8000 Apply suggestions from code review · actions/dependency-review-action@fe2a482 · GitHub
[go: up one dir, main page]
Skip to content

Commit fe2a482

Browse files
author
Federico Builes
authored
Apply suggestions from code review
1 parent ce14e1f commit fe2a482

File tree

3 files changed

+6
-6
lines changed

3 files changed

+6
-6
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,8 +78,8 @@ Configure this action by either inlining these options in your workflow file, or
7878
| `allow-dependencies-licenses`\* | Contains a list of packages that will be excluded from license checks. | Any package(s) in [purl](https://github.com/package-url/purl-spec) format | none |
7979
| `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none |
8080
| `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job permission `pull-requests: write`. | `true`, `false` | `false` |
81-
| `deny-packages` | Contains a list of denied package's URL. | Any packages [purl](https://github.com/package-url/purl-spec) without the version | empty |
82-
| `deny-groups` | Contains a list of denied groups package's name. | Any packages [purl](https://github.com/package-url/purl-spec) without the version and the name | empty |
81+
| `deny-packages` | Any number of packages to block in a PR. | Package(s) in [purl](https://github.com/package-url/purl-spec) format | empty |
82+
| `deny-groups` | Any number of groups (namespaces) to block in a PR. | Namespace(s) in [purl](https://github.com/package-url/purl-spec) format (no package name, no version number) | empty |
8383

8484
\*not supported for use with GitHub Enterprise Server
8585

action.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,10 +48,10 @@ inputs:
4848
description: A boolean to determine if the report should be posted as a comment in the PR itself. Setting this to true requires you to give the workflow the write permissions for pull-requests
4949
required: false
5050
deny-packages:
51-
description: A comma-separated list of packages to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
51+
description: A comma-separated list of package URLs to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
5252
required: false
5353
deny-groups:
54-
description: A comma-separated list of groups of packages to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
54+
description: A comma-separated list of package URLs for group(s)/namespace(s) to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
5555
required: false
5656
runs:
5757
using: 'node16'

docs/examples.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -233,8 +233,8 @@ jobs:
233233

234234
## Exclude dependencies from their name or groups
235235

236-
Using the `deny-packages` you can exclude dependencies by their full package name. You can add multiple values separated by a comma.
237-
Using the `deny-groups` you can exclude dependencies by their package group name. You can add multiple values separated by a comma.
236+
Using the `deny-packages` option you can exclude dependencies by their PURL. You can add multiple values separated by a commas.
237+
Using the `deny-groups` option you can exclude dependencies by their group name/namespace. You can add multiple values separated by a comma.
238238

239239
In this example, we are excluding `pkg:maven/org.apache.logging.log4j:log4j-api` and `pkg:maven/org.apache.logging.log4j/log4j-core` from `maven` and all packages in the group `pkg:maven/com.bazaarvoice.maven`
240240

0 commit comments

Comments
 (0)
0