Possible to submit multiple, independent projects?

[mkurz]

Sorry for my ignorance in case that is possible anyway and I just couldn't figure it out or was misconfiguring things or was discussed already.

Let's say I have a repository with two independent projects project_a/build.sbt and project_b/build.sbt.
Can I submit both of those build.sbt files to GitHub so they show up independent in the /network/dependencies view?
I tried that with the Play Framework were we have a build.sbt and a documentation/build.sbt, but in the GitHub UI only the build.sbt shows up.
The workflow: https://github.com/playframework/playframework/blob/3c21f31f28c27ad00c9495096fa60e25a4b67050/.github/workflows/dependency-graph.yml#L24-L27

I think this has to be possible somehow because in our Dependency UI it shows all our (multiple) yml workflow files already.

[adpi2]

Thanks for opening this issue. It should indeed be possible to submit multiple independent projects but currently it is not.

The problem is that currently all manifests are declared as coming from a single build file build.sbt:

sbt-dependency-submission/sbt-plugin/src/main/scala/ch/epfl/scala/GithubDependencyGraphPlugin.scala

Lines 186 to 187 in 04f2579

	// TODO: find exact build file for this project
	val file = githubapi.FileInfo("build.sbt")

I think we can fix this by comparing the sbt baseDirectory with the GITHUB_WORKSPACE from Github default env variables.

[mkurz]

@adpi2 Thanks! Would be nice to have this working 😉

[mkurz]

Thanks for fixing. However how does that actually work now?
Do I need to run a separate step for each project? E.g.

...
steps:
  - uses: actions/checkout@v3
  - uses: scalacenter/sbt-dependency-submission@v2
    with:
      working-directory: ./my-scala-project-one
  - uses: scalacenter/sbt-dependency-submission@v2
    with:
      working-directory: ./my-scala-project-two

Or does the action detect all build.sbt files automatically?

[adpi2]

Thanks for fixing. However how does that actually work now?
Do I need to run a separate step for each project? E.g.

Yes you still need to run a separate step for each project.

The fix is released in 2.2.1. @mkurz Could you test that it works as expected?

[adpi2]

It seems that Github only takes into account the latest snapshot of a job. See for instance, this job submitted three snaphsots but only one is displayed in the Dependency Graph view

[mkurz]

@adpi2 Exactly, see my comment playframework/play-mailer#250 (comment)

[adpi2]

@mkurz, thanks for the comment. Being able to send the manifests of several build in a single snapshot would require quite some changes in the architecture of the action. I could try it but I think there is a simpler fix.

Currently we use the pair GITHUB_RUN_ID and GITHUB_JOB as identifier of a snapshot. In your job there are possibly both the same and that would be why the snapshots get overwritten.

[adpi2]

Found some interesting documentation about that problem:

Correlator provides a key that is used to group snapshots submitted over time. Only the "latest" submitted snapshot for a given combination of job.correlator and detector.name will be considered when calculating a repository's current dependencies. Correlator should be as unique as it takes to distinguish all detection runs for a given "wave" of CI workflow you run. If you're using GitHub Actions, a good default value for this could be the environment variables GITHUB_WORKFLOW and GITHUB_JOB concatenated together. If you're using a build matrix, then you'll also need to add additional key(s) to distinguish between each submission inside a matrix variation.

[adpi2]

@mkurz If you can try again to run your dependency submission that would be very helpful

[mkurz]

@adpi2 It's working now 🎉

• https://github.com/playframework/play-mailer/actions/runs/4511227545/jobs/7946346475
• https://github.com/playframework/play-mailer/network/dependencies

Thanks!