Le « action de révision des dépendances » fait référence à l’action spécifique qui permet de signaler les différences dans une pull request dans le contexte de GitHub Actions. Il peut également ajouter des mécanismes d’application au GitHub Actions flux de travail. Pour plus d’informations, consultez « Vérification des dépendances ».
Pour obtenir la liste des options de configuration courantes, consultez Révision des dépendances sur le GitHub Marketplace.
Configuration de action de révision des dépendances
Il existe deux méthodes pour configurer le action de révision des dépendances :
- Incorporer les options de configuration dans votre fichier de workflow.
- Référencer un fichier de configuration dans votre fichier de workflow.
Notez que tous les exemples utilisent un numéro de version court pour l’action (v3) au lieu d’un numéro de version SemVer (par exemple, v3.0.8). Cela garantit que vous utilisez la version mineure la plus récente de l’action.
Utilisation de la configuration inline pour configurer l'action de révision des dépendances
-
Ajoutez un nouveau workflow YAML à votre dossier
.github/workflows.
Pour runs-on, l’étiquette par défaut est self-hosted. Vous pouvez remplacer l’étiquette par défaut par celle de n’importe lequel de vos runners.
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: [self-hosted]
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v6
- name: Dependency Review
uses: actions/dependency-review-action@v4
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: [self-hosted]
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v6
- name: Dependency Review
uses: actions/dependency-review-action@v4
-
Spécifiez vos paramètres.
Cet action de révision des dépendances exemple de fichier illustre comment utiliser les options de configuration disponibles.
YAML name: 'Dependency Review' on: [pull_request] permissions: contents: read jobs: dependency-review: runs-on: [self-hosted] steps: - name: 'Checkout Repository' uses: actions/checkout@v6 - name: Dependency Review uses: actions/dependency-review-action@v4 with: # Possible values: "critical", "high", "moderate", "low" fail-on-severity: critical # ([String]). Skip these GitHub Advisory Database IDs during detection (optional) # Possible values: Any valid GitHub Advisory Database ID from https://github.com/advisories allow-ghsas: GHSA-abcd-1234-5679, GHSA-efgh-1234-5679 # ([String]). Block pull requests that introduce vulnerabilities in the scopes that match this list (optional) # Possible values: "development", "runtime", "unknown" fail-on-scopes: development, runtimename: 'Dependency Review' on: [pull_request] permissions: contents: read jobs: dependency-review: runs-on: [self-hosted] steps: - name: 'Checkout Repository' uses: actions/checkout@v6 - name: Dependency Review uses: actions/dependency-review-action@v4 with: # Possible values: "critical", "high", "moderate", "low" fail-on-severity: critical # ([String]). Skip these GitHub Advisory Database IDs during detection (optional) # Possible values: Any valid GitHub Advisory Database ID from https://github.com/advisories allow-ghsas: GHSA-abcd-1234-5679, GHSA-efgh-1234-5679 # ([String]). Block pull requests that introduce vulnerabilities in the scopes that match this list (optional) # Possible values: "development", "runtime", "unknown" fail-on-scopes: development, runtime
Utilisation d’un fichier de configuration pour configurer action de révision des dépendances
-
Ajoutez un nouveau workflow YAML à votre dossier
.github/workflowset utilisezconfig-filepour préciser que vous utilisez un fichier de configuration.
Pour runs-on, l’étiquette par défaut est self-hosted. Vous pouvez remplacer l’étiquette par défaut par l’étiquette de l’un de vos runners.
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: [self-hosted]
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v6
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
# ([String]). Representing a path to a configuration file local to the repository or in an external repository.
# Possible values: An absolute path to a local file or an external file.
config-file: './.github/dependency-review-config.yml'
# Optional alternative syntax for an external file: OWNER/REPOSITORY/FILENAME@BRANCH (uncomment if preferred)
# config-file: 'github/octorepo/dependency-review-config.yml@main'
# ([Token]) Use if your configuration file resides in a private external repository.
# Possible values: Any GitHub token with read access to the private external repository.
external-repo-token: 'ghp_123456789abcde'
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: [self-hosted]
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v6
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
# ([String]). Representing a path to a configuration file local to the repository or in an external repository.
# Possible values: An absolute path to a local file or an external file.
config-file: './.github/dependency-review-config.yml'
# Optional alternative syntax for an external file: OWNER/REPOSITORY/FILENAME@BRANCH (uncomment if preferred)
# config-file: 'github/octorepo/dependency-review-config.yml@main'
# ([Token]) Use if your configuration file resides in a private external repository.
# Possible values: Any GitHub token with read access to the private external repository.
external-repo-token: 'ghp_123456789abcde'
-
Créez le fichier de configuration dans le chemin que vous avez spécifié.
Ce fichier d’exemple YAML illustre la manière dont vous pouvez utiliser les options de configuration disponibles.
YAML # Possible values: "critical", "high", "moderate", "low" fail-on-severity: critical # ([String]). Skip these GitHub Advisory Database IDs during detection (optional) # Possible values: Any valid GitHub Advisory Database ID from https://github.com/advisories allow-ghsas: - GHSA-abcd-1234-5679 - GHSA-efgh-1234-5679 # ([String]). Block pull requests that introduce vulnerabilities in the scopes that match this list (optional) # Possible values: "development", "runtime", "unknown" fail-on-scopes: - development - runtime# Possible values: "critical", "high", "moderate", "low" fail-on-severity: critical # ([String]). Skip these GitHub Advisory Database IDs during detection (optional) # Possible values: Any valid GitHub Advisory Database ID from https://github.com/advisories allow-ghsas: - GHSA-abcd-1234-5679 - GHSA-efgh-1234-5679 # ([String]). Block pull requests that introduce vulnerabilities in the scopes that match this list (optional) # Possible values: "development", "runtime", "unknown" fail-on-scopes: - development - runtime
Pour plus de détails sur les options de configuration, consultez dependency-review-action.