Compare commits

...

6 Commits

Author SHA1 Message Date
Federico Builes 9129d7d40b don't set output on every run 2024-02-20 18:47:36 +01:00
Jon Janego a1be843151 Update stale.yaml
Adding stale checks to issues
2024-02-20 10:25:09 -06:00
Federico Builes 587ff57efd Don't use if: always() in examples. 2024-02-19 18:11:35 +01:00
Federico Builes be8bc500ee Merge branch 'output-comment' 2024-02-19 17:26:04 +01:00
Federico Builes cb180bf383 Merge pull request #696 from actions/output-comment
Expose dependency comment content
2024-02-19 17:23:55 +01:00
Federico Builes b2ea187fd2 bumping action version 2024-02-19 17:21:55 +01:00
8 changed files with 25 additions and 30 deletions
+5 -4
View File
@@ -1,6 +1,7 @@
name: Close stale PRs
name: Close stale PRs and Issues
permissions:
issues: write
pull-requests: write
on:
@@ -12,14 +13,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v9.0.0
name: Clean up stale PRs
name: Clean up stale PRs and Issues
with:
stale-pr-message: "👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the `Keep` label to hold stale off permanently, or do nothing. If you do nothing, this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details."
stale-pr-label: "Stale"
exempt-pr-labels: "Keep" # a "Keep" label will keep the PR from being closed as stale
days-before-pr-stale: 180 # when the PR is considered stale
days-before-pr-close: 15 # when the PR is closed by the bot,
days-before-issue-stale: -1 # prevents issues from being tagged by the bot
days-before-issue-close: -1 # prevents issues from being closed by the bot
days-before-issue-stale: 180 # prevents issues from being tagged by the bot
days-before-issue-close: 15 # prevents issues from being closed by the bot
exempt-assignees: 'advanced-security-dependency-graph'
ascending: true
Generated Vendored
+6 -7
View File
@@ -56,15 +56,10 @@ const retryingOctokit = githubUtils.GitHub.plugin(retry.retry);
const octo = new retryingOctokit(githubUtils.getOctokitOptions(core.getInput('repo-token', { required: true })));
// Comment Marker to identify an existing comment to update, so we don't spam the PR with comments
const COMMENT_MARKER = '<!-- dependency-review-pr-comment-marker -->';
function commentPr(summary, config) {
function commentPr(summary) {
return __awaiter(this, void 0, void 0, function* () {
const commentContent = summary.stringify();
core.setOutput('comment-content', commentContent);
if (config.comment_summary_in_pr !== 'always' &&
config.comment_summary_in_pr === 'on-failure' &&
process.exitCode !== core.ExitCode.Failure) {
return;
}
if (!github.context.payload.pull_request) {
core.warning('Not in the context of a pull request. Skipping comment creation.');
return;
@@ -653,7 +648,11 @@ function run() {
}
summary.addScannedDependencies(changes);
printScannedDependencies(changes);
yield (0, comment_pr_1.commentPr)(core.summary, config);
if (config.comment_summary_in_pr === 'always' ||
(config.comment_summary_in_pr === 'on-failure' &&
process.exitCode === core.ExitCode.Failure)) {
yield (0, comment_pr_1.commentPr)(core.summary);
}
}
catch (error) {
if (error instanceof request_error_1.RequestError && error.status === 404) {
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+2 -1
View File
@@ -189,7 +189,8 @@ jobs:
fail-on-severity: critical
deny-licenses: LGPL-2.0, BSD-2-Clause
- name: 'Report'
if: always() # make sure this step runs even if the previous failed
# make sure this step runs even if the previous failed
if: ${{ failure() && steps.review.conclusion == 'failure' }}
shell: bash
env:
comment: ${{ steps.review.outputs.comment-content }}
+2 -2
View File
@@ -1,12 +1,12 @@
{
"name": "dependency-review-action",
"version": "4.1.1",
"version": "4.1.3",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "dependency-review-action",
"version": "4.1.1",
"version": "4.1.3",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.10.1",
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "dependency-review-action",
"version": "4.1.1",
"version": "4.1.3",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
+1 -13
View File
@@ -3,7 +3,6 @@ import * as core from '@actions/core'
import * as githubUtils from '@actions/github/lib/utils'
import * as retry from '@octokit/plugin-retry'
import {RequestError} from '@octokit/request-error'
import {ConfigurationOptions} from './schemas'
const retryingOctokit = githubUtils.GitHub.plugin(retry.retry)
const octo = new retryingOctokit(
@@ -13,22 +12,11 @@ const octo = new retryingOctokit(
// Comment Marker to identify an existing comment to update, so we don't spam the PR with comments
const COMMENT_MARKER = '<!-- dependency-review-pr-comment-marker -->'
export async function commentPr(
summary: typeof core.summary,
config: ConfigurationOptions
): Promise<void> {
export async function commentPr(summary: typeof core.summary): Promise<void> {
const commentContent = summary.stringify()
core.setOutput('comment-content', commentContent)
if (
config.comment_summary_in_pr !== 'always' &&
config.comment_summary_in_pr === 'on-failure' &&
process.exitCode !== core.ExitCode.Failure
) {
return
}
if (!github.context.payload.pull_request) {
core.warning(
'Not in the context of a pull request. Skipping comment creation.'
+7 -1
View File
@@ -144,7 +144,13 @@ async function run(): Promise<void> {
summary.addScannedDependencies(changes)
printScannedDependencies(changes)
await commentPr(core.summary, config)
if (
config.comment_summary_in_pr === 'always' ||
(config.comment_summary_in_pr === 'on-failure' &&
process.exitCode === core.ExitCode.Failure)
) {
await commentPr(core.summary)
}
} catch (error) {
if (error instanceof RequestError && error.status === 404) {
core.setFailed(