Compare commits

...

7 Commits

Author SHA1 Message Date
Federico Builes aabd50a60d Bumping version to 2.0.1 2022-06-15 15:27:15 +02:00
Federico Builes 981c44c2a9 Merge pull request #116 from actions/unknown-licenses
Unknown licenses
2022-06-15 15:26:38 +02:00
Federico Builes c0d32934e8 Adding dist. 2022-06-15 15:25:21 +02:00
Federico Builes 963fe8045d Always print null licenses. 2022-06-15 15:22:35 +02:00
Federico Builes bf94d94f63 Remove old TODO. 2022-06-15 15:22:14 +02:00
Federico Builes 43ce5df965 Update CONTRIBUTING.md 2022-06-15 14:03:10 +02:00
Federico Builes 24bc5e9934 Updating the CONTRIBUTING.md docs. 2022-06-15 14:01:47 +02:00
7 changed files with 40 additions and 8 deletions
+33
View File
@@ -73,6 +73,39 @@ Here are a few things you can do that will increase the likelihood of your pull
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
## Cutting a new release
1. Go to [Draft a new
release](https://github.com/actions/dependency-review-action/releases/new)
in the Releases page.
2. Make sure that the `Publish this Action to the GitHub Marketplace`
checkbox is enabled
<img width="481" alt="Screenshot 2022-06-15 at 12 08 19" src="https://user-images.githubusercontent.com/2161/173822484-4b60d8b4-c674-4bff-b5ff-b0c4a3650ab7.png">
3. Click "Choose a tag" and then "Create new tag", where the tag name
will be your version prefixed by a `v` (e.g. `v1.2.3`).
4. Use a version number for the release title (e.g. "1.2.3").
<img width="700" alt="Screenshot 2022-06-15 at 12 08 36" src="https://user-images.githubusercontent.com/2161/173822548-33ab3432-d679-4dc1-adf8-b50fdaf47de3.png">
5. Add your release notes. If this is a major version make sure to
include a small description of the biggest changes in the new version.
6. Click "Publish Release".
You now have a tag and release using the semver version you used
above. The last remaining thing to do is to move the dynamic version
identifier to match the current SHA. This allows users to adopt a
major version number (e.g. `v1`) in their workflows while
automatically getting all the
minor/patch updates.
To do this just force-create a new annotated tag and push it:
```
git tag -fa v1 -m "Updating v1 tag"
git push origin v1 --force
```
## Resources
- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
Generated Vendored
+1 -2
View File
@@ -86,7 +86,6 @@ function getDeniedLicenseChanges(changes, licenses) {
let unknown = [];
for (const change of changes) {
let license = change.license;
// TODO: be loud about unknown licenses
if (license === null) {
unknown.push(change);
continue;
@@ -191,9 +190,9 @@ function run() {
let [licenseErrors, unknownLicenses] = (0, licenses_1.getDeniedLicenseChanges)(changes, licenses);
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses);
printNullLicenses(unknownLicenses);
core.setFailed('Dependency review detected incompatible licenses.');
}
printNullLicenses(unknownLicenses);
if (failed) {
core.setFailed('Dependency review detected vulnerable packages.');
}
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+2 -2
View File
@@ -1,12 +1,12 @@
{
"name": "dependency-review-action",
"version": "2.0.0",
"version": "2.0.1",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "dependency-review-action",
"version": "2.0.0",
"version": "2.0.1",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.8.2",
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "dependency-review-action",
"version": "2.0.0",
"version": "2.0.1",
"private": true,
"description": "A GitHub Action for Dependency Review",
"main": "lib/main.js",
-1
View File
@@ -26,7 +26,6 @@ export function getDeniedLicenseChanges(
for (const change of changes) {
let license = change.license
// TODO: be loud about unknown licenses
if (license === null) {
unknown.push(change)
continue
+2 -1
View File
@@ -59,10 +59,11 @@ async function run(): Promise<void> {
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses)
printNullLicenses(unknownLicenses)
core.setFailed('Dependency review detected incompatible licenses.')
}
printNullLicenses(unknownLicenses)
if (failed) {
core.setFailed('Dependency review detected vulnerable packages.')
} else {