document default branch checks (#135)

This PR documents the new functionality around running GitHub checks for the default branch instead of just for pull requests. Closes phylum-dev/roadmap#423 ## Checklist - [x] Does this PR have an associated issue (i.e., `closes #<issueNum>` in description above)? - [ ] Have you ensured that you have met the expected acceptance criteria? --------- Co-authored-by: Christian Dürr <[email protected]> Co-authored-by: Charles Coggins <[email protected]>
phylum-dev · Apr 25, 2024 · 53c679a · 53c679a
1 parent 1149cf6
commit 53c679a
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/assets/gh_app_check_view_job_link.png b/assets/gh_app_check_view_job_link.png
diff --git a/docs/integrations/github_app.md b/docs/integrations/github_app.md
@@ -44,11 +44,25 @@ Monitoring can be activated or paused by selecting the toggle for a given reposi
 >
 > ![GitHub app settings - PRO](../../assets/gh_app_settings_pro.png)
 
-A monitored repository will automatically run a Phylum check for every commit to a Pull Request looking for changes to [supported lockfiles](../cli/supported_lockfiles.md). If a change is found, the lockfile is submitted for analysis:
+For every update to the default branch or a pull request for a monitored repository, the GitHub app will automatically check the dependencies in [supported lockfiles](../cli/supported_lockfiles.md).
+
+#### Default Branch
+
+When the default branch is updated, for example when a pull request is merged, the dependencies are submitted to Phylum as an analysis job labeled with the name of the branch.
+
+If an issue causes the job to fail the [defined policy], the GitHub check for the commit will also fail. The details of the failure will be visible in the Phylum analysis job. A link to the analysis job is always available from the bottom of the check details in GitHub.
+
+![GitHub check details showing view more details on Phylum.io link](../../assets/gh_app_check_view_job_link.png)
+
+#### Pull Requests
 
 ![GitHub app status check in PR](../../assets/gh_app_status_check_running.png)
 
-A comment will be written to the PR if an issue is identified that fails the [defined policy](../knowledge_base/policy.md). There will be no comment if no dependencies were added or modified for a given PR. If one or more dependencies are still processing (no results available), then the comment will make that clear and the CI job will only fail if dependencies that have **completed analysis results** do not meet the active policy.
+For Pull Requests, the dependencies of the PR branch are compared against the dependencies of the main branch. If the dependencies have changed, the dependencies of the PR branch are submitted for analysis. If the dependencies have not changed, the GitHub check will pass without creating an analysis in Phylum.
+
+If the Phylum analysis fails the [defined policy] because of an issue related to a changed dependency, the GitHub check will fail and a comment will be written to the PR. If one or more dependencies are still processing (no results available), then the comment will make that clear and the CI job will only fail if dependencies that have **completed analysis results** do not meet the active policy.
+
+[defined policy]: ../knowledge_base/policy.md
 
 ### Example Comments