From 07a70568197929f5a7efd9848112225ea7434b3f Mon Sep 17 00:00:00 2001 From: Federico Builes Date: Mon, 19 Sep 2022 16:46:42 +0200 Subject: [PATCH] Update README to include config-file option. --- README.md | 36 +++++++++++++++++++++++++++++------- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index ee81c94..e4b7d3f 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,17 @@ or by inlining this option in your workflow file. ### Options +#### config-file + +**TODO**: Change this to be a user-configured string. + +Defaults to `false`. Configure whether an external configuration file +will be used. + +**Possible values**: `true`, `false`. + +**Example**: `config-file: true`. + #### fail-on-severity Configure the severity level for alerting. See "[Vulnerability Severity](https://github.com/actions/dependency-review-action#vulnerability-severity)". @@ -94,7 +105,6 @@ allow-licenses: - MIT ``` - #### deny-licenses Add a custom list of licenses you want to block. See @@ -129,10 +139,24 @@ head-ref: 69af5638bf660cf218aad5709a4c100e42a2f37b ### Configuration File -You can create a YAML file in -`~/.github/dependency-review-config.yaml` to configure the -action. **All of these fields are optional**. This is what a sample -file could look like: +You can use an external configuration file to specify the settings for +this Action. + +Start by specifying that you will be using an external configuration +file: + +```yaml +- name: Dependency Review + uses: actions/dependency-review-action@v2 + with: + config-file: true +``` + +**TODO**: Users should be able to provide a string for their config paths. + +And then create the configuration file in +`~/.github/dependency-review-config.yaml`. **All of these fields are +optional**: ```yaml fail-on-severity: "critical" @@ -140,8 +164,6 @@ allow-licenses: - "GPL-3.0" - "BSD-3-Clause" - "MIT" -base-ref: "781a55e" -head-ref: "435083f" ``` ### Inline Configuration