projen/lib/github/dependency-review.js

CDK for software projects

"use strict";
var _a;
Object.defineProperty(exports, "__esModule", { value: true });
exports.DependencyReview = void 0;
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
const workflow_steps_1 = require("./workflow-steps");
const workflows_model_1 = require("./workflows-model");
const component_1 = require("../component");
const runner_options_1 = require("../runner-options");
/**
 * Adds a GitHub workflow that runs the dependency-review-action on pull requests.
 *
 * This action scans pull requests for dependency changes and raises an error
 * if any vulnerabilities or invalid licenses are introduced.
 *
 * @see https://github.com/actions/dependency-review-action
 */
class DependencyReview extends component_1.Component {
    constructor(github, options = {}) {
        super(github.project);
        const commentSummary = options.commentSummaryInPr ?? "always";
        const workflow = github.addWorkflow("dependency-review");
        workflow.on({
            pullRequest: {},
            workflowDispatch: {},
        });
        workflow.addJobs({
            "dependency-review": {
                ...(0, runner_options_1.filteredRunsOnOptions)(options.runsOn, options.runsOnGroup),
                permissions: {
                    contents: workflows_model_1.JobPermission.READ,
                    ...(commentSummary !== "never"
                        ? { pullRequests: workflows_model_1.JobPermission.WRITE }
                        : {}),
                },
                steps: [
                    workflow_steps_1.WorkflowSteps.checkout(),
                    {
                        name: "Dependency Review",
                        uses: "actions/dependency-review-action@v4",
                        with: {
                            "fail-on-severity": options.failOnSeverity,
                            "allow-licenses": options.allowLicenses?.join(", "),
                            "vulnerability-check": options.vulnerabilityCheck,
                            "license-check": options.licenseCheck,
                            "fail-on-scopes": options.failOnScopes?.join(", "),
                            "config-file": options.configFile,
                            "allow-ghsas": options.allowGhsas?.join(", "),
