QUESTION: Config file outside current repo about dependency-review-action HOT 5 CLOSED

@jeffpaul The Action currently only supports config file inside the same repo. I expect support for org-wide config files to land soon.

from dependency-review-action.

@febuiles @cnagadya thanks for the great work on v3 adding the external config file, I'm very excited to use this across our org. Our file is not in the main repo folder (see https://github.com/10up/.github/blob/trunk/.github/dependency-review-config.yml) and attempts to reference a folder structure in the config-file param doesn't seem to work (see https://github.com/10up/insert-special-characters/pull/164/files). Perhaps I've not yet tried the "right" way to call a config file nested within an external repo?

from dependency-review-action.

Hi @jeffpaul, thanks for bringing this up, it's a good question. The current error text is misleading and your config file is getting read.

Because the external config file is a YAML file, we expect to find a list of licenses with the regular YAML format (lines with dashes, like this) (I tested this file as an external config and it works, hope it does for you too)

Since your example is in a single line, YAML will parse the entire line as a single license and then the SPDX parser will raise an error that this is an invalid license expression. Because of the way we handle errors, you end up getting an error for the config file fetching process, while it should actually complain about license parsing. I'll create a new PR to address this!

from dependency-review-action.

@jeffpaul There's actually more to this here, thanks for bringing it up! The previous point of using a YAML list should still work though.

from dependency-review-action.

Awesome, that example in the future-funk repo is super helpful, many thanks!

from dependency-review-action.