clarify docs, add a usage example

This commit is contained in:
laughedelic
2024-03-04 18:53:03 +01:00
parent e7aef164a1
commit 75be7f0c0c
2 changed files with 18 additions and 9 deletions
+4 -4
View File
@@ -160,10 +160,10 @@ The Dependency Review GitHub Action check will only block a pull request from be
## Outputs
- `comment-content` is generated with the same content as would be present in a Dependency Review Action comment.
- `dependency-changes` holds all dependency changes in a JSON format.
- `vulnerable-changes` holds information about dependency changes with vulnerable dependencies in a JSON format.
- `invalid-license-changes` holds information about invalid or non-compliant license dependency changes in a JSON format.
- `denied-changes` holds information about denied dependency changes in a JSON format.
- `dependency-changes` holds all dependency changes in a JSON format. The following outputs are subsets of `dependency-changes` filtered based on the configuration:
- `vulnerable-changes` holds information about dependency changes with vulnerable dependencies in a JSON format.
- `invalid-license-changes` holds information about invalid or non-compliant license dependency changes in a JSON format.
- `denied-changes` holds information about denied dependency changes in a JSON format.
## Getting help
+14 -5
View File
@@ -166,7 +166,8 @@ jobs:
## Getting the results of the action in a later step
Using the `comment-content` output you can get the results of the action in a workflow step.
- Using the `comment-content` output you can get the results of the action in a workflow step.
- Using other outputs like `dependency-changes`, `vulnerable-changes`, `invalid-license-changes` and `denied-changes` you can get the results of the action in JSON format and use them in a programmatic way.
```yaml
name: 'Dependency Review'
@@ -190,12 +191,20 @@ jobs:
deny-licenses: LGPL-2.0, BSD-2-Clause
- name: 'Report'
# make sure this step runs even if the previous failed
if: ${{ failure() && steps.review.conclusion == 'failure' }}
if: always()
shell: bash
env:
comment: ${{ steps.review.outputs.comment-content }}
run: |
echo "$comment" # do something with the comment
COMMENT: ${{ steps.review.outputs.comment-content }}
run: | # do something with the comment:
echo "$COMMENT"
- name: 'List vulnerable dependencies'
# make sure this step runs even if the previous failed
if: always()
shell: bash
env:
VULNERABLE_CHANGES: ${{ steps.review.outputs.vulnerable-changes }}
run: | # do something with the JSON:
echo "$VULNERABLE_CHANGES" | jq '.[].package_url'
```
## Exclude dependencies from the license check