Go build-target dependencies for a and submits the list to the Dependency Submission API
main function) and submits the list to the Dependency submission API. Dependencies then appear in your repository's dependency graph, and you'll receive Dependabot alerts and updates for vulnerable or out-of-date dependencies.
Because we are checking in the Typescript output, you may see check failures if you don't generate the contents of dist/ in a similar manner to our CI check. You can easily rectify this by regenerating in a codespace and using what we use in our workflow YAML:
npm ci --ignore-scripts
npm rebuild && npm run all
name: Go Dependency Submission
on:
push:
branches:
- main
# The API requires write permission on the repository to submit dependencies
permissions:
contents: write
# Environment variables to configure Go and Go modules. Customize as necessary
env:
GOPROXY: '' # A Go Proxy server to be used
GOPRIVATE: '' # A list of modules are considered private and not requested from GOPROXY
jobs:
go-action-detection:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: '>=1.18.0'
- name: Run snapshot action
uses: nextlinux/submit-go-dependency@v1
with:
# Required: Define the repo path to the go.mod file used by the
# build target
go-mod-path: go-example/go.mod
#
# Optional: Define the path of a build target (a file with a
# `main()` function) If not defined, this Action will collect all
# dependencies used by all build targets for the module, which may
# include Go dependencies used by tests and tooling.
go-build-target: go-example/cmd/octocat.go