PR feedback

Co-authored-by: Federico Builes <febuiles@github.com>
This commit is contained in:
cnagadya
2022-10-28 11:23:05 +02:00
committed by GitHub
parent 0144419c8e
commit 216fafaed5
4 changed files with 9 additions and 8 deletions

View File

@@ -108,7 +108,7 @@ fail-on-scopes:
Only allow the licenses that comply with the expressions in this list. See "[Licenses](https://github.com/actions/dependency-review-action#licenses)".
**Possible values**: Any valid [spdx license expression](https://spdx.dev/spdx-specification-21-web-version/#h.jxpfx0ykyb60).
**Possible values**: A list of of [SPDX-compliant license identifiers](https://spdx.org/licenses/).
**Inline example**: `allow-licenses: BSD-3-Clause, LGPL-2.1 OR MIT OR BSD-3-Clause`
@@ -117,7 +117,9 @@ Only allow the licenses that comply with the expressions in this list. See "[Lic
```yaml
allow-licenses:
- BSD-3-Clause
- LGPL-2.1 OR MIT OR BSD-3-Clause
- LGPL-2.1
- MIT
- BSD-3-Clause
```
### deny-licenses
@@ -125,7 +127,7 @@ allow-licenses:
Add a custom list of licenses you want to block. See
"[Licenses](https://github.com/actions/dependency-review-action#licenses)".
**Possible values**: Any valid [sodx license expression](https://spdx.dev/spdx-specification-21-web-version/#h.jxpfx0ykyb60).
**Possible values**: Any valid set of [SPDX licenses](https://spdx.org/licenses/).
**Inline example**: `deny-licenses: LGPL-2.0, GPL-2.0+ WITH Bison-exception-2.2`
@@ -257,7 +259,7 @@ forbid a subset of licenses. These options are not supported on Enterprise Serve
You can use the [Licenses
API](https://docs.github.com/en/rest/licenses) to see the full list of
supported licenses. Use [spdx license expressions](https://spdx.dev/spdx-specification-21-web-version/#h.jxpfx0ykyb60)
supported licenses. Use [SPDX licenses](https://spdx.org/licenses/)
to filter the licenses. A couple of examples:
```yaml

View File

@@ -1,7 +1,6 @@
import * as core from '@actions/core'
import spdxSatisfies from 'spdx-satisfies'
import {Octokit} from 'octokit'
import {Change, Changes} from './schemas'
import {isSPDXValid} from './utils'

View File

@@ -129,7 +129,7 @@ function printLicensesBlock(
}
if (invalidLicenseChanges.unresolved.length > 0) {
core.warning(
'\nThe validity of the licenses of the dependecies below could not be determine. Ensure that they are valid spdx licenses:'
'\nThe validity of the licenses of the dependencies below could not be determined. Ensure that they are valid SPDX licenses:'
)
printLicensesError(invalidLicenseChanges.unresolved)
core.setFailed(

View File

@@ -12,7 +12,7 @@ export function addSummaryToSummary(
.addRaw('We found:')
.addList([
`${addedPackages.length} vulnerable package(s)`,
`${invalidLicenseChanges.unresolved.length} package(s) with unprocessable licenses`,
`${invalidLicenseChanges.unresolved.length} package(s) with invalid SPDX license definitions`,
`${invalidLicenseChanges.forbidden.length} package(s) with incompatible licenses`,
`${invalidLicenseChanges.unlicensed.length} package(s) with unknown licenses.`
])
@@ -114,7 +114,7 @@ export function addLicensesToSummary(
)
printLicenseViolation('Unknown Licenses', invalidLicenseChanges.unlicensed)
printLicenseViolation(
'Unvalidated Licenses',
'Invalid SPDX License Definitions',
invalidLicenseChanges.unresolved
)
}