A Mill plugin to submit your dependency graph to the GitHub Dependency Graph API
APACHE-2.0 License
A Mill plugin to submit your dependency graph to GitHub via their Dependency Submission API.
The main benifits of doing this are:
The easiest way to use this plugin is with the mill-dependency-submission action. You can add this to a workflow like below:
name: github-dependency-graph
on:
push:
branches:
- main
jobs:
submit-dependency-graph:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: coursier/cache-action@v6
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
- uses: ckipp01/mill-dependency-submission@v1
You can also just run the following command from the root of your workspace which will create the file for you:
curl -o .github/workflows/github-dependency-graph.yml --create-dirs https://raw.githubusercontent.com/ckipp01/mill-github-dependency-graph/main/.github/workflows/github-dependency-graph.yml
After you submit your graph you'll be able to view your dependencies.
The general idea is that the plugin works in a few steps:
DependencyTree
functionality.DependencySnapshot
, which is what GitHub understandsYou can use another available task to see what the
Manifest
s
look like locally for your project, which are the main part of the
DependencySnapshot
.
./mill --import ivy:io.chris-kipp::mill-github-dependency-graph::0.1.0 show io.kipp.mill.github.dependency.graph.Graph/generate
You'll notice when using this that a lot of dependencies aren't linked back to the repositories where they are located, some may be wrongly linked, and much of the information the plugin is providing (like direct vs indirect) isn't actually displayed in the UI. Much of this is either bugs or limitations on the GitHub UI side. You can follow some conversation on this here.