Add Base and Ref support to inputs #121
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Update dependencygraph.py * Update checks.py * Update checks.py * advisory * Update dependencyalert.py * alerts * Update dependabot.py * Update checks.py * checks * Update checks.py * Update checks.py * Update checks.py * Update checks.py * Update checks.py * matching * Update dependencygraph.py * Update dependencygraph.py * Update dependencygraph.py * alert * Update checks.py * Update checks.py * Update dependencygraph.py * Update dependencygraph.py * fix formatting * depalert * Update checks.py * Update checks.py * alerts * Update checks.py * Update checks.py * Update checks.py
This reverts commit e29ccdf.
This reverts commit 3fbd6fc.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a rough input option for providing a base and a head entry to the checks.
I have not been able to properly validate this while issue #120 is pending, but the goal here is to be able to provide refs to do comparisons at any location.
Specifically I'm looking to use this with the global git SHA of 4b825dc642cb6eb9a060e54bf8d69288fbee4904 for an empty ref, if using the dependency review action (as we use the API calls on the back end as the same here for the submission API) we can compare against an empty commit to get every response automatically back as a failing result.
That functionality using that SHA with that action works so there is no reason it shouldn't work here. (or other branches)
I was a bit mixed about updating the existing GITHUB_REF value to be one of these so as this is directly associated to the checks themselves I decided to keep it in the format as defined in this PR.
Feel free to make changes, this was a real rough breakdown and while I'm still having active issues with #120 theoretically that shouldn't stop this.
-Edit-
I've now further edited and tested this, this now also will support mapping dependency graph findings to dependabot findings so we can get a valid breakdown of data in comparison
I have also added functionality for doing proper checks for dependency Graph comparisons.
As a note, I think outside warnings I believe Licensing is broken as well, it won't actually cause an error.