search

Automattic / simplenote-android

Simplenote for Android
https://simplenote.com
GNU General Public License v2.0
1.75k stars 299 forks source link

ci: submit Gradle dependencies to GH dependency graph #1624

Closed wzieba closed 5 months ago

wzieba commented 6 months ago

Description

This PR adds a GitHub Actions job to send Gradle/Maven dependencies to Github Dependency Graph for each push to trunk or release/* branch.

By sending those dependencies, we allow Dependabot to scan whether dependencies we use are affected by known vulnerabilities.

Soon, those metrics will be available to visualize on Apps Metrics (link).

More about this project can be found internally at paaHJt-5Tn-p2

Testing instructions

I verified this PR works on fork: https://github.com/wzieba/simplenote-android/actions/runs/7568711116/job/20610447158

No testing is needed.

wpmobilebot commented 6 months ago
You can test the changes on this Pull Request by downloading an installable build (simplenote-android-installable-build-pr1624-2dda424-018d1c00-d454-4588-8c04-0c0a4dd20dd8.apk), or scanning this QR code: