Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 8f801ec4bb | |||
| d87317e782 | |||
| 30d5821115 | |||
| 6e42c3395a | |||
| a3074cd699 | |||
| 51a29d6960 | |||
| 235a221cf4 | |||
| 9da0fd4871 | |||
| fe45fd6645 | |||
| c41b9f9cfb | |||
| 10c5aa9564 |
@@ -115,7 +115,7 @@ You can use an external configuration file to specify the settings for this acti
|
||||
| Option | Usage | Possible values |
|
||||
|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `config-file` | A path to a file in the current repository or an external repository. Use this syntax for external files: `OWNER/REPOSITORY/FILENAME@BRANCH` | **Local file**: `./.github/dependency-review-config.yml` <br> **External repo**: `github/octorepo/dependency-review-config.yml@main` |
|
||||
| `external-repo-token` | Specifies a token for fetching the configuration file if the file resides in a private external repository. Create a token in [developer settings](https://github.com/settings/tokens). | Any token with `read` permissions to the repository hosting the config file. |
|
||||
| `external-repo-token` | Specifies a token for fetching the configuration file. It is required if the file resides in a private external repository and for all GitHub Enterprise Server repositories. Create a token in [developer settings](https://github.com/settings/tokens). | Any token with `read` permissions to the repository hosting the config file. |
|
||||
|
||||
#### Example
|
||||
|
||||
|
||||
+6
-1
@@ -35,7 +35,12 @@ inputs:
|
||||
external-repo-token:
|
||||
description: A token for fetching external configuration file if it lives in another repository. It is required if the repository is private
|
||||
required: false
|
||||
|
||||
license-check:
|
||||
description: A boolean to determine if license checks should be performed
|
||||
required: false
|
||||
vulnerability-check:
|
||||
description: A boolean to determine if vulnerability checks should be performed
|
||||
required: false
|
||||
runs:
|
||||
using: 'node16'
|
||||
main: 'dist/index.js'
|
||||
|
||||
+20
@@ -802,6 +802,11 @@ function isSPDXValid(license) {
|
||||
}
|
||||
}
|
||||
exports.isSPDXValid = isSPDXValid;
|
||||
function isEnterprise() {
|
||||
var _a;
|
||||
const serverUrl = new URL((_a = process.env['GITHUB_SERVER_URL']) !== null && _a !== void 0 ? _a : 'https://github.com');
|
||||
return serverUrl.hostname.toLowerCase() !== 'github.com';
|
||||
}
|
||||
function octokitClient(token = 'repo-token', required = true) {
|
||||
const opts = {};
|
||||
// auth is only added if token is present. For remote config files in public
|
||||
@@ -810,6 +815,11 @@ function octokitClient(token = 'repo-token', required = true) {
|
||||
if (auth !== undefined) {
|
||||
opts['auth'] = auth;
|
||||
}
|
||||
//baseUrl is required for GitHub Enterprise Server
|
||||
//https://github.com/octokit/octokit.js/blob/9c8fa89d5b0bc4ddbd6dec638db00a2f6c94c298/README.md?plain=1#L196
|
||||
if (isEnterprise()) {
|
||||
opts['baseUrl'] = new URL('api/v3', process.env['GITHUB_SERVER_URL']);
|
||||
}
|
||||
return new octokit_1.Octokit(opts);
|
||||
}
|
||||
exports.octokitClient = octokitClient;
|
||||
@@ -27830,6 +27840,11 @@ function isSPDXValid(license) {
|
||||
}
|
||||
}
|
||||
exports.isSPDXValid = isSPDXValid;
|
||||
function isEnterprise() {
|
||||
var _a;
|
||||
const serverUrl = new URL((_a = process.env['GITHUB_SERVER_URL']) !== null && _a !== void 0 ? _a : 'https://github.com');
|
||||
return serverUrl.hostname.toLowerCase() !== 'github.com';
|
||||
}
|
||||
function octokitClient(token = 'repo-token', required = true) {
|
||||
const opts = {};
|
||||
// auth is only added if token is present. For remote config files in public
|
||||
@@ -27838,6 +27853,11 @@ function octokitClient(token = 'repo-token', required = true) {
|
||||
if (auth !== undefined) {
|
||||
opts['auth'] = auth;
|
||||
}
|
||||
//baseUrl is required for GitHub Enterprise Server
|
||||
//https://github.com/octokit/octokit.js/blob/9c8fa89d5b0bc4ddbd6dec638db00a2f6c94c298/README.md?plain=1#L196
|
||||
if (isEnterprise()) {
|
||||
opts['baseUrl'] = new URL('api/v3', process.env['GITHUB_SERVER_URL']);
|
||||
}
|
||||
return new octokit_1.Octokit(opts);
|
||||
}
|
||||
exports.octokitClient = octokitClient;
|
||||
|
||||
+1
-1
File diff suppressed because one or more lines are too long
Generated
+16
-16
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "dependency-review-action",
|
||||
"version": "2.5.1",
|
||||
"version": "3.0.0",
|
||||
"lockfileVersion": 2,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "dependency-review-action",
|
||||
"version": "2.5.1",
|
||||
"version": "3.0.0",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.10.0",
|
||||
@@ -30,10 +30,10 @@
|
||||
"@typescript-eslint/eslint-plugin": "^5.42.1",
|
||||
"@typescript-eslint/parser": "^5.42.1",
|
||||
"@vercel/ncc": "^0.34.0",
|
||||
"esbuild-register": "^3.4.0",
|
||||
"esbuild-register": "^3.4.1",
|
||||
"eslint": "^8.27.0",
|
||||
"eslint-plugin-github": "^4.4.1",
|
||||
"eslint-plugin-jest": "^27.1.4",
|
||||
"eslint-plugin-jest": "^27.1.5",
|
||||
"jest": "^27.5.1",
|
||||
"js-yaml": "^4.1.0",
|
||||
"nodemon": "^2.0.20",
|
||||
@@ -3431,9 +3431,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/esbuild-register": {
|
||||
"version": "3.4.0",
|
||||
"resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.4.0.tgz",
|
||||
"integrity": "sha512-EquMnCzCeHTMJIzThI5Le7MCUYkoX3Prk7/hpZ1mUAwHsvalmgTeXdip+SAId9QmKN0TgxPA90x3OWqAOpR16g==",
|
||||
"version": "3.4.1",
|
||||
"resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.4.1.tgz",
|
||||
"integrity": "sha512-iCgs88/1wA5dIRx4i65eSjbkgrQQQJGpY6Z1eD2XPlzrSjbgNtfkw2/rfSMzJ4dTtlOD8EZTxrIA3fyYp0FsMA==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"debug": "^4.3.4"
|
||||
@@ -3875,9 +3875,9 @@
|
||||
"dev": true
|
||||
},
|
||||
"node_modules/eslint-plugin-jest": {
|
||||
"version": "27.1.4",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-27.1.4.tgz",
|
||||
"integrity": "sha512-evJ9E9id/z2Fu6LR+ncNySJ6UMs5RiJiv4JsmdA3gPWoq0AR+uZyva738+Y9Uln+3WaYX+3OYP9HJoau94Iurg==",
|
||||
"version": "27.1.5",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-27.1.5.tgz",
|
||||
"integrity": "sha512-CK2dekZ5VBdzsOSOH5Fc1rwC+cWXjkcyrmf1RV714nDUDKu+o73TTJiDxpbILG8PtPPpAAl3ywzh5QA7Ft0mjA==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"@typescript-eslint/utils": "^5.10.0"
|
||||
@@ -10729,9 +10729,9 @@
|
||||
"peer": true
|
||||
},
|
||||
"esbuild-register": {
|
||||
"version": "3.4.0",
|
||||
"resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.4.0.tgz",
|
||||
"integrity": "sha512-EquMnCzCeHTMJIzThI5Le7MCUYkoX3Prk7/hpZ1mUAwHsvalmgTeXdip+SAId9QmKN0TgxPA90x3OWqAOpR16g==",
|
||||
"version": "3.4.1",
|
||||
"resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.4.1.tgz",
|
||||
"integrity": "sha512-iCgs88/1wA5dIRx4i65eSjbkgrQQQJGpY6Z1eD2XPlzrSjbgNtfkw2/rfSMzJ4dTtlOD8EZTxrIA3fyYp0FsMA==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"debug": "^4.3.4"
|
||||
@@ -11072,9 +11072,9 @@
|
||||
}
|
||||
},
|
||||
"eslint-plugin-jest": {
|
||||
"version": "27.1.4",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-27.1.4.tgz",
|
||||
"integrity": "sha512-evJ9E9id/z2Fu6LR+ncNySJ6UMs5RiJiv4JsmdA3gPWoq0AR+uZyva738+Y9Uln+3WaYX+3OYP9HJoau94Iurg==",
|
||||
"version": "27.1.5",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-27.1.5.tgz",
|
||||
"integrity": "sha512-CK2dekZ5VBdzsOSOH5Fc1rwC+cWXjkcyrmf1RV714nDUDKu+o73TTJiDxpbILG8PtPPpAAl3ywzh5QA7Ft0mjA==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"@typescript-eslint/utils": "^5.10.0"
|
||||
|
||||
+3
-3
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "dependency-review-action",
|
||||
"version": "2.5.1",
|
||||
"version": "3.0.0",
|
||||
"private": true,
|
||||
"description": "A GitHub Action for Dependency Review",
|
||||
"main": "lib/main.js",
|
||||
@@ -46,10 +46,10 @@
|
||||
"@types/spdx-expression-parse": "^3.0.2",
|
||||
"@types/spdx-satisfies": "^0.1.0",
|
||||
"@vercel/ncc": "^0.34.0",
|
||||
"esbuild-register": "^3.4.0",
|
||||
"esbuild-register": "^3.4.1",
|
||||
"eslint": "^8.27.0",
|
||||
"eslint-plugin-github": "^4.4.1",
|
||||
"eslint-plugin-jest": "^27.1.4",
|
||||
"eslint-plugin-jest": "^27.1.5",
|
||||
"jest": "^27.5.1",
|
||||
"js-yaml": "^4.1.0",
|
||||
"nodemon": "^2.0.20",
|
||||
|
||||
@@ -41,6 +41,13 @@ export function isSPDXValid(license: string): boolean {
|
||||
}
|
||||
}
|
||||
|
||||
function isEnterprise(): boolean {
|
||||
const serverUrl = new URL(
|
||||
process.env['GITHUB_SERVER_URL'] ?? 'https://github.com'
|
||||
)
|
||||
return serverUrl.hostname.toLowerCase() !== 'github.com'
|
||||
}
|
||||
|
||||
export function octokitClient(token = 'repo-token', required = true): Octokit {
|
||||
const opts: Record<string, unknown> = {}
|
||||
|
||||
@@ -51,5 +58,11 @@ export function octokitClient(token = 'repo-token', required = true): Octokit {
|
||||
opts['auth'] = auth
|
||||
}
|
||||
|
||||
//baseUrl is required for GitHub Enterprise Server
|
||||
//https://github.com/octokit/octokit.js/blob/9c8fa89d5b0bc4ddbd6dec638db00a2f6c94c298/README.md?plain=1#L196
|
||||
if (isEnterprise()) {
|
||||
opts['baseUrl'] = new URL('api/v3', process.env['GITHUB_SERVER_URL'])
|
||||
}
|
||||
|
||||
return new Octokit(opts)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user