                            "deny-packages": options.denyPackages?.join(", "),
                            "comment-summary-in-pr": commentSummary,
                            "warn-only": options.warnOnly,
                            "show-openssf-scorecard": options.showOpenSSFScorecard,
                            "warn-on-openssf-scorecard-level": options.warnOnOpenSSFScorecardLevel,
                        },
                    },
                ],
            },
        });
    }
}
exports.DependencyReview = DependencyReview;
_a = JSII_RTTI_SYMBOL_1;
DependencyReview[_a] = { fqn: "projen.github.DependencyReview", version: "0.99.51" };
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGVwZW5kZW5jeS1yZXZpZXcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZ2l0aHViL2RlcGVuZGVuY3ktcmV2aWV3LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQ0EscURBQWlEO0FBQ2pELHVEQUFrRDtBQUNsRCw0Q0FBeUM7QUFFekMsc0RBQTBEO0FBdUcxRDs7Ozs7OztHQU9HO0FBQ0gsTUFBYSxnQkFBaUIsU0FBUSxxQkFBUztJQUM3QyxZQUFZLE1BQWMsRUFBRSxVQUFtQyxFQUFFO1FBQy9ELEtBQUssQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFdEIsTUFBTSxjQUFjLEdBQUcsT0FBTyxDQUFDLGtCQUFrQixJQUFJLFFBQVEsQ0FBQztRQUU5RCxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsV0FBVyxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDekQsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUNWLFdBQVcsRUFBRSxFQUFFO1lBQ2YsZ0JBQWdCLEVBQUUsRUFBRTtTQUNyQixDQUFDLENBQUM7UUFFSCxRQUFRLENBQUMsT0FBTyxDQUFDO1lBQ2YsbUJBQW1CLEVBQUU7Z0JBQ25CLEdBQUcsSUFBQSxzQ0FBcUIsRUFBQyxPQUFPLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxXQUFXLENBQUM7Z0JBQzdELFdBQVcsRUFBRTtvQkFDWCxRQUFRLEVBQUUsK0JBQWEsQ0FBQyxJQUFJO29CQUM1QixHQUFHLENBQUMsY0FBYyxLQUFLLE9BQU87d0JBQzVCLENBQUMsQ0FBQyxFQUFFLFlBQVksRUFBRSwrQkFBYSxDQUFDLEtBQUssRUFBRTt3QkFDdkMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztpQkFDUjtnQkFDRCxLQUFLLEVBQUU7b0JBQ0wsOEJBQWEsQ0FBQyxRQUFRLEVBQUU7b0JBQ3hCO3dCQUNFLElBQUksRUFBRSxtQkFBbUI7d0JBQ3pCLElBQUksRUFBRSxxQ0FBcUM7d0JBQzNDLElBQUksRUFBRTs0QkFDSixrQkFBa0IsRUFBRSxPQUFPLENBQUMsY0FBYzs0QkFDMUMsZ0JBQWdCLEVBQUUsT0FBTyxDQUFDLGFBQWEsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDOzRCQUNuRCxxQkFBcUIsRUFBRSxPQUFPLENBQUMsa0JBQWtCOzRCQUNqRCxlQUFlLEVBQUUsT0FBTyxDQUFDLFlBQVk7NEJBQ3JDLGdCQUFnQixFQUFFLE9BQU8sQ0FBQyxZQUFZLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQzs0QkFDbEQsYUFBYSxFQUFFLE9BQU8sQ0FBQyxVQUFVOzRCQUNqQyxhQUFhLEVBQUUsT0FBTyxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDOzRCQUM3QyxlQUFlLEVBQUUsT0FBTyxDQUFDLFlBQVksRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDOzRCQUNqRCx1QkFBdUIsRUFBRSxjQUFjOzRCQUN2QyxXQUFXLEVBQUUsT0FBTyxDQUFDLFFBQVE7NEJBQzdCLHdCQUF3QixFQUFFLE9BQU8sQ0FBQyxvQkFBb0I7NEJBQ3RELGlDQUFpQyxFQUMvQixPQUFPLENBQUMsMkJBQTJCO3lCQUN0QztxQkFDRjtpQkFDRjthQUNGO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQzs7QUE3Q0gsNENBOENDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHR5cGUgeyBHaXRIdWIgfSBmcm9tIFwiLi9naXRodWJcIjtcbmltcG9ydCB7IFdvcmtmbG93U3RlcHMgfSBmcm9tIFwiLi93b3JrZmxvdy1zdGVwc1wiO1xuaW1wb3J0IHsgSm9iUGVybWlzc2lvbiB9IGZyb20gXCIuL3dvcmtmbG93cy1tb2RlbFwiO1xuaW1wb3J0IHsgQ29tcG9uZW50IH0gZnJvbSBcIi4uL2NvbXBvbmVudFwiO1xuaW1wb3J0IHR5cGUgeyBHcm91cFJ1bm5lck9wdGlvbnMgfSBmcm9tIFwiLi4vcnVubmVyLW9wdGlvbnNcIjtcbmltcG9ydCB7IGZpbHRlcmVkUnVuc09uT3B0aW9ucyB9IGZyb20gXCIuLi9ydW5uZXItb3B0aW9uc1wiO1xuXG4vKipcbiAqIE9wdGlvbnMgZm9yIHRoZSBEZXBlbmRlbmN5UmV2aWV3IGNvbXBvbmVudC5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBEZXBlbmRlbmN5UmV2aWV3T3B0aW9ucyB7XG4gIC8qKlxuICAgKiBUaGUgc2V2ZXJpdHkgbGV2ZWwgYXQgd2hpY2ggdGhlIGFjdGlvbiB3aWxsIGZhaWwuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gbm8gbWluaW11bSBzZXZlcml0eSAoYWN0aW9uIGRlZmF1bHQgaXMgXCJsb3dcIilcbiAgICovXG4gIHJlYWRvbmx5IGZhaWxPblNldmVyaXR5PzogXCJsb3dcIiB8IFwibW9kZXJhdGVcIiB8IFwiaGlnaFwiIHwgXCJjcml0aWNhbFwiO1xuXG4gIC8qKlxuICAgKiBMaXN0IG9mIGFsbG93ZWQgU1BEWCBsaWNlbnNlIGlkZW50aWZpZXJzLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIG5vIGxpY2Vuc2UgYWxsb3ctbGlzdFxuICAgKi9cbiAgcmVhZG9ubHkgYWxsb3dMaWNlbnNlcz86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBFbmFibGUgb3IgZGlzYWJsZSB0aGUgdnVsbmVyYWJpbGl0eSBjaGVjay5cbiAgICpcbiAgICogQGRlZmF1bHQgdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgdnVsbmVyYWJpbGl0eUNoZWNrPzogYm9vbGVhbjtcblxuICAvKipcbiAgICogRW5hYmxlIG9yIGRpc2FibGUgdGhlIGxpY2Vuc2UgY2hlY2suXG4gICAqXG4gICAqIEBkZWZhdWx0IHRydWVcbiAgICovXG4gIHJlYWRvbmx5IGxpY2Vuc2VDaGVjaz86IGJvb2xlYW47XG5cbiAgLyoqXG4gICAqIFNjb3BlcyBvZiBkZXBlbmRlbmNpZXMgdG8gZmFpbCBvbi5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBubyBzY29wZXMgZmlsdGVyIChhY3Rpb24gZGVmYXVsdCBpcyBcInJ1bnRpbWVcIilcbiAgICovXG4gIHJlYWRvbmx5IGZhaWxPblNjb3Blcz86IEFycmF5PFwicnVudGltZVwiIHwgXCJkZXZlbG