From 6d6dc891c7f1e23e3ee53bea09ed9954ac3b359b Mon Sep 17 00:00:00 2001 From: Tomo Suzuki Date: Tue, 6 Feb 2024 18:27:23 -0500 Subject: [PATCH] ci: unmanaged dependency check (#1892) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ci: unmanaged dependency check This is is the implementation for the one I got your review in go/cloud-sdk-java-dependency-governance-design. This check will avoid accidentally adding a third-party dependency. b/320677249 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot --- .../workflows/unmanaged_dependency_check.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/unmanaged_dependency_check.yaml diff --git a/.github/workflows/unmanaged_dependency_check.yaml b/.github/workflows/unmanaged_dependency_check.yaml new file mode 100644 index 000000000..62c5fa4a0 --- /dev/null +++ b/.github/workflows/unmanaged_dependency_check.yaml @@ -0,0 +1,22 @@ +on: + pull_request: +name: Unmanaged dependency check +jobs: + unmanaged_dependency_check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-java@v3 + with: + distribution: temurin + java-version: 11 + - name: Install modules + shell: bash + run: | + # No argument to build.sh installs the modules in local Maven + # repository + .kokoro/build.sh + - name: Unmanaged dependency check + uses: googleapis/sdk-platform-java/java-shared-dependencies/unmanaged-dependency-check@unmanaged-dependencies-check-latest + with: + bom-path: google-cloud-pubsub-bom/pom.xml