From 71dbf10e60f731247f5ed9e06b090b573fc03d90 Mon Sep 17 00:00:00 2001 From: cnagadya Date: Fri, 14 Oct 2022 12:31:17 +0000 Subject: [PATCH] Add configuration instruction to docs --- .github/dependency-review-config.yml | 1 - .github/dev-config.yml | 0 CONTRIBUTING.md | 38 ++++++++++++++++------------ scripts/scan_pr | 4 +-- 4 files changed, 24 insertions(+), 19 deletions(-) delete mode 100644 .github/dependency-review-config.yml create mode 100644 .github/dev-config.yml diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml deleted file mode 100644 index 94dfd0a..0000000 --- a/.github/dependency-review-config.yml +++ /dev/null @@ -1 +0,0 @@ -fail-on-severity: low diff --git a/.github/dev-config.yml b/.github/dev-config.yml new file mode 100644 index 0000000..e69de29 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1ecaf71..48064eb 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,4 +1,5 @@ # Contributing + [fork]: https://github.com/actions/dependency-review-action/fork [pr]: https://github.com/actions/dependency-review-action/compare [code-of-conduct]: CODE_OF_CONDUCT.md @@ -9,7 +10,6 @@ Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE). - Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in this project you agree to abide by its terms. @@ -20,7 +20,6 @@ This Action makes an authenticated query to the Dependency Graph Diff API endpoint (`GET /repos/{owner}/{repo}/dependency-graph/compare/{basehead}`) to find out the set of added and removed dependencies for each manifest. - ### Bootstrapping the project ``` @@ -35,7 +34,7 @@ npm install npm run test ``` -*Note*: We don't have any useful tests yet, contributions are welcome! +_Note_: We don't have any useful tests yet, contributions are welcome! ## Local Development @@ -56,16 +55,22 @@ Like this: $ GITHUB_TOKEN=my-secret-token ./scripts/scan_pr https://github.com/actions/dependency-review-action/pull/3 ``` +[Configuration options](README.md#configuration-options) can be set via the [external config file](README.md#configuration-file) at [.github/dev-config](.github/dev-config.yml) and the script run the with a `--file` or `-f` flag + +```sh +$ GITHUB_TOKEN= ./scripts/scan_pr --file +``` + ## Submitting a pull request 0. [Fork][fork] and clone the repository -0. Configure and install the dependencies: `npm install` -0. Make sure the tests pass on your machine: `npm run test` -0. Create a new branch: `git checkout -b my-branch-name` -0. Make your change, add tests, and make sure the tests still pass -0. Make sure to build and package before pushing: `npm run build && npm run package` -0. Push to your fork and [submit a pull request][pr] -0. Pat your self on the back and wait for your pull request to be reviewed and merged. +1. Configure and install the dependencies: `npm install` +2. Make sure the tests pass on your machine: `npm run test` +3. Create a new branch: `git checkout -b my-branch-name` +4. Make your change, add tests, and make sure the tests still pass +5. Make sure to build and package before pushing: `npm run build && npm run package` +6. Push to your fork and [submit a pull request][pr] +7. Pat your self on the back and wait for your pull request to be reviewed and merged. Here are a few things you can do that will increase the likelihood of your pull request being accepted: @@ -77,21 +82,21 @@ Here are a few things you can do that will increase the likelihood of your pull 1. Update the version number in [package.json](https://github.com/actions/dependency-review-action/blob/main/package.json). 1. Go to [Draft a new -release](https://github.com/actions/dependency-review-action/releases/new) -in the Releases page. -2. Make sure that the `Publish this Action to the GitHub Marketplace` -checkbox is enabled + release](https://github.com/actions/dependency-review-action/releases/new) + in the Releases page. +1. Make sure that the `Publish this Action to the GitHub Marketplace` + checkbox is enabled Screenshot 2022-06-15 at 12 08 19 3. Click "Choose a tag" and then "Create new tag", where the tag name -will be your version prefixed by a `v` (e.g. `v1.2.3`). + will be your version prefixed by a `v` (e.g. `v1.2.3`). 4. Use a version number for the release title (e.g. "1.2.3"). Screenshot 2022-06-15 at 12 08 36 5. Add your release notes. If this is a major version make sure to -include a small description of the biggest changes in the new version. + include a small description of the biggest changes in the new version. 6. Click "Publish Release". You now have a tag and release using the semver version you used @@ -102,6 +107,7 @@ automatically getting all the minor/patch updates. To do this just checkout `main`, force-create a new annotated tag, and push it: + ``` git tag -fa v2 -m "Updating v2 to 2.3.4" git push origin v2 --force diff --git a/scripts/scan_pr b/scripts/scan_pr index b9cbb4b..f235615 100755 --- a/scripts/scan_pr +++ b/scripts/scan_pr @@ -35,8 +35,8 @@ event_file.close config_file = nil OptionParser.new do |opts| - opts.on('--file', '-f', 'Use external config') do - config_file = ".github/dependency-review-config.yml" + opts.on('--file', '-f', 'Use external config') do + config_file = '.github/dev-config.yml' end end.parse!