diff --git a/assets/gh_app_check_view_job_link.png b/assets/gh_app_check_view_job_link.png new file mode 100644 index 00000000..37e98638 Binary files /dev/null and b/assets/gh_app_check_view_job_link.png differ diff --git a/docs/integrations/github_app.md b/docs/integrations/github_app.md index b8b3d5e7..55f94ddd 100644 --- a/docs/integrations/github_app.md +++ b/docs/integrations/github_app.md @@ -44,11 +44,25 @@ Monitoring can be activated or paused by selecting the toggle for a given reposi > > ![GitHub app settings - PRO](../../assets/gh_app_settings_pro.png) -A monitored repository will automatically run a Phylum check for every commit to a Pull Request looking for changes to [supported lockfiles](../cli/supported_lockfiles.md). If a change is found, the lockfile is submitted for analysis: +For every update to the default branch or a pull request for a monitored repository, the GitHub app will automatically check the dependencies in [supported lockfiles](../cli/supported_lockfiles.md). + +#### Default Branch + +When the default branch is updated, for example when a pull request is merged, the dependencies are submitted to Phylum as an analysis job labeled with the name of the branch. + +If an issue causes the job to fail the [defined policy], the GitHub check for the commit will also fail. The details of the failure will be visible in the Phylum analysis job. A link to the analysis job is always available from the bottom of the check details in GitHub. + +![GitHub check details showing view more details on Phylum.io link](../../assets/gh_app_check_view_job_link.png) + +#### Pull Requests ![GitHub app status check in PR](../../assets/gh_app_status_check_running.png) -A comment will be written to the PR if an issue is identified that fails the [defined policy](../knowledge_base/policy.md). There will be no comment if no dependencies were added or modified for a given PR. If one or more dependencies are still processing (no results available), then the comment will make that clear and the CI job will only fail if dependencies that have **completed analysis results** do not meet the active policy. +For Pull Requests, the dependencies of the PR branch are compared against the dependencies of the main branch. If the dependencies have changed, the dependencies of the PR branch are submitted for analysis. If the dependencies have not changed, the GitHub check will pass without creating an analysis in Phylum. + +If the Phylum analysis fails the [defined policy] because of an issue related to a changed dependency, the GitHub check will fail and a comment will be written to the PR. If one or more dependencies are still processing (no results available), then the comment will make that clear and the CI job will only fail if dependencies that have **completed analysis results** do not meet the active policy. + +[defined policy]: ../knowledge_base/policy.md ### Example Comments