clarify docs, add a usage example
This commit is contained in:
@@ -160,10 +160,10 @@ The Dependency Review GitHub Action check will only block a pull request from be
|
||||
## Outputs
|
||||
|
||||
- `comment-content` is generated with the same content as would be present in a Dependency Review Action comment.
|
||||
- `dependency-changes` holds all dependency changes in a JSON format.
|
||||
- `vulnerable-changes` holds information about dependency changes with vulnerable dependencies in a JSON format.
|
||||
- `invalid-license-changes` holds information about invalid or non-compliant license dependency changes in a JSON format.
|
||||
- `denied-changes` holds information about denied dependency changes in a JSON format.
|
||||
- `dependency-changes` holds all dependency changes in a JSON format. The following outputs are subsets of `dependency-changes` filtered based on the configuration:
|
||||
- `vulnerable-changes` holds information about dependency changes with vulnerable dependencies in a JSON format.
|
||||
- `invalid-license-changes` holds information about invalid or non-compliant license dependency changes in a JSON format.
|
||||
- `denied-changes` holds information about denied dependency changes in a JSON format.
|
||||
|
||||
## Getting help
|
||||
|
||||
|
||||
+14
-5
@@ -166,7 +166,8 @@ jobs:
|
||||
|
||||
## Getting the results of the action in a later step
|
||||
|
||||
Using the `comment-content` output you can get the results of the action in a workflow step.
|
||||
- Using the `comment-content` output you can get the results of the action in a workflow step.
|
||||
- Using other outputs like `dependency-changes`, `vulnerable-changes`, `invalid-license-changes` and `denied-changes` you can get the results of the action in JSON format and use them in a programmatic way.
|
||||
|
||||
```yaml
|
||||
name: 'Dependency Review'
|
||||
@@ -190,12 +191,20 @@ jobs:
|
||||
deny-licenses: LGPL-2.0, BSD-2-Clause
|
||||
- name: 'Report'
|
||||
# make sure this step runs even if the previous failed
|
||||
if: ${{ failure() && steps.review.conclusion == 'failure' }}
|
||||
if: always()
|
||||
shell: bash
|
||||
env:
|
||||
comment: ${{ steps.review.outputs.comment-content }}
|
||||
run: |
|
||||
echo "$comment" # do something with the comment
|
||||
COMMENT: ${{ steps.review.outputs.comment-content }}
|
||||
run: | # do something with the comment:
|
||||
echo "$COMMENT"
|
||||
- name: 'List vulnerable dependencies'
|
||||
# make sure this step runs even if the previous failed
|
||||
if: always()
|
||||
shell: bash
|
||||
env:
|
||||
VULNERABLE_CHANGES: ${{ steps.review.outputs.vulnerable-changes }}
|
||||
run: | # do something with the JSON:
|
||||
echo "$VULNERABLE_CHANGES" | jq '.[].package_url'
|
||||
```
|
||||
|
||||
## Exclude dependencies from the license check
|
||||
|
||||
Reference in New Issue
Block a user