Skip to content

Commit

Permalink
Merge pull request #1 from shantanug-deriv/master
Browse files Browse the repository at this point in the history
Update dependency review workflow
  • Loading branch information
lipika-deriv authored Apr 22, 2024
2 parents 42740f4 + 8c80e81 commit 562d46d
Showing 1 changed file with 22 additions and 4 deletions.
26 changes: 22 additions & 4 deletions .github/workflows/dep_review.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
name: 'Dependency Review'
name: Dependency Review

on:
pull_request:
branches:
Expand All @@ -7,14 +8,31 @@ on:

jobs:
dependency-review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest

env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # this is needed for gh cli
steps:
- name: 'Checkout Repository'
# Checking if repo is public. If it's not, dependency review will be skipped.
- name: Check if repo is public
run: |
response=$(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" repos/${{ github.repository}} | jq -r '.visibility')
if [ "$response" == "public" ]; then
echo "Repository is Public. Going ahead with dependency Review."
echo 'is_public=true' >> $GITHUB_ENV
fi
# Checkout the repository using actions/checkout
- name: "Checkout Repository"
if: env.is_public == 'true'
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
- name: 'Dependency Review'

# Review dependency changes for any known vulnerabilities using https://github.com/actions/dependency-review-action
- name: "Dependency Review"
if: env.is_public == 'true'
uses: actions/dependency-review-action@2ce029c676cacb6112c47192ee072c7f783330c5
with:
comment-summary-in-pr: always

0 comments on commit 562d46d

Please sign in to comment.