actions/dependency-review-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handle unknown licenses.

Browse Source
This commit is contained in:
Federico Builes
2022-06-14 13:54:27 +02:00
parent 0b87f02bee
commit 42e2bc1ed2
5 changed files with 49 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
__tests__/licenses.test.ts
View File

@@ -48,13 +48,13 @@ let rubyChange: Change = {
test('it fails if a license outside the allow list is found', async () => {
const changes: Changes = [npmChange, rubyChange]
const invalidChanges = getDeniedLicenseChanges(changes, {allow: ['BSD']})
const [invalidChanges, _] = getDeniedLicenseChanges(changes, {allow: ['BSD']})
expect(invalidChanges[0]).toBe(npmChange)
})
test('it fails if a license inside the deny list is found', async () => {
const changes: Changes = [npmChange, rubyChange]
const invalidChanges = getDeniedLicenseChanges(changes, {deny: ['BSD']})
const [invalidChanges] = getDeniedLicenseChanges(changes, {deny: ['BSD']})
expect(invalidChanges[0]).toBe(rubyChange)
})
@@ -62,7 +62,7 @@ test('it fails if a license inside the deny list is found', async () => {
// thing we want in the system. Please remove this test after refactoring.
test('it fails all license checks when allow is provided an empty array', async () => {
const changes: Changes = [npmChange, rubyChange]
let invalidChanges = getDeniedLicenseChanges(changes, {
let [invalidChanges, _] = getDeniedLicenseChanges(changes, {
allow: [],
deny: ['BSD']
})

28
dist/index.js generated vendored
View File

@@ -78,15 +78,17 @@ exports.getDeniedLicenseChanges = void 0;
* we will ignore the deny list.
* @param {Change[]} changes The list of changes to filter.
* @param { { allow?: string[], deny?: string[]}} licenses An object with `allow`/`deny` keys, each containing a list of licenses.
* @returns {Array<Change} The list of denied changes.
* @returns {[Array<Change>, Array<Change]} A tuple where the first element is the list of denied changes and the second one is the list of changes with unknown licenses
*/
function getDeniedLicenseChanges(changes, licenses) {
let { allow, deny } = licenses;
let disallowed = [];
let unknown = [];
for (const change of changes) {
let license = change.license;
// TODO: be loud about unknown licenses
if (license === null) {
unknown.push(change);
continue;
}
if (allow !== undefined) {
@@ -100,7 +102,7 @@ function getDeniedLicenseChanges(changes, licenses) {
}
}
}
return disallowed;
return [disallowed, unknown];
}
exports.getDeniedLicenseChanges = getDeniedLicenseChanges;
@@ -177,12 +179,6 @@ function run() {
allow: config.allow_licenses,
deny: config.deny_licenses
};
let licenseErrors = (0, licenses_1.getDeniedLicenseChanges)(changes, licenses);
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses);
core.setFailed('Dependency review detected incompatible licenses.');
return;
}
let filteredChanges = (0, filter_1.filterChangesBySeverity)(minSeverity, changes);
for (const change of filteredChanges) {
if (change.change_type === 'added' &&
@@ -192,8 +188,14 @@ function run() {
failed = true;
}
}
let [licenseErrors, unknownLicenses] = (0, licenses_1.getDeniedLicenseChanges)(changes, licenses);
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses);
printNullLicenses(unknownLicenses);
core.setFailed('Dependency review detected incompatible licenses.');
}
if (failed) {
throw new Error('Dependency review detected vulnerable packages.');
core.setFailed('Dependency review detected vulnerable packages.');
}
else {
core.info(`Dependency review did not detect any vulnerable packages with severity level "${minSeverity}" or higher.`);
@@ -237,11 +239,17 @@ function printLicensesError(changes, licenses) {
return;
}
let { allow = [], deny = [] } = licenses;
core.info('The following dependencies have incompatible licenses:\n');
core.info('\nThe following dependencies have incompatible licenses:\n');
for (const change of changes) {
core.info(`${ansi_styles_1.default.bold.open}${change.manifest} » ${change.name}@${change.version}${ansi_styles_1.default.bold.close} License: ${ansi_styles_1.default.color.red.open}${change.license}${ansi_styles_1.default.color.red.close}`);
}
}
function printNullLicenses(changes) {
core.info('\nWe could not detect a license for the following dependencies:\n');
for (const change of changes) {
core.info(`${ansi_styles_1.default.bold.open}${change.manifest} » ${change.name}@${change.version}${ansi_styles_1.default.bold.close}`);
}
}
run();

2
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

8
src/licenses.ts
View File

@@ -10,7 +10,7 @@ import {Change, ChangeSchema} from './schemas'
* we will ignore the deny list.
* @param {Change[]} changes The list of changes to filter.
* @param { { allow?: string[], deny?: string[]}} licenses An object with `allow`/`deny` keys, each containing a list of licenses.
* @returns {Array<Change} The list of denied changes.
* @returns {[Array<Change>, Array<Change]} A tuple where the first element is the list of denied changes and the second one is the list of changes with unknown licenses
*/
export function getDeniedLicenseChanges(
changes: Array<Change>,
@@ -18,15 +18,17 @@ export function getDeniedLicenseChanges(
allow?: Array<string>
deny?: Array<string>
}
): Array<Change> {
): [Array<Change>, Array<Change>] {
let {allow, deny} = licenses
let disallowed: Change[] = []
let unknown: Change[] = []
for (const change of changes) {
let license = change.license
// TODO: be loud about unknown licenses
if (license === null) {
unknown.push(change)
continue
}
if (allow !== undefined) {
@@ -40,5 +42,5 @@ export function getDeniedLicenseChanges(
}
}
return disallowed
return [disallowed, unknown]
}

32
src/main.ts
View File

@@ -36,14 +36,6 @@ async function run(): Promise<void> {
deny: config.deny_licenses
}
let licenseErrors = getDeniedLicenseChanges(changes, licenses)
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses)
core.setFailed('Dependency review detected incompatible licenses.')
return
}
let filteredChanges = filterChangesBySeverity(
minSeverity as Severity,
changes
@@ -60,8 +52,19 @@ async function run(): Promise<void> {
}
}
let [licenseErrors, unknownLicenses] = getDeniedLicenseChanges(
changes,
licenses
)
if (licenseErrors.length > 0) {
printLicensesError(licenseErrors, licenses)
printNullLicenses(unknownLicenses)
core.setFailed('Dependency review detected incompatible licenses.')
}
if (failed) {
throw new Error('Dependency review detected vulnerable packages.')
core.setFailed('Dependency review detected vulnerable packages.')
} else {
core.info(
`Dependency review did not detect any vulnerable packages with severity level "${minSeverity}" or higher.`
@@ -126,7 +129,7 @@ function printLicensesError(
let {allow = [], deny = []} = licenses
core.info('The following dependencies have incompatible licenses:\n')
core.info('\nThe following dependencies have incompatible licenses:\n')
for (const change of changes) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${change.version}${styles.bold.close} License: ${styles.color.red.open}${change.license}${styles.color.red.close}`
@@ -134,4 +137,13 @@ function printLicensesError(
}
}
function printNullLicenses(changes: Array<Change>): void {
core.info('\nWe could not detect a license for the following dependencies:\n')
for (const change of changes) {
core.info(
`${styles.bold.open}${change.manifest} » ${change.name}@${change.version}${styles.bold.close}`
)
}
}
run()