Merge pull request #31 from advanced-security/GeekMasher-patch-1

GeekMasher · web-flow · commit 78c02edffd5a · 2024-07-05T12:03:03.000+01:00
feat(ci): Update docs for dep-review
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -1,6 +1,7 @@
 # 'Dependency Review' Reusable Workflow
 #
-# Note: Override the default configuration by providing a './.github/dependency-review.yml' in your repo.
+# Note: If the default configuration isn't present in your repository, we use the centralised
+# configurations.
 
 name: 'Dependency Review'
 
@@ -10,6 +11,7 @@ on:
 
 permissions:
   contents: read
+  # Required for writing a PR Comment
   pull-requests: write
 
 jobs:
@@ -19,6 +21,8 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@v4
 
+      # [optional] This setup isn't required but if your repository have a configuration,
+      # we use that versus the centralised config. 
       - name: 'Check for configuration file'
         id: config
         env:
@@ -41,5 +45,7 @@ jobs:
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v4
         with:
+          # this value can also be hardcoded to a remote repository
+          # Example: advanced-security/reusable-workflows/.github/dependency-review.yml@main
           config-file: ${{ steps.config.outputs.config }}
           comment-summary-in-pr: "always"
diff --git a/.github/workflows/language-detection-and-assignment.yml b/.github/workflows/language-detection-and-assignment.yml
@@ -5,8 +5,7 @@ on:
     branches: [main]
 
 env:
-    GH_TOKEN: ${{ github.token }}
-
+  GH_TOKEN: ${{ secrets.GH_AP_TOKEN }}
 jobs:
   detect-and-assign:
     runs-on: ubuntu-latest
@@ -46,4 +45,4 @@ jobs:
       - name: Assign default
         if: steps.detect-languages.outputs.java != 'true' && steps.detect-languages.outputs.kotlin != 'true' && steps.detect-languages.outputs.javascript != 'true' && steps.detect-languages.outputs.typescript != 'true' && steps.detect-languages.outputs.go != 'true'  && steps.detect-languages.outputs.codeql != 'true' && steps.detect-languages.outputs.python != 'true'  
         run: |
-          gh pr edit ${{ github.event.number }} --add-reviewer oss-maintainers
+          gh pr edit ${{ github.event.number }} --add-reviewer felickz --add-reviewer Geekmasher --add-reviewer adrienpessu
