From fe2a482bafb86c626738d1554014c99ce377fc34 Mon Sep 17 00:00:00 2001 From: Federico Builes Date: Wed, 9 Aug 2023 15:24:26 +0200 Subject: [PATCH] Apply suggestions from code review --- README.md | 4 ++-- action.yml | 4 ++-- docs/examples.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 99b4d280b..0bd7a39aa 100644 --- a/README.md +++ b/README.md @@ -78,8 +78,8 @@ Configure this action by either inlining these options in your workflow file, or | `allow-dependencies-licenses`\* | Contains a list of packages that will be excluded from license checks. | Any package(s) in [purl](https://github.com/package-url/purl-spec) format | none | | `base-ref`/`head-ref` | Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than `pull_request` and `pull_request_target`. | Any valid git ref(s) in your project | none | | `comment-summary-in-pr` | Enable or disable reporting the review summary as a comment in the pull request. If enabled, you must give the workflow or job permission `pull-requests: write`. | `true`, `false` | `false` | -| `deny-packages` | Contains a list of denied package's URL. | Any packages [purl](https://github.com/package-url/purl-spec) without the version | empty | -| `deny-groups` | Contains a list of denied groups package's name. | Any packages [purl](https://github.com/package-url/purl-spec) without the version and the name | empty | +| `deny-packages` | Any number of packages to block in a PR. | Package(s) in [purl](https://github.com/package-url/purl-spec) format | empty | +| `deny-groups` | Any number of groups (namespaces) to block in a PR. | Namespace(s) in [purl](https://github.com/package-url/purl-spec) format (no package name, no version number) | empty | \*not supported for use with GitHub Enterprise Server diff --git a/action.yml b/action.yml index 9d65668ba..6dfcd482d 100644 --- a/action.yml +++ b/action.yml @@ -48,10 +48,10 @@ inputs: description: A boolean to determine if the report should be posted as a comment in the PR itself. Setting this to true requires you to give the workflow the write permissions for pull-requests required: false deny-packages: - description: A comma-separated list of packages to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto") + description: A comma-separated list of package URLs to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto") required: false deny-groups: - description: A comma-separated list of groups of packages to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto") + description: A comma-separated list of package URLs for group(s)/namespace(s) to deny (e.g. "pkg:npm/express, pkg:pip/pycrypto") required: false runs: using: 'node16' diff --git a/docs/examples.md b/docs/examples.md index 2d2a956fe..847d9b2ab 100644 --- a/docs/examples.md +++ b/docs/examples.md @@ -233,8 +233,8 @@ jobs: ## Exclude dependencies from their name or groups -Using the `deny-packages` you can exclude dependencies by their full package name. You can add multiple values separated by a comma. -Using the `deny-groups` you can exclude dependencies by their package group name. You can add multiple values separated by a comma. +Using the `deny-packages` option you can exclude dependencies by their PURL. You can add multiple values separated by a commas. +Using the `deny-groups` option you can exclude dependencies by their group name/namespace. You can add multiple values separated by a comma. In this example, we are excluding `pkg:maven/org.apache.logging.log4j:log4j-api` and `pkg:maven/org.apache.logging.log4j/log4j-core` from `maven` and all packages in the group `pkg:maven/com.bazaarvoice.maven`