Add license-check and vulnerability-check inputs

Add support for two new inputs, named `license-check` and
`vulnerability-check`, to disable the license checks or vulnerability
checks performed by this action. By default, both are enabled.

__tests__/config.test.ts

@@ -18,6 +18,8 @@ function clearInputs() {
     'ALLOW-LICENSES',
     'DENY-LICENSES',
     'ALLOW-GHSAS',
+    'LICENSE-CHECK',
+    'VULNERABILITY-CHECK',
     'CONFIG-FILE',
     'BASE-REF',
     'HEAD-REF'
@@ -181,6 +183,38 @@ test('it successfully parses GHSA allowlist', async () => {
   ])
 })
 
+test('it defaults to checking licenses', async () => {
+  const options = readConfig()
+  expect(options.license_check).toBe(true)
+})
+
+test('it parses the license-check input', async () => {
+  setInput('license-check', 'false')
+  let options = readConfig()
+  expect(options.license_check).toEqual(false)
+
+  clearInputs()
+  setInput('license-check', 'true')
+  options = readConfig()
+  expect(options.license_check).toEqual(true)
+})
+
+test('it defaults to checking vulnerabilities', async () => {
+  const options = readConfig()
+  expect(options.vulnerability_check).toBe(true)
+})
+
+test('it parses the vulnerability-check input', async () => {
+  setInput('vulnerability-check', 'false')
+  let options = readConfig()
+  expect(options.vulnerability_check).toEqual(false)
+
+  clearInputs()
+  setInput('vulnerability-check', 'true')
+  options = readConfig()
+  expect(options.vulnerability_check).toEqual(true)
+})
+
 describe('licenses that are not valid SPDX licenses', () => {
   beforeAll(() => {
     jest.spyOn(Utils, 'isSPDXValid').mockReturnValue(false)

src/config.ts

@@ -13,6 +13,11 @@ import {isSPDXValid} from './utils'
 
 type licenseKey = 'allow-licenses' | 'deny-licenses'
 
+function getOptionalBoolean(name: string): boolean | undefined {
+  const value = core.getInput(name)
+  return value.length > 0 ? core.getBooleanInput(name) : undefined
+}
+
 function getOptionalInput(name: string): string | undefined {
   const value = core.getInput(name)
   return value.length > 0 ? value : undefined
@@ -77,6 +82,15 @@ export function readInlineConfig(): ConfigurationOptions {
 
   const allow_ghsas = parseList(getOptionalInput('allow-ghsas'))
 
+  const license_check = z
+    .boolean()
+    .default(true)
+    .parse(getOptionalBoolean('license-check'))
+  const vulnerability_check = z
+    .boolean()
+    .default(true)
+    .parse(getOptionalBoolean('vulnerability-check'))
+
   const base_ref = getOptionalInput('base-ref')
   const head_ref = getOptionalInput('head-ref')
 
@@ -86,6 +100,8 @@ export function readInlineConfig(): ConfigurationOptions {
     allow_licenses,
     deny_licenses,
     allow_ghsas,
+    license_check,
+    vulnerability_check,
     base_ref,
     head_ref
   }

src/main.ts

@@ -54,12 +54,16 @@ async function run(): Promise<void> {
     )
 
     summary.addSummaryToSummary(addedChanges, invalidLicenseChanges)
-    summary.addChangeVulnerabilitiesToSummary(addedChanges, minSeverity)
-    summary.addLicensesToSummary(invalidLicenseChanges, config)
-    summary.addScannedDependencies(changes)
+    if (config.vulnerability_check) {
+      summary.addChangeVulnerabilitiesToSummary(addedChanges, minSeverity)
+      printVulnerabilitiesBlock(addedChanges, minSeverity)
+    }
+    if (config.license_check) {
+      summary.addLicensesToSummary(invalidLicenseChanges, config)
+      printLicensesBlock(invalidLicenseChanges)
+    }
 
-    printVulnerabilitiesBlock(addedChanges, minSeverity)
-    printLicensesBlock(invalidLicenseChanges)
+    summary.addScannedDependencies(changes)
     printScannedDependencies(changes)
   } catch (error) {
     if (error instanceof RequestError && error.status === 404) {

src/schemas.ts

@@ -41,6 +41,8 @@ export const ConfigurationOptionsSchema = z
     allow_licenses: z.array(z.string()).default([]),
     deny_licenses: z.array(z.string()).default([]),
     allow_ghsas: z.array(z.string()).default([]),
+    license_check: z.boolean().default(true),
+    vulnerability_check: z.boolean().default(true),
     config_file: z.string().optional().default('false'),
     base_ref: z.string(),
     head_ref: z.string()