Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Artifact downloaded but 'No dependency graph files found to submit' when using download-and-submit #196

Closed
Pil0tXia opened this issue Apr 24, 2024 · 4 comments
Closed

Artifact downloaded but 'No dependency graph files found to submit' when using download-and-submit #196

Pil0tXia opened this issue Apr 24, 2024 · 4 comments
Assignees
@bigdaz
Labels
bug Something isn't working in:dependency-submission

Comments

@Pil0tXia
Copy link

Pil0tXia commented Apr 24, 2024
edited
Loading

I tried Integrating dependency-submission and dependency-review-action for pull requests from public forked repositories, the workflow files are as follows:

However, neither dependency-submission@v3 (Commit, Actions log) or setup-gradle@v3 (Commit, Actions log), the following log was output, and the gradle dependencies were not added to the dependency graph of the Repo (that is, the artifacts marked with Detected by GitHub Dependency Graph Gradle Plugin):

Artifact download completed successfully.
Downloading dependency-graph artifact dependency-graph_code_scanning-build-java.json to /home/runner/work/eventmesh/eventmesh
Found dependency graph files:
No dependency graph files found to submit.

When I rolled back to gradle/gradle-build-action@v2, it worked (Commit, Actions log), and the dependency graph of the Repo had been updated.
@Pil0tXia Pil0tXia mentioned this issue Apr 24, 2024
Merged
@bigdaz
Copy link
Member

bigdaz commented Apr 24, 2024

Thanks for your report. The dependency-graph is being generated and saved (you can see the attached artifact here), but it appears that the download-and-submit part of the workflow is not working.

This functionality is difficult to verify with automated testing, so it's possible I introduced a bug as part of this fix in v3.3.1.
Can you please try using v3.3.0 (gradle/actions/[email protected])?

Pil0tXia added a commit to Pil0tXia/eventmesh that referenced this issue Apr 24, 2024
@Pil0tXia
Test gradle/actions#196 (comment)
74a95ab
Pil0tXia added a commit to Pil0tXia/eventmesh that referenced this issue Apr 24, 2024
@Pil0tXia
Test gradle/actions#196 (comment)
b96139c
Pil0tXia added a commit to Pil0tXia/eventmesh that referenced this issue Apr 24, 2024
@Pil0tXia
change deps and test gradle/actions#196 (comment) in PR
f2060f7
@Pil0tXia
Copy link
Author

@bigdaz

Hi! I've made changes in Pil0tXia/eventmesh@b96139c, it seems v3.3.0 works well on master branch and PR branch.

@bigdaz bigdaz added bug Something isn't working in:dependency-submission labels Apr 24, 2024
@bigdaz bigdaz self-assigned this Apr 24, 2024
@bigdaz bigdaz added this to the v3.4 milestone Apr 24, 2024
@bigdaz
Copy link
Member

bigdaz commented Apr 24, 2024

Thanks for letting me know. I'll try to get this fixed ASAP.
Once this issue is resolved (and a new release published) you should be able to switch back to using v3.

@bigdaz bigdaz changed the title [Bug] [dependency-submission@v3] dependency-graph artifact downloaded but 'No dependency graph files found to submit' Artifact downloaded but 'No dependency graph files found to submit' when using download-and-submit Apr 25, 2024
@bigdaz bigdaz modified the milestones: v3.4, v3.3.1, v3.3.2 Apr 25, 2024
bigdaz added a commit that referenced this issue Apr 25, 2024
@bigdaz
Set the report dir for download-and-submit
516f34c 
Fixes #196
@bigdaz bigdaz closed this as completed in 7763d71 Apr 25, 2024
@bigdaz
Copy link
Member

bigdaz commented Apr 25, 2024

@Pil0tXia Thanks again for the thorough report: it helped me get this fixed quickly.
I've released v3.3.2 with the fix so you should be able to switch back to using v3.

mxsm pushed a commit to apache/eventmesh that referenced this issue May 17, 2024
@Pil0tXia
[ISSUE #4720] Modernize CI license check and Enable Dependabot (#4827)
beaa735 
* Sync changes in #4719

* minor change

* Only keep the artifact name

* Run `sed -i 's/-[0-9].*\.jar//g'`

* Run `sort known-dependencies.txt | uniq > known-dependencies-unique.txt`

* Allow CI to run on branches with namespace in the branch name in forked repos

* Correct typo and remove useless command

* Use `sort -u -o` instead of `uniq` to remove duplicate artifacts with different version

* Enlarge open-pull-requests-limit

* minor: polish tips

* Test apache/skywalking-eyes/dependency CI result

* Fix 'unable to find version `0.6.0`'

* See debug log to prove it works

* skywalking-eyes/dependency doesn't support gradle, test basic actions/dependency-review-action

* Add all denied licenses

* Remove redundant check

* Remove not included SPDX: ASL, RSAL

* Add a useful printAllDependencyTrees task

* Exampt safe artifact under multiple licenses

* Exempt more safe artifacts (Looks like the last of them)

* 'allow-dependencies-licenses' attribute only supports single-line text

* Add a TODO comment

* Add more file extensions for checkstyle

* Resolve some checkstyle header violations

* Add back apache/skywalking-eyes

* Fix downloaded file didn't have a `.`

* Disable Go deps update & Must pass CI before merge

* No need to force up-to-date & Auto-approve only

* Remove the slash at the end of the homepage url in Repo GitHub desc

* Skip patch updates temporarily to reduce PR noise

* Logback removed after be06ef7

* Accept patch update

* Submit dependency graph

* Follow https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories

* try to sort dependency graph workflow exec seq

* `workflow_run` event will only trigger a workflow run if the workflow file is on the default branch

* Grant required permission of CodeQL

* Attempt to fix 'No dependency graph files found to submit'

* Attempt to fix 'No dependency graph files found to submit' try 2

* Attempt to fix 'No dependency graph files found to submit' try 3

* Attempt to fix 'No dependency graph files found to submit' try 4

* Try to check dependency-review

* Only check bundled dependencies

* Fix 'No snapshots were found for the head SHA' attempt 1

* Test runtimeClasspath dependencies

* Revert "Test runtimeClasspath dependencies"

This reverts commit 3de89a5.

* Try to retry 1 hr wo wait for snapshot update

* Test gradle/actions#196 (comment)

* Add todo comments

* Keep implementation and compileOnly for now

* Keep runtimeOnly deps

* [Breaking Change] Remove dependency-review-action and wait for its bugfix

* Add checkDeniedLicense into CI

* minor code optimization
@bigdaz bigdaz removed this from the v3.4 milestone Jun 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bigdaz bigdaz

Labels
bug Something isn't working in:dependency-submission
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bigdaz @Pil0tXia