QUESTION: Config file outside current repo #285
Comments
|
@jeffpaul The Action currently only supports config file inside the same repo. I expect support for org-wide config files to land soon. |
|
@febuiles @cnagadya thanks for the great work on v3 adding the external config file, I'm very excited to use this across our org. Our file is not in the main repo folder (see https://github.com/10up/.github/blob/trunk/.github/dependency-review-config.yml) and attempts to reference a folder structure in the |
|
Hi @jeffpaul, thanks for bringing this up, it's a good question. The current error text is misleading and your config file is getting read. Because the external config file is a YAML file, we expect to find a list of licenses with the regular YAML format (lines with dashes, like this) (I tested this file as an external config and it works, hope it does for you too) Since your example is in a single line, YAML will parse the entire line as a single license and then the SPDX parser will raise an error that this is an invalid license expression. Because of the way we handle errors, you end up getting an error for the config file fetching process, while it should actually complain about license parsing. I'll create a new PR to address this! |
|
Awesome, that example in the |
I've tried to update our Dependency Review Action to use a config file, but trying to use a config file in our org-wide .github repo (see: 10up/insert-special-characters#164). However the error I'm seeing in that action run seems to point to the config file needing to be within the report. Can you clarify if the config file can be in a different repo and if so what the correct format is for that? Thanks!
The text was updated successfully, but these errors were encountered: