This GitHub Action calculates Git Submodule dependencies for a Github repository and submits the list to the Dependency submission API. Dependencies then appear in your repository's dependency graph.
Note that the GitHub Advisory database does not support Git Submodule ecosystem, therefore you will not receive Dependabot alerts for vulnerable or out-of-date dependencies.
Because this action is written in TypeScript, you need to compile it and checkin the generated .js files along with the licenses.txt file
.:~$ npm install @actions/core @actions/github
.:~$ ncc dist/index.ts --license licenses.txt[TODO]: Write tests to run locally
name: Git Submodule Submission
on:
push:
branches:
- main
# The API requires write permission on the repository to submit dependencies
permissions:
contents: write
jobs:
git-submodule-action-detection:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
# We need to initialize an update the subodules so the script
# can retrieve the TAG/SHA of the dependencies.
- name: 'Git submodule init'
run: git submodule init
- name: 'Git submodule update'
run: git submodule update
- name: Run snapshot action
uses: TF-RMM/[email protected]
with:
# Optional. Comma-separated list of git submodule dependencies that are
# only needed during develpment.
development-deps: cpputest