diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml index 83c816f..074338b 100644 --- a/.github/workflows/dependabot.yml +++ b/.github/workflows/dependabot.yml @@ -1,6 +1,11 @@ name: 'Dependency review' on: + push: + branches: + - "main" + - "**/dev/**" + - "release/**" pull_request: branches: - "main" @@ -11,15 +16,67 @@ on: - synchronize - reopened - ready_for_review + workflow_dispatch: + inputs: + # Associated to `allow-licenses` or `deny-licenses` workflow options + license-selection: + description: 'Select the licenses to deny or allow' + required: true + type: string + default: 'GPL-1.0-or-later, LGPL-2.0-or-later' + # Describes what the previous selection will do + license-action: + description: 'Select the action to take on the selected licenses' + required: true + type: choice + default: deny + options: + - deny + - allow + # Associated to `fail-on-severity` workflow option + severity-selection: + description: 'Select the severity level to fail on' + required: true + type: choice + default: low + options: + - low + - moderate + - high + - critical + # Associated to `warn-only` workflow option + warn-only: + description: 'Select whether to fail the workflow or just warn' + required: true + type: boolean + default: false + # Associated to `fail-on-scopes` workflow option + scopes: + description: 'Select the scopes to run the action on' + required: true + type: choice + options: + - runtime + - development + - unknown + default: runtime permissions: contents: read # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option pull-requests: write +env: + HEAD_REF: ${{ github.event.ref }} + BASE_REF: ${{ (github.event.base_ref != null) && github.event.base_ref || github.event.ref }} + IS_PR: ${{ contains(github.event_name, 'pull_request') }} + IS_PUSH: ${{ contains(github.event_name, 'push') }} + IS_MANUAL: ${{ contains(github.event_name, 'workflow_dispatch') }} + jobs: - dependency-review: + dependency-review-on-pr: runs-on: ubuntu-latest + if: ${{ contains(github.event_name, 'pull_request') }} steps: - name: 'Checkout repository' uses: actions/checkout@v4 @@ -29,3 +86,46 @@ jobs: comment-summary-in-pr: always fail-on-severity: low deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later + dependency-review-on-push: + runs-on: ubuntu-latest + if: ${{ contains(github.event_name, 'push') }} + steps: + - name: 'Checkout repository' + uses: actions/checkout@v4 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 + with: + fail-on-severity: low + deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later + base-ref: ${{ env.BASE_REF }} + head-ref: ${{ env.HEAD_REF }} + dependency-review-manual-with-allow-licenses: + runs-on: ubuntu-latest + if: ${{ (contains(github.event_name, 'workflow_dispatch') && inputs['license-action'] == 'allow') }} + steps: + - name: 'Checkout repository' + uses: actions/checkout@v4 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 + with: + fail-on-severity: ${{ inputs['severity-selection'] }} + allow-licenses: ${{ inputs['license-selection'] }} + warn-only: ${{ inputs['warn-only'] }} + fail-on-scopes: ${{ inputs['scopes'] }} + base-ref: ${{ env.BASE_REF }} + head-ref: ${{ env.HEAD_REF }} + dependency-review-manual-with-deny-licenses: + runs-on: ubuntu-latest + if: ${{ (contains(github.event_name, 'workflow_dispatch') && inputs['license-action'] == 'deny') }} + steps: + - name: 'Checkout repository' + uses: actions/checkout@v4 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 + with: + fail-on-severity: ${{ inputs['severity-selection'] }} + deny-licenses: ${{ inputs['license-selection'] }} + warn-only: ${{ inputs['warn-only'] }} + fail-on-scopes: ${{ inputs['scopes'] }} + base-ref: ${{ env.BASE_REF }} + head-ref: ${{ env.HEAD_REF }} \ No newline at end of file diff --git a/.github/workflows/dependabot_onpush.yml b/.github/workflows/dependabot_onpush.yml deleted file mode 100644 index 906d7b0..0000000 --- a/.github/workflows/dependabot_onpush.yml +++ /dev/null @@ -1,32 +0,0 @@ - -name: 'Dependency review' -on: - push: - branches: - - "main" - - "**/dev/**" - - "release/**" - -permissions: - contents: read - # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option - # pull-requests: write - -env: - HEAD_REF: ${{ github.event.ref }} - BASE_REF: ${{ (github.event.base_ref != null) && github.event.base_ref || github.event.ref }} - -jobs: - dependency-review: - runs-on: ubuntu-latest - steps: - - name: 'Checkout repository' - uses: actions/checkout@v4 - - name: 'Dependency Review' - uses: actions/dependency-review-action@v4 - with: - comment-summary-in-pr: always - fail-on-severity: low - deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later - base-ref: ${{ env.BASE_REF }} - head-ref: ${{ env.HEAD_REF }} diff --git a/.github/workflows/manual_dependabot.yml b/.github/workflows/manual_dependabot.yml deleted file mode 100644 index 965aab7..0000000 --- a/.github/workflows/manual_dependabot.yml +++ /dev/null @@ -1,88 +0,0 @@ - -name: 'Manual dependency review' -on: - workflow_dispatch: - inputs: - # Associated to `allow-licenses` or `deny-licenses` workflow options - license-selection: - description: 'Select the licenses to deny or allow' - required: true - type: string - default: 'GPL-1.0-or-later, LGPL-2.0-or-later' - # Describes what the previous selection will do - license-action: - description: 'Select the action to take on the selected licenses' - required: true - type: choice - default: deny - options: - - deny - - allow - # Associated to `fail-on-severity` workflow option - severity-selection: - description: 'Select the severity level to fail on' - required: true - type: choice - default: low - options: - - low - - moderate - - high - - critical - # Associated to `warn-only` workflow option - warn-only: - description: 'Select whether to fail the workflow or just warn' - required: true - type: boolean - default: false - # Associated to `fail-on-scopes` workflow option - scopes: - description: 'Select the scopes to run the action on' - required: true - type: choice - options: - - runtime - - development - - unknown - default: runtime - -permissions: - contents: read - # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option - # pull-requests: write - -env: - HEAD_REF: ${{ github.event.ref }} - BASE_REF: ${{ (github.event.base_ref != null) && github.event.base_ref || github.event.ref }} - -jobs: - dependency-review_with_allow_licenses: - runs-on: ubuntu-latest - if: ${{ inputs['license-action'] == 'allow' }} - steps: - - name: 'Checkout repository' - uses: actions/checkout@v4 - - name: 'Dependency Review' - uses: actions/dependency-review-action@v4 - with: - fail-on-severity: ${{ inputs['severity-selection'] }} - allow-licenses: ${{ inputs['license-selection'] }} - warn-only: ${{ inputs['warn-only'] }} - fail-on-scopes: ${{ inputs['scopes'] }} - base-ref: ${{ env.BASE_REF }} - head-ref: ${{ env.HEAD_REF }} - dependency-review_with_deny_licenses: - runs-on: ubuntu-latest - if: ${{ inputs['license-action'] == 'deny' }} - steps: - - name: 'Checkout repository' - uses: actions/checkout@v4 - - name: 'Dependency Review' - uses: actions/dependency-review-action@v4 - with: - fail-on-severity: ${{ inputs['severity-selection'] }} - deny-licenses: ${{ inputs['license-selection'] }} - warn-only: ${{ inputs['warn-only'] }} - fail-on-scopes: ${{ inputs['scopes'] }} - base-ref: ${{ env.BASE_REF }} - head-ref: ${{ env.HEAD_REF }}