Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blocking issues (should block but does not) #714

Closed
austimkelly opened this issue Mar 15, 2024 · 5 comments
Closed

Blocking issues (should block but does not) #714

austimkelly opened this issue Mar 15, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@austimkelly
Copy link

austimkelly commented Mar 15, 2024
edited
Loading

I've seen issues with license detection and package manager issues but I've not seen these two specifically raised.

  1. There's no way to block an unknown license. This would be ideal because you run the risk of introducing copy-left licenses. I'd love a simple flag that blocked on unknown licenses. Additionally, allow-licenses and deny-licenses cannot be used together.
  2. The deny-packages does not block, only warns. Not sure why I only get warnings on this, but the docs say it will block.

Here's a readme and PR showing the issues (there's a couple more I showed in the readme):
@jonjanego jonjanego added the bug Something isn't working label Mar 15, 2024
@jonjanego
Copy link
Contributor

Hi @austimkelly, thank you for the feedback!

re:

Additionally, allow-licenses and deny-licenses cannot be used together.

This is by design. I've updated the readme to clarify the behavior.

@jonjanego jonjanego mentioned this issue Mar 15, 2024
Open
@febuiles
Copy link
Contributor

@austimkelly looking at your example PR I see Error: Dependency review detected denied packages. in the action logs and the check failing (which is the purpose of deny_packages). Am I missing something where, or what is your expected behavior for the option?

@austimkelly
Copy link
Author

@austimkelly looking at your example PR I see Error: Dependency review detected denied packages. in the action logs and the check failing (which is the purpose of deny_packages). Am I missing something where, or what is your expected behavior for the option?

Hi @febuiles Thanks for checking this out. Here's the PR annotations I'm seeing where the denied packages are reported as warnings:

Screenshot 2024-03-26 at 8 04 00 AM
Screenshot 2024-03-26 at 8 04 09 AM

My expectation is that these would have red X next to them an also provide a non-zero return to fail the check.

I think I see what I missed now here in the logs:

Screenshot 2024-03-26 at 8 06 51 AM

I was looking for an Error in the Denied section in the logs and not the top level which does report an action. A couple of suggestions:

  1. Make sure a red X is next to any denied packages in the PR annotation summary
  2. Can you report an Error in the Denied section?

So just a little UX issue, but it does seem to make the check fail.

Thanks for taking the time to review my issue.

@febuiles
Copy link
Contributor

@austimkelly Thanks for the clarification. I think your suggestions make sense and would improve

Do you mind opening a new issue with the feature request? This helps with our board's automations.

This was referenced Mar 27, 2024
Closed
Closed
@austimkelly
Copy link
Author

Thanks @febuiles, split to:

#732
#731

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@febuiles @jonjanego @austimkelly