9wbWVudFwiIHwgXCJ1bmtub3duXCI+O1xuXG4gIC8qKlxuICAgKiBQYXRoIHRvIGFuIGV4dGVybmFsIGNvbmZpZ3VyYXRpb24gZmlsZS5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBubyBleHRlcm5hbCBjb25maWdcbiAgICovXG4gIHJlYWRvbmx5IGNvbmZpZ0ZpbGU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIEdpdEh1YiBBZHZpc29yeSBEYXRhYmFzZSBJRHMgdGhhdCBjYW4gYmUgc2tpcHBlZCBkdXJpbmcgZGV0ZWN0aW9uLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIG5vIGFkdmlzb3JpZXMgYXJlIHNraXBwZWRcbiAgICovXG4gIHJlYWRvbmx5IGFsbG93R2hzYXM/OiBzdHJpbmdbXTtcblxuICAvKipcbiAgICogUGFja2FnZXMgdG8gYmxvY2sgaW4gYSBQUiAoaW4gcHVybCBmb3JtYXQpLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIG5vIHBhY2thZ2VzIGFyZSBkZW5pZWRcbiAgICovXG4gIHJlYWRvbmx5IGRlbnlQYWNrYWdlcz86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBXaGV0aGVyIHRvIHBvc3QgYSBjb21tZW50IHN1bW1hcnkgb24gdGhlIFBSLlxuICAgKlxuICAgKiBAZGVmYXVsdCBcImFsd2F5c1wiXG4gICAqL1xuICByZWFkb25seSBjb21tZW50U3VtbWFyeUluUHI/OiBcImFsd2F5c1wiIHwgXCJvbi1mYWlsdXJlXCIgfCBcIm5ldmVyXCI7XG5cbiAgLyoqXG4gICAqIFdoZW4gdHJ1ZSwgdGhlIGFjdGlvbiB3aWxsIG9ubHkgd2FybiBhbmQgbm90IGZhaWwuXG4gICAqXG4gICAqIEBkZWZhdWx0IGZhbHNlXG4gICAqL1xuICByZWFkb25seSB3YXJuT25seT86IGJvb2xlYW47XG5cbiAgLyoqXG4gICAqIFNob3cgT3BlblNTRiBTY29yZWNhcmQgc2NvcmVzIGZvciBkZXBlbmRlbmNpZXMuXG4gICAqXG4gICAqIEBkZWZhdWx0IHRydWVcbiAgICovXG4gIHJlYWRvbmx5IHNob3dPcGVuU1NGU2NvcmVjYXJkPzogYm9vbGVhbjtcblxuICAvKipcbiAgICogU2NvcmUgdGhyZXNob2xkIGZvciBPcGVuU1NGIFNjb3JlY2FyZCB3YXJuaW5ncy5cbiAgICpcbiAgICogQGRlZmF1bHQgM1xuICAgKi9cbiAgcmVhZG9ubHkgd2Fybk9uT3BlblNTRlNjb3JlY2FyZExldmVsPzogbnVtYmVyO1xuXG4gIC8qKlxuICAgKiBHaXRodWIgUnVubmVyIHNlbGVjdGlvbiBsYWJlbHMuXG4gICAqXG4gICAqIEBkZWZhdWx0IFtcInVidW50dS1sYXRlc3RcIl1cbiAgICovXG4gIHJlYWRvbmx5IHJ1bnNPbj86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBHaXRodWIgUnVubmVyIEdyb3VwIHNlbGVjdGlvbiBvcHRpb25zLlxuICAgKi9cbiAgcmVhZG9ubHkgcnVuc09uR3JvdXA/OiBHcm91cFJ1bm5lck9wdGlvbnM7XG59XG5cbi8qKlxuICogQWRkcyBhIEdpdEh1YiB3b3JrZmxvdyB0aGF0IHJ1bnMgdGhlIGRlcGVuZGVuY3ktcmV2aWV3LWFjdGlvbiBvbiBwdWxsIHJlcXVlc3RzLlxuICpcbiAqIFRoaXMgYWN0aW9uIHNjYW5zIHB1bGwgcmVxdWVzdHMgZm9yIGRlcGVuZGVuY3kgY2hhbmdlcyBhbmQgcmFpc2VzIGFuIGVycm9yXG4gKiBpZiBhbnkgdnVsbmVyYWJpbGl0aWVzIG9yIGludmFsaWQgbGljZW5zZXMgYXJlIGludHJvZHVjZWQuXG4gKlxuICogQHNlZSBodHRwczovL2dpdGh1Yi5jb20vYWN0aW9ucy9kZXBlbmRlbmN5LXJldmlldy1hY3Rpb25cbiAqL1xuZXhwb3J0IGNsYXNzIERlcGVuZGVuY3lSZXZpZXcgZXh0ZW5kcyBDb21wb25lbnQge1xuICBjb25zdHJ1Y3RvcihnaXRodWI6IEdpdEh1Yiwgb3B0aW9uczogRGVwZW5kZW5jeVJldmlld09wdGlvbnMgPSB7fSkge1xuICAgIHN1cGVyKGdpdGh1Yi5wcm9qZWN0KTtcblxuICAgIGNvbnN0IGNvbW1lbnRTdW1tYXJ5ID0gb3B0aW9ucy5jb21tZW50U3VtbWFyeUluUHIgPz8gXCJhbHdheXNcIjtcblxuICAgIGNvbnN0IHdvcmtmbG93ID0gZ2l0aHViLmFkZFdvcmtmbG93KFwiZGVwZW5kZW5jeS1yZXZpZXdcIik7XG4gICAgd29ya2Zsb3cub24oe1xuICAgICAgcHVsbFJlcXVlc3Q6IHt9LFxuICAgICAgd29ya2Zsb3dEaXNwYXRjaDoge30sXG4gICAgfSk7XG5cbiAgICB3b3JrZmxvdy5hZGRKb2JzKHtcbiAgICAgIFwiZGVwZW5kZW5jeS1yZXZpZXdcIjoge1xuICAgICAgICAuLi5maWx0ZXJlZFJ1bnNPbk9wdGlvbnMob3B0aW9ucy5ydW5zT24sIG9wdGlvbnMucnVuc09uR3JvdXApLFxuICAgICAgICBwZXJtaXNzaW9uczoge1xuICAgICAgICAgIGNvbnRlbnRzOiBKb2JQZXJtaXNzaW9uLlJFQUQsXG4gICAgICAgICAgLi4uKGNvbW1lbnRTdW1tYXJ5ICE9PSBcIm5ldmVyXCJcbiAgICAgICAgICAgID8geyBwdWxsUmVxdWVzdHM6IEpvYlBlcm1pc3Npb24uV1JJVEUgfVxuICAgICAgICAgICAgOiB7fSksXG4gICAgICAgIH0sXG4gICAgICAgIHN0ZXBzOiBbXG4gICAgICAgICAgV29ya2Zsb3dTdGVwcy5jaGVja291dCgpLFxuICAgICAgICAgIHtcbiAgICAgICAgICAgIG5hbWU6IFwiRGVwZW5kZW5jeSBSZXZpZXdcIixcbiAgICAgICAgICAgIHVzZXM6IFwiYWN0aW9ucy9kZXBlbmRlbmN5LXJldmlldy1hY3Rpb25AdjRcIixcbiAgICAgICAgICAgIHdpdGg6IHtcbiAgICAgICAgICAgICAgXCJmYWlsLW9uLXNldmVyaXR5XCI6IG9wdGlvbnMuZmFpbE9uU2V2ZXJpdHksXG4gICAgICAgICAgICAgIFwiYWxsb3ctbGljZW5zZXNcIjogb3B0aW9ucy5hbGxvd0xpY2Vuc2VzPy5qb2luKFwiLCBcIiksXG4gICAgICAgICAgICAgIFwidnVsbmVyYWJpbGl0eS1jaGVja1wiOiBvcHRpb25zLnZ1bG5lcmFiaWxpdHlDaGVjayxcbiAgICAgICAgICAgICAgXCJsaWNlbnNlLWNoZWNrXCI6IG9wdGlvbnMubGljZW5zZUNoZWNrLFxuICAgICAgICAgICAgICBcImZhaWwtb24tc2NvcGVzXCI6IG9wdGlvbnMuZmFpbE9uU2NvcGVzPy5qb2luKFwiLCBcIiksXG4gICAgICAgICAgICAgIFwiY29uZmlnLWZpbGVcIjogb3B0aW9ucy5jb25maWdGaWxlLFxuICAgICAgICAgICAgICBcImFsbG93LWdoc2FzXCI6IG9wdGlvbnMuYWxsb3dHaHNhcz8uam9pbihcIiwgXCIpLFxuICAgICAgICAgICAgICBcImRlbnktcGFja2FnZXNcIjogb3B0aW9ucy5kZW55UGFja2FnZXM/LmpvaW4oXCIsIFwiKSxcbiAgICAgICAgICAgICAgXCJjb21tZW50LXN1bW1hcnktaW4tcHJcIjogY29tbWVudFN1bW1hcnksXG4gICAgICAgICAgICAgIFwid2Fybi1vbmx5XCI6IG9wdGlvbnMud2Fybk9ubHksXG4gICAgICAgICAgICAgIFwic2hvdy1vcGVuc3NmLXNjb3JlY2FyZFwiOiBvcHRpb25zLnNob3dPcGVuU1NGU2NvcmVjYXJkLFxuICAgICAgICAgICAgICBcIndhcm4tb24tb3BlbnNzZi1zY29yZWNhcmQtbGV2ZWxcIjpcbiAgICAgICAgICAgICAgICBvcHRpb25zLndhcm5Pbk9wZW5TU0ZTY29yZWNhcmRMZXZlbCxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgfSxcbiAgICAgICAgXSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==