-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remote config file setting not getting set/used #422
remote config file setting not getting set/used #422
Comments
Hi @Gomer05. Thank you for the report. I have been able to reproduce it. Here's the failing log: https://github.com/future-funk/studious-giggle/actions/runs/4341088504/jobs/7580269884. I'll take a look at the soon. Reproduction steps I created a new repo. Its config file points to future-funk/miniature-waddle , the repo containing the actual configuration. Expected behavior The output of the run containing Current behavior |
@Gomer05 This should be fixed now in the If you want to test it works, you can replace the
Something to note: The documentation was updated with some mistakes in another PR. I've changed it back, it but it's not super clear so here it goes again: key names in external config files should use underscores ( |
Setting up dependancy-review to use an external repo for its config.
I can't get the config file settings to actually be used/applied
I have confirmed that the repo is accessable and the config file is being loaded by changing the name of the config file to something that doesn't exist and got an error: "Error: Unable to fetch or parse config file: Error fetching remote config file"
Putting a bad, yaml syntax also generates an error:
Unable to fetch or parse config file: Implicit keys need to be on a single line at line 3, column 1: # Possible values: "critical", "high", "moderate", "low" this-is-notused-bad ^
But no matter what setting I put in the config.yml dependancy-review always reports using its default settings, "fail-on-severity: low", "fail-on-scopes: runtime" not the settings in the config file.
Config that we are testing with, remote repo with the following config:
Repo that will be using the above config:
But when the action runs it always reports the following in the action:
So my custom setting are not being used/applied but I get no error loading/parsing the file. Running the action in debug mode didn't give any extra info/errors.
I'm testing with a Pipfile that only has a 'high' issue in it related to the lxml package.
Any ideas on what am I missing/doing wrong?
The text was updated successfully, but these errors were encountered: