advanced-security / maven-dependency-submission-action

GitHub Action for submitting Maven dependencies
MIT License
48 stars 24 forks source link

How to use with PR and Branch #64

Open ArneRiemann4711 opened 9 months ago

ArneRiemann4711 commented 9 months ago

We follow a kind of golden binary scenario and release our feature branches.

Unfortunately, the action doesn't really seem to work with pull requests and branches ? We would like to submit the dependency graph of the last build.

name: sbom-submit

defaults:
  run:
    working-directory: service

on:
  push:
    branches-ignore:
      - "main"

jobs:
  create-sbom:
    runs-on: ubuntu-latest
    permissions:
        contents: write 
    steps:
      - uses: actions/checkout@v3

      - name: Setup Java (SBOM)
        uses: actions/setup-java@v3
        with:
          java-version: 17
          distribution: 'corretto'

      - name: Make mvnw executable (SBOM)
        run: chmod +x mvnw

      - name: Submit Dependency Snapshot (SBOM)
        uses: advanced-security/maven-dependency-submission-action@v4
        with:
         directory: ${{ github.workspace }}/service
         snapshot-ref: ${{ github.event.pull_request.head.ref }}

Everything is "green" but the Graph is not updated. When running in main branch everything works as expected. Any ideas or suggestions?