From 71722517ae8f910d5b7b60b6c73d43118955775f Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Sun, 6 Nov 2022 07:32:17 +0000 Subject: [PATCH 1/3] Move linters and workflows directories to .github --- {linters => .github/linters}/.golangci.yml | 0 {linters => .github/linters}/.hadolint.yaml | 0 {linters => .github/linters}/.markdown-lint.yml | 0 {workflows => .github/workflows}/linter.yml | 0 {workflows => .github/workflows}/reviewdog.yml | 0 {workflows => .github/workflows}/stale.yml | 0 6 files changed, 0 insertions(+), 0 deletions(-) rename {linters => .github/linters}/.golangci.yml (100%) rename {linters => .github/linters}/.hadolint.yaml (100%) rename {linters => .github/linters}/.markdown-lint.yml (100%) rename {workflows => .github/workflows}/linter.yml (100%) rename {workflows => .github/workflows}/reviewdog.yml (100%) rename {workflows => .github/workflows}/stale.yml (100%) diff --git a/linters/.golangci.yml b/.github/linters/.golangci.yml similarity index 100% rename from linters/.golangci.yml rename to .github/linters/.golangci.yml diff --git a/linters/.hadolint.yaml b/.github/linters/.hadolint.yaml similarity index 100% rename from linters/.hadolint.yaml rename to .github/linters/.hadolint.yaml diff --git a/linters/.markdown-lint.yml b/.github/linters/.markdown-lint.yml similarity index 100% rename from linters/.markdown-lint.yml rename to .github/linters/.markdown-lint.yml diff --git a/workflows/linter.yml b/.github/workflows/linter.yml similarity index 100% rename from workflows/linter.yml rename to .github/workflows/linter.yml diff --git a/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml similarity index 100% rename from workflows/reviewdog.yml rename to .github/workflows/reviewdog.yml diff --git a/workflows/stale.yml b/.github/workflows/stale.yml similarity index 100% rename from workflows/stale.yml rename to .github/workflows/stale.yml From 42402957dd4a594d252831778f6d90b02123efb2 Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Sun, 6 Nov 2022 07:41:09 +0000 Subject: [PATCH 2/3] dependabot.yml -> .github/dependabot.yml --- dependabot.yml => .github/dependabot.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename dependabot.yml => .github/dependabot.yml (100%) diff --git a/dependabot.yml b/.github/dependabot.yml similarity index 100% rename from dependabot.yml rename to .github/dependabot.yml From 715e39f263d99a1331d689ad766738a575c2eabd Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Sun, 6 Nov 2022 07:50:16 +0000 Subject: [PATCH 3/3] Create reusable-dependency-review.yml --- .../workflows/reusable-dependency-review.yml | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/reusable-dependency-review.yml diff --git a/.github/workflows/reusable-dependency-review.yml b/.github/workflows/reusable-dependency-review.yml new file mode 100644 index 0000000..382a4a1 --- /dev/null +++ b/.github/workflows/reusable-dependency-review.yml @@ -0,0 +1,41 @@ +name: 'Dependency Review' + +on: + workflow_call: + inputs: + fail-on-severity: + type: string + description: "Configure the severity level for vulnerability alerting. Possible values: critical, high, moderate, low." + default: "high" + allow-ghsas: + type: string + description: "A comma separated list of any GitHub Advisory IDs that can be skipped during detection. Example: 'GHSA-abcd-1234-5679, GHSA-efgh-1234-5679'" + deny-licenses: + type: string + description: "Add a custom list of licenses you want to block." + base-ref: + type: string + description: "Provide custom git references for the git base when performing the comparison." + head-ref: + type: string + description: "Provide custom git references for the git head when performing the comparison." + +permissions: + contents: read + +jobs: + dependency-review: + name: Scan dependencies for license compliance + runs-on: ubuntu-latest + steps: + - name: "Checkout Repository" + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - name: "Dependency Review" + uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1 + with: + fail-on-severity: ${{ inputs.fail-on-severity }} + allow-ghsas: ${{ inputs.allow-ghsas }} + deny-licenses: ${{ inputs.deny-licenses }} + base-ref: ${{ inputs.base-ref }} + head-ref: ${{ inputs.head-ref }} +