Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Listing too many allow-dependencies-licenses makes the summary output unreadable #801

Open
jtomkiew-mng opened this issue Jul 23, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@jtomkiew-mng
Copy link

Describe the bug
If allow-dependencies-licenses input contains a lot of entries, the generated sumary is very difficult to read as it will contain the full list of ignored packages.

To Reproduce

  1. Using a config file, add ~6000 packages to the allow-dependencies-licenses: https://gist.github.com/jtomkiew-mng/5102060143b01ca41ad033d3cbd18f16
  2. Run the action
  3. Check summary

Expected behavior
Limit Excluded from license check in the summary to only contain packages that were detected in the execution (i.e. if I have pkg:nuget/Package.Name defined in allow-dependencies-licenses but this package was not detected in the current workflow, do not list it).

Alternatively, if the above is too much work, simply make Excluded from license check as collapsable details (using the <details> and <summary> tag elements).

Screenshots
image

Action version
v4.3.3

Examples
Example config file: https://gist.github.com/jtomkiew-mng/5102060143b01ca41ad033d3cbd18f16
Example project file:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
    <IsPackable>false</IsPackable>
    <IsTestProject>true</IsTestProject>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="System.ComponentModel.TypeConverter" Version="4.3.2" />
    <PackageReference Include="System.Net.Security" Version="4.3.2" />
    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
    <PackageReference Include="System.Net.Http" Version="4.3.4" />
    <PackageReference Include="Microsoft.Web.Administration" Version="11.1.0" />
  </ItemGroup>

</Project>

Example workflow step:

    - name: Dependency Review
      uses: actions/dependency-review-action@v4.3.3
      with:
        license-check: true
        vulnerability-check: true
        warn-only: false
        fail-on-scopes: runtime
        fail-on-severity: high
        config-file: ./dependency-review-config.yaml

Additional context
None.

@jtomkiew-mng jtomkiew-mng added the bug Something isn't working label Jul 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant