Support `push` events about dependency-review-action HOT 5 CLOSED

@reedloden Can those be interpolated in the config to achieve the same result? I haven't tried yet, but I'm thinking of something like:

name: 'Dependency Review'
on: push

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v2
        with:
          # insert the event fields here
          base-ref: ${{ github.event.before }}
          head-ref: ${{ github.sha }}

from dependency-review-action.

@reedloden The reason for using the PR events is that we get the refs automatically from the PR itself. How can we fetch those values by default for other types of events?

from dependency-review-action.

@febuiles Wouldn't it be possible (for the majority of cases, at least) for you to compare github.sha with github.event.before? If github.event.before is 0000000000000000000000000000000000000000, then just treat it as initial commit and scan the full contents of the commit (versus the diff). Hopefully, I got those variables correct. The docs are not that great.

from dependency-review-action.

@reedloden Can those be interpolated in the config to achieve the same result? I haven't tried yet, but I'm thinking of something like:

name: 'Dependency Review'
on: push

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v2
        with:
          # insert the event fields here
          base-ref: ${{ github.event.before }}
          head-ref: ${{ github.sha }}

It works :)

from dependency-review-action.

Great to hear, marking as closed!

from dependency-review-action.