Submit dependency reports to github

tidal-music · Aug 22, 2023 · ec4c5c0 · ec4c5c0
1 parent 9c9e962
commit ec4c5c0
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 1 deletion.
diff --git a/.github/workflows/dependencyReport.yml b/.github/workflows/dependencyReport.yml
@@ -1,5 +1,7 @@
 name: Submit dependencies
 on: push
+permissions:
+  contents: write
 jobs:
   library:
     runs-on: ubuntu-22.04
@@ -11,4 +13,22 @@ jobs:
           java-version: 17
           cache: gradle
       - run: .scripts/dependency_report_generate.sh -m library -c allSourceSetsCompileDependenciesMetadata > dependencies_library_raw
-      - run: echo "SCANNED_AT=$(TZ=UTC date +"%Y-%m-%dT%H:%M:%SZ")" >> $GITHUB_ENV
+      - run: .scripts/github/dependency_report_raw_as_github_json.sh -i dependencies_library_raw -n library -s $(TZ=UTC date +"%Y-%m-%dT%H:%M:%SZ") > dependencies_library.github.json
+      - run: |
+          echo RESPONSE_CODE=$(curl -L \
+           -X POST \
+           -H "Accept: application/vnd.github+json" \
+           -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+           -H "X-GitHub-Api-Version: 2022-11-28" \
+           https://api.github.com/repos/$GITHUB_REPOSITORY/dependency-graph/snapshots \
+           --data-binary "@dependencies_library.github.json" \
+           -o /dev/null \
+           -w '%{http_code}') >> $GITHUB_ENV
+      - run: |
+          if [[ "$RESPONSE_CODE" == "201" ]];
+          then
+            exit 0
+          else
+            echo "Dependency submission failed with HTTP code $RESPONSE_CODE"
+            exit 1
+          fi
diff --git a/.scripts/github/dependency_report_as_github_json.sh b/.scripts/github/dependency_report_as_github_json.sh
@@ -0,0 +1,82 @@
+#!/bin/bash
+set -e
+
+DIR_TMP="build/report_dependencies_github_json"
+rm -rf $DIR_TMP || true
+mkdir -p $DIR_TMP
+
+print_usage()
+{
+  echo "Usage: $0 -i <input_file> -n <manifest_name> -s <scanned_at>"
+}
+
+while getopts ":i:n:s:" OPT; do
+  case $OPT in
+    i) INPUT_FILE="$OPTARG"
+    ;;
+    n) MANIFEST_NAME="$OPTARG"
+    ;;
+    s) SCANNED_AT="$OPTARG"
+    ;;
+    ?) print_usage
+       exit 1
+    ;;
+  esac
+done
+if [ -z "${INPUT_FILE+x}" ]; then
+  print_usage
+  exit 1
+fi
+if [ -z "${MANIFEST_NAME+x}" ]; then
+  print_usage
+  exit 1
+fi
+if [ -z "${SCANNED_AT+x}" ]; then
+  print_usage
+  exit 1
+fi
+
+JSON=$(jq --null-input \
+--argjson VERSION 1 \
+--arg SHA "$GITHUB_SHA" \
+--arg REF "$GITHUB_REF" \
+--arg CORRELATOR "$GITHUB_WORKFLOW"_"$GITHUB_JOB" \
+--arg RUN_ID "$GITHUB_RUN_ID" \
+--arg HTML_URL "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \
+--arg DETECTOR_NAME "$GITHUB_REPOSITORY" \
+--arg DETECTOR_VERSION 1 \
+--arg DETECTOR_URL "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
+--arg SCANNED "$SCANNED_AT" \
+--arg MANIFEST_NAME "$MANIFEST_NAME" \
+'
+{
+  "version":$VERSION,
+  "sha":$SHA,
+  "ref":$REF,
+  "job":{
+    "correlator":$CORRELATOR,
+    "id":$RUN_ID,
+    "html_url":$HTML_URL
+  },
+  "detector":{
+    "name":$DETECTOR_NAME,
+    "version":$DETECTOR_VERSION,
+    "url":$DETECTOR_URL
+  },
+  "scanned":$SCANNED,
+  "manifests":{
+    ($MANIFEST_NAME):{
+      "name":$MANIFEST_NAME,
+      "resolved":{
+      }
+    }
+  }
+}
+')
+
+for LINE in $(cat $INPUT_FILE)
+do
+  JSON=$(jq '.manifests.'$MANIFEST_NAME'.resolved += {"'$LINE'": {}}' <<< $JSON)
+done
+
+jq -r tostring <<< $JSON