feat(danger): Block PR if yarn audit has high or critical, do not run on dependabot, no warn on version #327
Conversation
ahobson
requested review from
gidjin,
haworku,
sarboc,
suzubara and
tinyels
as code owners
ahobson
force-pushed
the
feat-dangerjs-block-yarn-audit-324
branch
2 times, most recently
from
3f14225 to
aec57bc
Compare
ahobson
changed the title
dangerfile.ts
Outdated
| // skip these checks if PR is by dependabot, if we don't have a github object let it run also since we are local | ||
| if ( | ||
| !danger.github || | ||
| (danger.github && danger.github.pr.user.login !== 'dependabot-preview[bot]') |
There was a problem hiding this comment.
In other places (circleci config) we check for 'dependabot-preview[bot]' and `dependabot[bot]' . Assuming that's no longer needed? Just checking
There was a problem hiding this comment.
Not sure. I'll try to check
There was a problem hiding this comment.
I think I found a way to detect all bots, so I think that will do what we want
There was a problem hiding this comment.
Thanks for looking for into it 🚀
| @@ -129,7 +129,7 @@ | |||
| "husky": { | |||
| "hooks": { | |||
| "pre-commit": "tsc --noEmit && lint-staged", | |||
| "pre-push": "yarn danger local --failOnErrors" | |||
| "pre-push": "yarn danger local -b main --failOnErrors" | |||
There was a problem hiding this comment.
is running yarn danger local -b main --failOnErrors locally supposed to work for me at this point?
I'm getting the Error: fatal: ambiguous argument 'master...HEAD': unknown revision or path not in the working tree. error
There was a problem hiding this comment.
No, there hasn't been any more feedback on my bug report. Maybe I'll just open a PR
ahobson
force-pushed
the
feat-dangerjs-block-yarn-audit-324
branch
from
8e57aef to
c1b511b
Compare
Summary
Update danger config to run
yarn auditand block if high or critical issues are found.Do not run danger on dependabot PRs
Do not warn if the only changes the
package.jsonis the versionRelated Issues or PRs
closes #324
How To Test
Screenshots (optional)