microsoft/hve-core
Publicmirrored fromhttps://github.com/microsoft/hve-coreAvailable
.github/workflows/dependency-review.yml
30lines · modecode
| 1 | name: Dependency Review |
| 2 | |
| 3 | on: |
| 4 | pull_request: |
| 5 | branches: [ main, develop ] |
| 6 | workflow_call: |
| 7 | |
| 8 | permissions: |
| 9 | contents: read |
| 10 | pull-requests: write |
| 11 | |
| 12 | jobs: |
| 13 | dependency-review: |
| 14 | name: Review Dependencies |
| 15 | runs-on: ubuntu-latest |
| 16 | permissions: |
| 17 | contents: read |
| 18 | pull-requests: write |
| 19 | |
| 20 | steps: |
| 21 | - name: Checkout code |
| 22 | uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.2.2 |
| 23 | with: |
| 24 | persist-credentials: false |
| 25 | |
| 26 | - name: Dependency Review |
| 27 | uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.3.4 |
| 28 | with: |
| 29 | fail-on-severity: moderate |
| 30 | comment-summary-in-pr: always |
| 31 | |