Compare commits

...

5 Commits

Author SHA1 Message Date
Federico Builes 123b58703a bumping to 3.0.6 2023-05-31 17:10:00 +02:00
Federico Builes cd559bc984 adding dist 2023-05-31 17:09:53 +02:00
Federico Builes 70f8094bec adding a test for empty PURLs 2023-05-31 16:24:19 +02:00
Federico Builes 0b306aef97 Don't try to create PURLs from empty strings. 2023-05-31 16:14:02 +02:00
Federico Builes 554aaf5c3d Merge pull request #423 from theztefan/allow-list-dependencies
Exclude dependencies from license checks
2023-05-31 14:24:05 +02:00
6 changed files with 34 additions and 7 deletions
+17
View File
@@ -192,6 +192,23 @@ test('it does not filter out changes that are on the exclusions list', async ()
expect(invalidLicenses.forbidden.length).toEqual(0)
})
test('it does not fail when the packages dont have a valid PURL', async () => {
const emptyPurlChange = pipChange
emptyPurlChange.package_url = ''
const changes: Changes = [emptyPurlChange, npmChange, rubyChange]
const licensesConfig = {
allow: ['BSD'],
licenseExclusions: ['pkg:pip/package-1@1.1.1', 'pkg:npm/reeuhq@1.0.2']
}
const invalidLicenses = await getInvalidLicenseChanges(
changes,
licensesConfig
)
expect(invalidLicenses.forbidden.length).toEqual(1)
})
test('it does filters out changes if they are not on the exclusions list', async () => {
const changes: Changes = [pipChange, npmChange, rubyChange]
const licensesConfig = {
Generated Vendored
+6 -1
View File
@@ -284,6 +284,9 @@ function getInvalidLicenseChanges(changes, licenses) {
// Takes the changes from the groupedChanges object and filters out the ones that are part of the exclusions list
// It does by creating a new PackageURL object from the change and comparing it to the exclusions list
groupedChanges.licensed = groupedChanges.licensed.filter(change => {
if (change.package_url.length === 0) {
return true;
}
const changeAsPackageURL = packageurl_js_1.PackageURL.fromString(change.package_url);
// We want to find if the licenseExclussion list contains the PackageURL of the Change
// If it does, we want to filter it out and therefore return false
@@ -294,7 +297,9 @@ function getInvalidLicenseChanges(changes, licenses) {
exclusion.name === changeAsPackageURL.name) !== -1) {
return false;
}
return true;
else {
return true;
}
});
const licensedChanges = groupedChanges.licensed;
const invalidLicenseChanges = {
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+2 -2
View File
@@ -1,12 +1,12 @@
{
"name": "dependency-review-action",
"version": "3.0.5",
"version": "3.0.6",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "dependency-review-action",
"version": "3.0.5",
"version": "3.0.6",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.10.0",
+2 -2
View File
@@ -1,6 +1,6 @@
{
"name": "dependency-review-action",
"version": "3.0.5",
"version": "3.0.6",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
@@ -60,4 +60,4 @@
"ts-jest": "^27.1.4",
"typescript": "^4.9.5"
}
}
}
+6 -1
View File
@@ -41,6 +41,10 @@ export async function getInvalidLicenseChanges(
// Takes the changes from the groupedChanges object and filters out the ones that are part of the exclusions list
// It does by creating a new PackageURL object from the change and comparing it to the exclusions list
groupedChanges.licensed = groupedChanges.licensed.filter(change => {
if (change.package_url.length === 0) {
return true
}
const changeAsPackageURL = PackageURL.fromString(change.package_url)
// We want to find if the licenseExclussion list contains the PackageURL of the Change
@@ -56,8 +60,9 @@ export async function getInvalidLicenseChanges(
) !== -1
) {
return false
} else {
return true
}
return true
})
const licensedChanges: Changes = groupedChanges.licensed