Skip to content

Commit

Permalink
Apply suggestions from code review
Browse files Browse the repository at this point in the history
  • Loading branch information
@febuiles
febuiles committed Aug 9, 2023
1 parent ce14e1f commit fe2a482
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,8 @@ Configure this action by either inlining these options in your workflow file, or
| `allow-dependencies-licenses`\* | Contains a list of packages that will be excluded from license checks. | Any package(s) in [purl](https://github.com/package-url/purl-spec) format | none |
| `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none |
| `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job permission `pull-requests: write`. | `true`, `false` | `false` |
| `deny-packages` | Contains a list of denied package's URL. | Any packages [purl](https://github.com/package-url/purl-spec) without the version | empty |
| `deny-groups` | Contains a list of denied groups package's name. | Any packages [purl](https://github.com/package-url/purl-spec) without the version and the name | empty |
| `deny-packages` | Any number of packages to block in a PR. | Package(s) in [purl](https://github.com/package-url/purl-spec) format | empty |
| `deny-groups` | Any number of groups (namespaces) to block in a PR. | Namespace(s) in [purl](https://github.com/package-url/purl-spec) format (no package name, no version number) | empty |

\*not supported for use with GitHub Enterprise Server

Expand Down
4 changes: 2 additions & 2 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,10 @@ inputs:
description: A boolean to determine if the report should be posted as a comment in the PR itself. Setting this to true requires you to give the workflow the write permissions for pull-requests
required: false
deny-packages:
description: A comma-separated list of packages to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
description: A comma-separated list of package URLs to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
required: false
deny-groups:
description: A comma-separated list of groups of packages to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
description: A comma-separated list of package URLs for group(s)/namespace(s) to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto")
required: false
runs:
using: 'node16'
Expand Down
4 changes: 2 additions & 2 deletions docs/examples.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,8 +233,8 @@ jobs:

## Exclude dependencies from their name or groups

Using the `deny-packages` you can exclude dependencies by their full package name. You can add multiple values separated by a comma.
Using the `deny-groups` you can exclude dependencies by their package group name. You can add multiple values separated by a comma.
Using the `deny-packages` option you can exclude dependencies by their PURL. You can add multiple values separated by a commas.
Using the `deny-groups` option you can exclude dependencies by their group name/namespace. You can add multiple values separated by a comma.

In this example, we are excluding `pkg:maven/org.apache.logging.log4j:log4j-api` and `pkg:maven/org.apache.logging.log4j/log4j-core` from `maven` and all packages in the group `pkg:maven/com.bazaarvoice.maven`

Expand Down

0 comments on commit fe2a482

Please sign in to comment.