From 3290c85b0f353c61e330716f6019469b23f2f10d Mon Sep 17 00:00:00 2001 From: Rob Bos Date: Wed, 19 Jul 2023 13:05:42 +0200 Subject: [PATCH 1/3] Make GHES support more clear --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9576e7915..d7e26818a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# dependency-review-action + dependency-review-action This action scans your pull requests for dependency changes, and will raise an error if any vulnerabilities or invalid licenses are being introduced. The action is supported by an [API endpoint](https://docs.github.com/en/rest/reference/dependency-graph#dependency-review) that diffs the dependencies between any two revisions on your default branch. @@ -43,7 +43,7 @@ This action is available in Enterprise Server starting with version 3.6. Make su Security](https://docs.github.com/en/enterprise-server@3.6/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise) and [GitHub Connect](https://docs.github.com/en/enterprise-server@3.6/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect) -are enabled. +are enabled and that you sync the [dependency-review-action](https://github.com/actions/dependency-review-action) on to the server. You can use the same workflow as above, replacing the `runs-on` value with the label of any of your runners (the default label @@ -144,7 +144,7 @@ For more examples of how to use this action and its configuration options, see t ### Considerations -- Checking for licenses is not supported on Enterprise Server. +- Checking for licenses is not supported on Enterprise Server as the API does not return license information. - The action will only accept one of the two `license` parameters; an error will be raised if you provide both. - We don't have license information for all of your dependents. If we can't detect the license for a dependency **we will inform you, but the action won't fail**. From f015f96b55fc432b0cc03bd49dcbb0d5eaa30272 Mon Sep 17 00:00:00 2001 From: Federico Builes Date: Wed, 19 Jul 2023 16:26:39 +0200 Subject: [PATCH 2/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d7e26818a..ff907838b 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ - dependency-review-action + # dependency-review-action This action scans your pull requests for dependency changes, and will raise an error if any vulnerabilities or invalid licenses are being introduced. The action is supported by an [API endpoint](https://docs.github.com/en/rest/reference/dependency-graph#dependency-review) that diffs the dependencies between any two revisions on your default branch. From 0a68c5dfa682385c4d52b3638b1c945b1e68caa1 Mon Sep 17 00:00:00 2001 From: Federico Builes Date: Wed, 19 Jul 2023 16:26:44 +0200 Subject: [PATCH 3/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ff907838b..de20f0e8d 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ This action is available in Enterprise Server starting with version 3.6. Make su Security](https://docs.github.com/en/enterprise-server@3.6/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise) and [GitHub Connect](https://docs.github.com/en/enterprise-server@3.6/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect) -are enabled and that you sync the [dependency-review-action](https://github.com/actions/dependency-review-action) on to the server. +are enabled, and that you have installed the [dependency-review-action](https://github.com/actions/dependency-review-action) on the server. You can use the same workflow as above, replacing the `runs-on` value with the label of any of your runners (the default label