses the output from the npm list to create an
accurate and complete graph of the dependencies used in this library. This
action is also included in a workflow in this repository and runs for each
commit to the main branch.
Example Dependency Submission Action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.