GitHub's dependency graph features only support parsing Package.resolved, which most libraries don't check in. In order to workaround this, GitHub offers the Dependency Submission API to allow packages to submit their own package graph. We should offer a workflow to make it easy for packages to submit this.
Essentially it just needs to run swift package resolve, parse the results and send them to the API. There's a toolkit here and examples of other languages here
shahmishal
commented
1 week ago
GitHub's dependency graph features only support parsing Package.resolved, which most libraries don't check in. In order to workaround this, GitHub offers the Dependency Submission API to allow packages to submit their own package graph. We should offer a workflow to make it easy for packages to submit this.
Essentially it just needs to run
swift package resolve, parse the results and send them to the API. There's a toolkit here and examples of other languages here