From 4e68aa3099082830fcd70208713b95fe7294c4e4 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 27 Aug 2024 15:15:35 +0800 Subject: [PATCH] feat: streamline dependency-review Use inline configuration rather than a separate config file. --- .github/dependency-review-config.yaml | 20 -------------------- .github/workflows/dependency-review.yaml | 21 ++++++++++++++++++++- 2 files changed, 20 insertions(+), 21 deletions(-) delete mode 100644 .github/dependency-review-config.yaml diff --git a/.github/dependency-review-config.yaml b/.github/dependency-review-config.yaml deleted file mode 100644 index 08389a1..0000000 --- a/.github/dependency-review-config.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md -allow-licenses: -- 'Apache-2.0' -- 'BSD-2-Clause' -- 'BSD-2-Clause-FreeBSD' -- 'BSD-3-Clause' -- 'ISC' -- 'MIT' -- 'PostgreSQL' -- 'Python-2.0' -- 'X11' -- 'Zlib' - -allow-dependencies-licenses: -# this action is GPL-3 but it is only used in CI -# https://github.com/actions/dependency-review-action/issues/530#issuecomment-1638291806 -- pkg:githubactions/vladopajic/go-test-coverage@bcd064e5ceef1ccec5441519eb054263b6a44787 -# this package is MPL-2.0 and has a CNCF exception -# https://github.com/cncf/foundation/blob/9b8c9173c2101c1b4aedad3caf2c0128715133f6/license-exceptions/cncf-exceptions-2022-04-12.json#L43C17-L43C47 -- pkg:golang/github.com/go-sql-driver/mysql diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index 86d7a9e..9c63845 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -13,4 +13,23 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 with: - config-file: .github/dependency-review-config.yaml + # https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md + allow-licenses: + - 'Apache-2.0' + - 'BSD-2-Clause' + - 'BSD-2-Clause-FreeBSD' + - 'BSD-3-Clause' + - 'ISC' + - 'MIT' + - 'PostgreSQL' + - 'Python-2.0' + - 'X11' + - 'Zlib' + + allow-dependencies-licenses: + # this action is GPL-3 but it is only used in CI + # https://github.com/actions/dependency-review-action/issues/530#issuecomment-1638291806 + - pkg:githubactions/vladopajic/go-test-coverage@bcd064e5ceef1ccec5441519eb054263b6a44787 + # this package is MPL-2.0 and has a CNCF exception + # https://github.com/cncf/foundation/blob/9b8c9173c2101c1b4aedad3caf2c0128715133f6/license-exceptions/cncf-exceptions-2022-04-12.json#L43C17-L43C47 + - pkg:golang/github.com/go-sql-driver/mysql