From b17b00d159ec066b15478e30eea933bfdc076e57 Mon Sep 17 00:00:00 2001
From: Ignacio Tischelman <114942102+NachoEmbrace@users.noreply.github.com>
Date: Wed, 24 Jul 2024 12:45:36 -0300
Subject: [PATCH 1/2] Using a background queue for session upload in
 SessionController (#18)

---
 Sources/EmbraceCore/Session/SessionController.swift | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Sources/EmbraceCore/Session/SessionController.swift b/Sources/EmbraceCore/Session/SessionController.swift
index 94e4677d..821b8359 100644
--- a/Sources/EmbraceCore/Session/SessionController.swift
+++ b/Sources/EmbraceCore/Session/SessionController.swift
@@ -35,6 +35,7 @@ class SessionController: SessionControllable {
     weak var storage: EmbraceStorage?
     weak var upload: EmbraceUpload?
     let heartbeat: SessionHeartbeat
+    let queue: DispatchQueue
 
     internal var notificationCenter = NotificationCenter.default
 
@@ -48,6 +49,7 @@ class SessionController: SessionControllable {
 
         let heartbeatQueue = DispatchQueue(label: "com.embrace.session_heartbeat")
         self.heartbeat = SessionHeartbeat(queue: heartbeatQueue, interval: heartbeatInterval)
+        self.queue = DispatchQueue(label: "com.embrace.session_controller_upload")
 
         self.heartbeat.callback = { [weak self] in
             let heartbeat = Date()
@@ -161,7 +163,9 @@ class SessionController: SessionControllable {
             return
         }
 
-        UnsentDataHandler.sendSession(session, storage: storage, upload: upload)
+        queue.async {
+            UnsentDataHandler.sendSession(session, storage: storage, upload: upload)
+        }
     }
 }
 

From e8e6dd02828a1843c8cd36795956c9c9407a41f5 Mon Sep 17 00:00:00 2001
From: Vitaliy <vitaliyf@users.noreply.github.com>
Date: Wed, 24 Jul 2024 13:25:13 -0400
Subject: [PATCH 2/2] Enable GitHub's dependency-review workflow. (#21)

---
 ...date.yaml => create-release-candidate.yml} |  0
 .github/workflows/dependency-review.yml       | 32 +++++++++++++++++++
 .github/workflows/publish.yml                 | 29 -----------------
 3 files changed, 32 insertions(+), 29 deletions(-)
 rename .github/workflows/{create-release-candidate.yaml => create-release-candidate.yml} (100%)
 create mode 100644 .github/workflows/dependency-review.yml
 delete mode 100644 .github/workflows/publish.yml

diff --git a/.github/workflows/create-release-candidate.yaml b/.github/workflows/create-release-candidate.yml
similarity index 100%
rename from .github/workflows/create-release-candidate.yaml
rename to .github/workflows/create-release-candidate.yml
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 00000000..d5173e64
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,32 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable
+# packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: Dependency Review
+on:
+  pull_request:
+    branches: [ "main" ]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
+        with:
+          comment-summary-in-pr: always
+        #   fail-on-severity: moderate
+        #   deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later
+        #   retry-on-snapshot-warnings: true
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
deleted file mode 100644
index 2cb867d6..00000000
--- a/.github/workflows/publish.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-name: Publish
-
-on:
-  workflow_dispatch: {}
-  push:
-    branches:
-      - main
-
-jobs:
-  run-tests-workflow:
-    if: ${{ vars.PUBLIC_REMOTE_URL != '' }}
-    uses: ./.github/workflows/run-tests.yml
-    secrets: inherit
-
-  publish:
-    runs-on: ubuntu-latest
-    needs: run-tests-workflow
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-        timeout-minutes: 2
-
-      - name: Run publish script
-        env:
-          PUBLIC_REMOTE_URL: ${{ vars.PUBLIC_REMOTE_URL }}
-          GITHUB_TOKEN: ${{ secrets.CD_GITHUB_TOKEN }} # TBD: write embrace-apple-sdk - going away after internal/public repo merge
-        run: |
-          bin/publish