ci: write permissions to maven-dependency-submission

Signed-off-by: Jorge Solórzano <[email protected]>
ongres · Jun 10, 2024 · c859caf · c859caf
1 parent c74d149
commit c859caf
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -5,13 +5,13 @@ name: Java CI with Maven
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [$default-branch]
   pull_request:
-    branches: [ "main" ]
+    branches: [$default-branch]
 
 jobs:
   build:
-    runs-on: "ubuntu-latest"
+    runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
     - name: Set up JDK 21
@@ -23,6 +23,12 @@ jobs:
     - name: Build with Maven
       run: ./mvnw -B verify -P checks,run-its
 
-    # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
-    - name: Update dependency graph
-      uses: advanced-security/maven-dependency-submission-action@5d0f9011b55d6268922128af45275986303459c3
+  # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+  dependency-submission:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write #required for POST snapshot API https://docs.github.com/en/rest/dependency-graph/dependency-submission#create-a-snapshot-of-dependencies-for-a-repository
+    steps:
+      - uses: actions/checkout@v4
+      - name: Update dependency graph
+        uses: advanced-security/maven-dependency-submission-action@5d0f9011b55d6268922128af45275986303459c3