Skip to content

Bump actions/dependency-review-action from 4.8.0 to 4.8.1 #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AlphaOne1 merged 2 commits into from
Oct 13, 2025
Merged

Bump actions/dependency-review-action from 4.8.0 to 4.8.1 #58

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8816e8c
Bump actions/dependency-review-action from 4.8.0 to 4.8.1
dependabot[bot] Oct 13, 2025
74020a1
Refined compliance checks.
AlphaOne1 Oct 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 33 additions & 17 deletions .github/workflows/compliance.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,11 +59,11 @@ jobs:
id: range
run: |
set -euo pipefail

# Use GitHub-provided SHAs to build the range for this push
BEFORE="${{ github.event.before }}"
AFTER="${{ github.sha }}"

if [ "$BEFORE" = "0000000000000000000000000000000000000000" ]
then
# New branch or force push without previous SHA
Expand All @@ -76,34 +76,42 @@ jobs:
run: |
set -euo pipefail
missing=""

while read -r sha
do
[ -n "$sha" ] || continue

# Skip commits from bots
committer_name=`git log --format=%cn -n 1 "$sha"`
if echo "$committer_name" | grep -Fq '[bot]' || [ "$committer_name" = "web-flow" ]
committer_email=`git log --format=%ce -n 1 "$sha"`
if echo "$committer_name" | grep -Fq '[bot]' \
|| [ "$committer_name" = "web-flow" ] \
|| echo "$committer_email" | grep -Eqi 'noreply@github\.com$|@users\.noreply\.github\.com$'
then
echo "Skipping bot/web-flow commit $sha from $committer_name"
echo "Skipping commit $sha from $committer_name <$committer_email>"
continue
fi

msg=`git log --format=%B -n 1 "$sha"`

if ! printf '%s' "$msg" | grep -Eqi '^[[:space:]]*Signed[- ]off[- ]by:'
then
echo "Commit $sha missing Signed-off-by"
missing="true"

echo "Committer name: $committer_name"
echo "Committer email: $committer_email"
echo "github.actor: ${{ github.actor }}"
echo "github.event.pusher.name: ${{ github.event.pusher.name }}"
fi
done < shas.txt

if [ "$missing" = "true" ]
then
echo "DCO check failed on push"
exit 1
fi

echo "All pushed commits are signed"

CheckSignedOffPullRequest:
Expand All @@ -130,7 +138,7 @@ jobs:
set -euo pipefail
gh --version
jq --version

# Fetch all commits of the PR with pagination and extract SHAs
gh api -H "Accept: application/vnd.github+json" --paginate \
repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/commits \
Expand All @@ -144,21 +152,29 @@ jobs:
while read -r sha
do
[ -n "$sha" ] || continue

# Skip commits from bots
committer_name=`git log --format=%cn -n 1 "$sha"`
if echo "$committer_name" | grep -Fq '[bot]' || [ "$committer_name" = "web-flow" ]
committer_email=`git log --format=%ce -n 1 "$sha"`
if echo "$committer_name" | grep -Fq '[bot]' \
|| [ "$committer_name" = "web-flow" ] \
|| echo "$committer_email" | grep -Eqi 'noreply@github\.com$|@users\.noreply\.github\.com$'
then
echo "Skipping bot/web-flow commit $sha from $committer_name"
echo "Skipping commit $sha from $committer_name <$committer_email>"
continue
fi

msg=`git log --format=%B -n 1 "$sha"`

if ! printf '%s' "$msg" | grep -Eqi '^[[:space:]]*Signed[- ]off[- ]by:'
then
echo "Commit $sha missing Signed-off-by"
missing="true"

echo "Committer name: $committer_name"
echo "Committer email: $committer_email"
echo "github.actor: ${{ github.actor }}"
echo "github.event.pusher.name: ${{ github.event.pusher.name }}"
fi
done < shas.txt

Expand All @@ -167,4 +183,4 @@ jobs:
echo "DCO check failed"; exit 1
fi

echo "All commits are signed"
echo "All commits are signed"
2 changes: 1 addition & 1 deletion .github/workflows/dependency-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,4 @@ jobs:
- name: 'Checkout Repository'
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: 'Dependency Review'
uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0
uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1
Loading