Skip to content

github/dependency-submission-toolkit

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

1e68a1d · Mar 21, 2025
Mar 11, 2025
Mar 10, 2025
Mar 12, 2024
Jun 30, 2022
Oct 10, 2022
May 11, 2022
Jul 12, 2024
May 11, 2022
Jan 22, 2024
Jan 12, 2024
Jan 22, 2024
Jan 22, 2025
Mar 20, 2025
Mar 20, 2025
Jan 12, 2024
Jan 12, 2024

Repository files navigation

Dependency Submission Toolkit

@github/dependency-submission-toolkit is a TypeScript library for creating dependency snapshots and submitting them to the dependency submission API. Snapshots are a set of dependencies grouped by manifest with some related metadata. A manifest can be a physical file or a more abstract representation of a dependency grouping (such processing of program outputs). After submission to the API, the included dependencies appear in the repository's dependency graph.

Installation

npm install @github/dependency-submission-toolkit

Writing Your Own Dependency Submission Action

You may use classes from @github/dependency-submission-toolkit to help in building your own GitHub Action for submitting dependencies to the Dependency Submission API. At a high level, the steps to use the classes are:

  1. Create a PackageCache of all of the packages that could be included in your manifest, as well define as the relationships between them.

  2. Using the packages defined in PackageCache, create a Manifest or a BuildTarget, which defines the dependencies of the build environment or specific build artifact.

  3. Create a Snapshot to include one or more Manifests or BuildTargets. The snapshot is the base container for submitting dependencies to the Dependency Submission API.

  4. Follow the instructions for Creating a JavaScript Action. These include:

    • Defining an action.yml action metadata file
    • Compiling the JavaScript into a single script using ncc
    • Testing your action in a workflow

A full example action using this library is included in the example/ directory. This example uses the output from the npm list to create an accurate and complete graph of the dependencies used in this library. This action is also included in a workflow in this repository and runs for each commit to the main branch.