dependency-review-action icon indicating copy to clipboard operation
dependency-review-action copied to clipboard
verified publisher icon actions

[BUG] `along with GitHub Advanced Security on private repositories` is superfluous for public repositories

Open jsoref opened this issue 8 months ago • 0 comments

Describe the bug Error message mentions private repositories, but the action can know that the repository in question is not private.

To Reproduce Steps to reproduce the behavior:

  1. Go to https://github.com/check-spelling-sandbox/caffeine/actions/runs/14451650273/job/40525556101?pr=1#step:5:9
  2. See

    Error: Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled along with GitHub Advanced Security on private repositories, see https://github.com/check-spelling-sandbox/caffeine/settings/security_analysis

Expected behavior If a fact can be known, don't mention the opposite

Screenshots

Action version What version of the action are you using in your workflow? ce3cf9537a52e8119d91fd484ab5b8a807627bf8

Note: if you're not running the latest release please try that first!

The code is still present in the current version: https://github.com/actions/dependency-review-action/blob/67d4f4bd7a9b17a0db54d2a7519187c65e339de8/src/main.ts#L199

Examples https://github.com/check-spelling-sandbox/caffeine/actions/runs/14451650273/workflow?pr=1

Additional context GitHub exposes github.event.repository.private: https://github.com/jsoref/debug-github-events/actions/runs/14014253846

... so this code could check for that and private a better message.

jsoref avatar Apr 14 '25 18:04 jsoref