Compare commits

...

12 Commits

Author SHA1 Message Date
Federico Builes 1c59cdf2a9 Fix the unknown licenses error message 2022-06-16 06:03:16 +02:00
Federico Builes 29fc7a23bd Merge pull request #117 from actions/readme-capitalisation
Fixing branding in the readme
2022-06-15 15:40:19 +02:00
Courtney Claessens 903977c63a branding! 2022-06-15 09:32:17 -04:00
Federico Builes aabd50a60d Bumping version to 2.0.1 2022-06-15 15:27:15 +02:00
Federico Builes 981c44c2a9 Merge pull request #116 from actions/unknown-licenses
Unknown licenses
2022-06-15 15:26:38 +02:00
Federico Builes c0d32934e8 Adding dist. 2022-06-15 15:25:21 +02:00
Federico Builes 963fe8045d Always print null licenses. 2022-06-15 15:22:35 +02:00
Federico Builes bf94d94f63 Remove old TODO. 2022-06-15 15:22:14 +02:00
Federico Builes 43ce5df965 Update CONTRIBUTING.md 2022-06-15 14:03:10 +02:00
Federico Builes 24bc5e9934 Updating the CONTRIBUTING.md docs. 2022-06-15 14:01:47 +02:00
Federico Builes 97790d29c7 update version in package.json 2022-06-15 11:55:10 +02:00
Federico Builes 74dbdf9819 Merge pull request #112 from actions/move-config-file
Move configuration file location
2022-06-15 11:53:18 +02:00
8 changed files with 49 additions and 10 deletions
+33
View File
@@ -73,6 +73,39 @@ Here are a few things you can do that will increase the likelihood of your pull
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
## Cutting a new release
1. Go to [Draft a new
release](https://github.com/actions/dependency-review-action/releases/new)
in the Releases page.
2. Make sure that the `Publish this Action to the GitHub Marketplace`
checkbox is enabled
<img width="481" alt="Screenshot 2022-06-15 at 12 08 19" src="https://user-images.githubusercontent.com/2161/173822484-4b60d8b4-c674-4bff-b5ff-b0c4a3650ab7.png">
3. Click "Choose a tag" and then "Create new tag", where the tag name
will be your version prefixed by a `v` (e.g. `v1.2.3`).
4. Use a version number for the release title (e.g. "1.2.3").
<img width="700" alt="Screenshot 2022-06-15 at 12 08 36" src="https://user-images.githubusercontent.com/2161/173822548-33ab3432-d679-4dc1-adf8-b50fdaf47de3.png">
5. Add your release notes. If this is a major version make sure to
include a small description of the biggest changes in the new version.
6. Click "Publish Release".
You now have a tag and release using the semver version you used
above. The last remaining thing to do is to move the dynamic version
identifier to match the current SHA. This allows users to adopt a
major version number (e.g. `v1`) in their workflows while
automatically getting all the
minor/patch updates.
To do this just force-create a new annotated tag and push it:
```
git tag -fa v1 -m "Updating v1 tag"
git push origin v1 --force
```
## Resources
- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
+1 -1
View File
@@ -2,7 +2,7 @@
This action scans your pull requests for dependency changes and will raise an error if any new dependencies have existing vulnerabilities. The action is supported by an [API endpoint](https://docs.github.com/en/rest/reference/dependency-graph#dependency-review) that diffs the dependencies between any two revisions.
The action is available for all public repositories, as well as private repositories that have Github Advanced Security licensed.
The action is available for all public repositories, as well as private repositories that have GitHub Advanced Security licensed.
<img width="854" alt="Screen Shot 2022-03-31 at 1 10 51 PM" src="https://user-images.githubusercontent.com/2161/161042286-b22d7dd3-13cb-458d-8744-ce70ed9bf562.png">
Generated Vendored
+4 -2
View File
@@ -86,7 +86,6 @@ function getDeniedLicenseChanges(changes, licenses) {
let unknown = [];
for (const change of changes) {
let license = change.license;
// TODO: be loud about unknown licenses
if (license === null) {
unknown.push(change);
continue;
@@ -191,9 +190,9 @@ function run() {
let [licenseErrors, unknownLicenses] = (0, licenses_1.getDeniedLicenseChanges)(changes, licenses);
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses);
printNullLicenses(unknownLicenses);
core.setFailed('Dependency review detected incompatible licenses.');
}
printNullLicenses(unknownLicenses);
if (failed) {
core.setFailed('Dependency review detected vulnerable packages.');
}
@@ -245,6 +244,9 @@ function printLicensesError(changes, licenses) {
}
}
function printNullLicenses(changes) {
if (changes.length === 0) {
return;
}
core.info('\nWe could not detect a license for the following dependencies:\n');
for (const change of changes) {
core.info(`${ansi_styles_1.default.bold.open}${change.manifest} » ${change.name}@${change.version}${ansi_styles_1.default.bold.close}`);
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+2 -2
View File
@@ -1,12 +1,12 @@
{
"name": "dependency-review-action",
"version": "0.0.1",
"version": "2.0.1",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "dependency-review-action",
"version": "0.0.1",
"version": "2.0.1",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.8.2",
+2 -2
View File
@@ -1,6 +1,6 @@
{
"name": "dependency-review-action",
"version": "0.0.1",
"version": "2.0.1",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
@@ -51,4 +51,4 @@
"ts-jest": "^27.1.4",
"typescript": "^4.7.3"
}
}
}
-1
View File
@@ -26,7 +26,6 @@ export function getDeniedLicenseChanges(
for (const change of changes) {
let license = change.license
// TODO: be loud about unknown licenses
if (license === null) {
unknown.push(change)
continue
+6 -1
View File
@@ -59,10 +59,11 @@ async function run(): Promise<void> {
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses)
printNullLicenses(unknownLicenses)
core.setFailed('Dependency review detected incompatible licenses.')
}
printNullLicenses(unknownLicenses)
if (failed) {
core.setFailed('Dependency review detected vulnerable packages.')
} else {
@@ -138,6 +139,10 @@ function printLicensesError(
}
function printNullLicenses(changes: Array<Change>): void {
if (changes.length === 0) {
return
}
core.info('\nWe could not detect a license for the following dependencies:\n')
for (const change of changes) {
core.info(