Image upgrades (#4)

.github/workflows/build.yml

@@ -8,9 +8,6 @@ on:
       - '*.md'
   pull_request:
   workflow_dispatch:
-
-env:
-  build-version-number: 1.0.${{ github.run_number }}  
 
 jobs:
 
@@ -22,6 +19,15 @@ jobs:
     steps:    
       - uses: actions/checkout@v4
 
+      - name: Generate build number
+        id: build_number
+        uses: onyxmueller/build-tag-number@v1
+        with:
+          token: ${{secrets.github_token}}  
+
+      - name: Set release version
+        run: echo "build-version-number=1.0.${{ steps.build_number.outputs.build_number }} " >> $GITHUB_ENV
+
       - name: Create Release
         uses: ncipollo/release-action@v1
         with:

README.md

@@ -9,8 +9,6 @@ A Github action to run .net package dependency checks, and display results in yo
 
 This action uses a Docker image from [pkgchk-cli](https://github.com/tonycknight/pkgchk-cli).
 
-:warning: This action only works with .Net SDK 7.0.200 or higher. Check your `global.json` and other settings!
-
 ## How to use
 
 Your repository `Workflow permissions` settings should give `Read and write permissions` to the `GITHUB_TOKEN`.
@@ -21,19 +19,20 @@ Once done, simply include the action in your workflow, for example:
 - uses: actions/checkout@v3
 
 - name: Run SCA
-  uses: tonycknight/pkgchk-action@v1.0.9
+  uses: tonycknight/pkgchk-action@v1.0.10
   with:
     project-path: src/testproj.csproj    
 ```
 
+:warning: This action only works with .Net SDK 7.0.200 or higher. Check your `global.json` and other settings. 
+
 ## What the options mean
 
 The main options you'll need to provide are below. Most options have defaults applied, giving scans for high to critical vulnerabilities.
 
 | The option  | What's it for?  | What's the default? |
 | - | - | - |
 | `project-path` | The relative path to the solution or project | None - this is a mandatory value. |
-| `dependencies` | Include dependencies in the scan | `false` |
 | `deprecated` | Include deprecated packages in the scan | `false` |
 | `vulnerable` | Include vulnerable packages in the scan | `true` |
 | `transitives` | Include transitive packages in the scan | `true` |
@@ -47,7 +46,7 @@ Some options are available to control the action's credentials, tracing, etc. Yo
 
 | The option  | What's it for?  | What's the default? |
 | - | - | - |
-| `githubtoken` | A github token to push reports to PRs | `github.token` |
+| `github-token` | A github token to push reports to PRs | `github.token` |
 | `repo` | The repository name in `owner/repo` form | `github.repository` |
 | `github-title` | The title to give to the PR report | `Package vulnerabilities` |
 | `prid` | The pull request ID | `github.event.number` | 
@@ -58,59 +57,37 @@ Some options are available to control the action's credentials, tracing, etc. Yo
 
 ### What's the minimum I need?
 
-You'll need to first `checkout` the repository. The default options will scan for High and Critical vulnerabilities; deprecated paackages and full dependency trees are ignored.
+You'll need to first `checkout` the repository. The default options will scan for High and Critical vulnerabilities.
 
 ```yaml
 - uses: actions/checkout@v3
 
 - name: Run SCA
-  uses: tonycknight/pkgchk-action@v1.0.9
+  uses: tonycknight/pkgchk-action@v1.0.10
   with:
     project-path: src/testproj.csproj    
 ```
 
 ### I want to scan for every possible problem
 
-Simple: ensure `vulnerable`, `deprecated` & `transitives` are `true`, that `dependencies` is false, and all the `fail-on-` options are also `true`:
+Easy: ensure `vulnerable`, `deprecated` & `transitives` are `true`, and all the `fail-on-` options are also `true`:
 
 ```yaml
 - uses: actions/checkout@v3
 
 - name: Run SCA
-  uses: tonycknight/pkgchk-action@v1.0.9
+  uses: tonycknight/pkgchk-action@v1.0.10
   with:
     project-path: src/testproj.csproj    
     vulnerable: true
     deprecated: true
     transitives: true
-    dependencies: false
     fail-on-critical: true
     fail-on-high: true
     fail-on-moderate: true
     fail-on-legacy: true
 ```
 
-### I just want a report on the dependency tree
-
-Just set `vulnerable` and `deprecated` to `false`, set `dependencies` to `true`, and give a distinct title:
-
-```yaml
-- uses: actions/checkout@v3
-
-- name: Run SCA
-  uses: tonycknight/pkgchk-action@v1.0.9
-  with:
-    project-path: src/testproj.csproj    
-    dependencies: true
-    vulnerable: false
-    deprecated: false
-    transitives: true
-    title: Dependency scan
-   
-```
-
-This will give you a separate PR report just for dependencies, as well as any vulnerability scans you might also want.
-
 ## Licence
 
 `pkgchk-action` is licenced under MIT.

action.yml

@@ -3,11 +3,7 @@ description: 'Run .net package checks'
 inputs:
   project-path:  # id of input
     description: 'The relative path to the solution or project'
-    required: true
-  dependencies:  # id of input
-    description: 'Include dependencies in scans'
-    required: false
-    default: false
+    required: true  
   deprecated:  # id of input
     description: 'Include deprecated packages in scans'
     required: false
@@ -24,12 +20,12 @@ inputs:
     description: 'Output trace'
     required: false
     default: false
-  githubtoken: # id of input
+  github-token: # id of input
     description: 'Github token'
     required: true
     default: ${{ github.token }}
   repo: # id of input
-    description: 'The repo'
+    description: 'The repository name, as owner/repo'
     required: false
     default: ${{ github.repository }}
   github-title: # id of input
@@ -58,11 +54,9 @@ inputs:
     default: false
 runs:  
       using: 'docker'
-      image: 'docker://ghcr.io/tonycknight/pkgchk-cli:v0.2.331'
+      image: 'docker://ghcr.io/tonycknight/pkgchk-cli:v0.2.337'
       args: 
       - /github/workspace/${{ inputs.project-path }}
-      - '--dependencies'
-      - ${{ inputs.dependencies }}
       - '--deprecated'
       - ${{ inputs.deprecated }}
       - '--vulnerable'
@@ -72,7 +66,7 @@ runs:
       - '--trace'
       - ${{ inputs.trace }}
       - '--github-token'
-      - ${{ inputs.githubtoken }}
+      - ${{ inputs.github-token }}
       - '--github-repo'
       - ${{ inputs.repo }}
       - '--github-pr'