diff --git a/README.md b/README.md index a7d68e6..12ef5b2 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,7 @@ fail-on-scopes: Only allow the licenses that comply with the expressions in this list. See "[Licenses](https://github.com/actions/dependency-review-action#licenses)". -**Possible values**: Any valid [spdx license expression](https://spdx.dev/spdx-specification-21-web-version/#h.jxpfx0ykyb60). +**Possible values**: A list of of [SPDX-compliant license identifiers](https://spdx.org/licenses/). **Inline example**: `allow-licenses: BSD-3-Clause, LGPL-2.1 OR MIT OR BSD-3-Clause` @@ -117,7 +117,9 @@ Only allow the licenses that comply with the expressions in this list. See "[Lic ```yaml allow-licenses: - BSD-3-Clause - - LGPL-2.1 OR MIT OR BSD-3-Clause + - LGPL-2.1 + - MIT + - BSD-3-Clause ``` ### deny-licenses @@ -125,7 +127,7 @@ allow-licenses: Add a custom list of licenses you want to block. See "[Licenses](https://github.com/actions/dependency-review-action#licenses)". -**Possible values**: Any valid [sodx license expression](https://spdx.dev/spdx-specification-21-web-version/#h.jxpfx0ykyb60). +**Possible values**: Any valid set of [SPDX licenses](https://spdx.org/licenses/). **Inline example**: `deny-licenses: LGPL-2.0, GPL-2.0+ WITH Bison-exception-2.2` @@ -257,7 +259,7 @@ forbid a subset of licenses. These options are not supported on Enterprise Serve You can use the [Licenses API](https://docs.github.com/en/rest/licenses) to see the full list of -supported licenses. Use [spdx license expressions](https://spdx.dev/spdx-specification-21-web-version/#h.jxpfx0ykyb60) +supported licenses. Use [SPDX licenses](https://spdx.org/licenses/) to filter the licenses. A couple of examples: ```yaml diff --git a/src/licenses.ts b/src/licenses.ts index 8d0d40a..709fd8a 100644 --- a/src/licenses.ts +++ b/src/licenses.ts @@ -1,7 +1,6 @@ import * as core from '@actions/core' import spdxSatisfies from 'spdx-satisfies' import {Octokit} from 'octokit' - import {Change, Changes} from './schemas' import {isSPDXValid} from './utils' diff --git a/src/main.ts b/src/main.ts index 3383b0d..f410c86 100644 --- a/src/main.ts +++ b/src/main.ts @@ -129,7 +129,7 @@ function printLicensesBlock( } if (invalidLicenseChanges.unresolved.length > 0) { core.warning( - '\nThe validity of the licenses of the dependecies below could not be determine. Ensure that they are valid spdx licenses:' + '\nThe validity of the licenses of the dependencies below could not be determined. Ensure that they are valid SPDX licenses:' ) printLicensesError(invalidLicenseChanges.unresolved) core.setFailed( diff --git a/src/summary.ts b/src/summary.ts index f237075..99058de 100644 --- a/src/summary.ts +++ b/src/summary.ts @@ -12,7 +12,7 @@ export function addSummaryToSummary( .addRaw('We found:') .addList([ `${addedPackages.length} vulnerable package(s)`, - `${invalidLicenseChanges.unresolved.length} package(s) with unprocessable licenses`, + `${invalidLicenseChanges.unresolved.length} package(s) with invalid SPDX license definitions`, `${invalidLicenseChanges.forbidden.length} package(s) with incompatible licenses`, `${invalidLicenseChanges.unlicensed.length} package(s) with unknown licenses.` ]) @@ -114,7 +114,7 @@ export function addLicensesToSummary( ) printLicenseViolation('Unknown Licenses', invalidLicenseChanges.unlicensed) printLicenseViolation( - 'Unvalidated Licenses', + 'Invalid SPDX License Definitions', invalidLicenseChanges.unresolved ) }