This GitHub Action calculates dependencies for a Go build-target (a Go file with a main function) and submits the list to the Dependency submission API. Dependencies then appear in your repository's dependency graph, and you'll receive Dependabot alerts and updates for vulnerable or out-of-date dependencies.
Because we are checking in the Typescript output, you may see check failures if you don't generate the contents of dist/ in a similar manner to our CI check. You can easily rectify this by regenerating in a codespace and using what we use in our workflow YAML:
npm ci --ignore-scripts npm rebuild && npm run all name: Go Dependency Submissionon: push: branches: - main# The API requires write permission on the repository to submit dependenciespermissions: contents: write# Environment variables to configure Go and Go modules. Customize as necessaryenv: GOPROXY: ''# A Go Proxy server to be usedGOPRIVATE: ''# A list of modules are considered private and not requested from GOPROXYjobs: go-action-detection: runs-on: ubuntu-lateststeps: - name: 'Checkout Repository'uses: actions/checkout@v3 - uses: actions/setup-go@v3with: go-version: ">=1.18.0" - name: Run snapshot actionuses: actions/go-dependency-submission@v2with: # Required: Define the repo path to the go.mod file used by the# build targetgo-mod-path: go-example/go.mod## Optional: Define the path of a build target (a file with a# `main()` function) If not defined, this Action will collect all# dependencies used by all build targets for the module, which may# include Go dependencies used by tests and tooling.go-build-target: go-example/cmd/octocat.go