bigdaz
commented
1 year ago Thanks very much for the PR. I'm a bit unsure about changing the value of the default GITHUB_SHA environment variable, since this could have unexpected impacts in the case that someone was relying on the default value.
Instead, I think we should define a custom environment variable for this purpose, and change the dependency-graph-gradle-plugin to consume this. I can take it from here.
juxtin
This is my humble attempt at resolving https://github.com/gradle/gradle-build-action/issues/882.
I essentially copied what we did in github/dependency-submission-toolkit and applied it to the convention used by gradle/github-dependency-graph-gradle-plugin.
Note: I haven't yet directly verified that this works. What should happen is that dependencies are submitted on push exactly the same as they always have, and dependencies submitted for PRs should have the same SHA as the last commit on the PR branch.
closes https://github.com/gradle/gradle-build-action/issues/882