Giter Club home page Giter Club logo

Comments (6)

febuiles avatar febuiles commented on June 11, 2024

@nedbat Hi, and thanks for the feedback. This feature was added so people could perform static runs with hardcoded values, so I have not seen it being used as part of pulls alone. What happens if you use the before and after values provided by the pull event?

from dependency-review-action.

nedbat avatar nedbat commented on June 11, 2024

Sorry, to be clear, the two lines I put in seem to work well. It compares master to the tip of the push, so it's checking what will happen when the branch is merged, unless I've misunderstood.

I guess I could also use ${{ github.event.base_ref }} and ${{ github.event.before }} to check what the push is actually changing.

In either case, a bit of doc in the readme about how to use the setting would remove some uncertainty.

from dependency-review-action.

febuiles avatar febuiles commented on June 11, 2024

@nedbat thanks, and apologies for the misunderstanding, I'm glad it was working! A rewrite of the README is in the works (it's too long atm), if you want to help out feel free to open a PR with an example for these options.

from dependency-review-action.

nedbat avatar nedbat commented on June 11, 2024

@febuiles Hi, I don't think I've got my settings right yet. On a pull request across forks, I got this result:

Run actions/dependency-review-action@v3
  with:
    base-ref: master
    head-ref: xml_duplicate_fix
    repo-token: ***
    fail-on-severity: low
    fail-on-scopes: runtime
Error: Bad Request

As above, I am using:

          base-ref: ${{ github.event.pull_request.base.ref || 'master' }}
          head-ref: ${{ github.event.pull_request.head.ref || github.ref }}

I guess I need something to properly deal with forks?

from dependency-review-action.

nedbat avatar nedbat commented on June 11, 2024

This seems to have worked:

          base-ref: ${{ github.event.pull_request.base.sha || 'master' }}
          head-ref: ${{ github.event.pull_request.head.sha || github.ref }}

from dependency-review-action.

febuiles avatar febuiles commented on June 11, 2024

@nedbat that's very interesting! The API for Dependency Review only supports changes against the default branch (usually master or main), which is why base has to be part of that branch.

from dependency-review-action.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.