From 5b65c8d86d442f3f4e28bfeaa53a68d537d706bd Mon Sep 17 00:00:00 2001
From: "gu-dependency-graph-integrator[bot]"
 <156913822+gu-dependency-graph-integrator[bot]@users.noreply.github.com>
Date: Tue, 12 Nov 2024 09:30:53 +0000
Subject: [PATCH 1/3] Add sbt-dependency-graph.yaml

---
 .github/workflows/sbt-dependency-graph.yaml | 31 +++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/sbt-dependency-graph.yaml

diff --git a/.github/workflows/sbt-dependency-graph.yaml b/.github/workflows/sbt-dependency-graph.yaml
new file mode 100644
index 0000000..70f7698
--- /dev/null
+++ b/.github/workflows/sbt-dependency-graph.yaml
@@ -0,0 +1,31 @@
+name: Update Dependency Graph for sbt
+on:
+  push:
+    branches:
+      - main
+      - sbt-dependency-graph-a9f34dbc42c526b7
+  workflow_dispatch: 
+jobs:
+  dependency-graph:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout branch
+        id: checkout
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - name: Install Java
+        id: java
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.2.0
+        with:
+          distribution: corretto
+          java-version: 17
+      - name: Install sbt
+        id: sbt
+        uses: sbt/setup-sbt@8a071aa780c993c7a204c785d04d3e8eb64ef272 # v1.1.0
+      - name: Submit dependencies
+        id: submit
+        uses: scalacenter/sbt-dependency-submission@64084844d2b0a9b6c3765f33acde2fbe3f5ae7d3 # v3.1.0
+      - name: Log snapshot for user validation
+        id: validate
+        run: cat ${{ steps.submit.outputs.snapshot-json-path }} | jq
+    permissions:
+      contents: write

From 7fbf45110a53f03855b85f9a8e2c834045ae996d Mon Sep 17 00:00:00 2001
From: Emily Bourke <emily.bourke@guardian.co.uk>
Date: Tue, 7 Jan 2025 15:52:42 +0000
Subject: [PATCH 2/3] Remove test branch trigger
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Following the PR checklist, I’ve confirmed the dependency output looks
good and we can now remove the test branch trigger.
---
 .github/workflows/sbt-dependency-graph.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/sbt-dependency-graph.yaml b/.github/workflows/sbt-dependency-graph.yaml
index 70f7698..b8c4648 100644
--- a/.github/workflows/sbt-dependency-graph.yaml
+++ b/.github/workflows/sbt-dependency-graph.yaml
@@ -3,8 +3,7 @@ on:
   push:
     branches:
       - main
-      - sbt-dependency-graph-a9f34dbc42c526b7
-  workflow_dispatch: 
+  workflow_dispatch:
 jobs:
   dependency-graph:
     runs-on: ubuntu-latest

From 09d75cae1e19c42d88f6f26d3dd9e03563805e16 Mon Sep 17 00:00:00 2001
From: Emily Bourke <emily.bourke@guardian.co.uk>
Date: Tue, 7 Jan 2025 15:52:49 +0000
Subject: [PATCH 3/3] Remove snyk workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Now that we’re sending our dependencies to github, we don’t need to send
them to snyk anymore.
---
 .github/workflows/snyk.yml | 20 --------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 .github/workflows/snyk.yml

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
deleted file mode 100644
index 9e87f1d..0000000
--- a/.github/workflows/snyk.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: Snyk
-
-on:
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-
-jobs:
-  security:
-    uses: guardian/.github/.github/workflows/sbt-node-snyk.yml@main
-    with:
-      DEBUG: true
-      ORG: guardian-capi
-      SKIP_NODE: false
-      
-      NODE_VERSION_OVERRIDE: 16
-      
-    secrets:
-       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}