|
| 1 | +# Dependency Review Action |
| 2 | +# |
| 3 | +# This Action will scan dependency manifest files that change as part of a Pull Request, |
| 4 | +# surfacing known-vulnerable versions of the packages declared or updated in the PR. |
| 5 | +# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable |
| 6 | +# packages will be blocked from merging. |
| 7 | +# |
| 8 | +# Source repository: https://github.com/actions/dependency-review-action |
| 9 | +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement |
| 10 | +name: 'Dependency review' |
| 11 | +on: |
| 12 | + pull_request: |
| 13 | + branches: [ "main" ] |
| 14 | + |
| 15 | +# If using a dependency submission action in this workflow this permission will need to be set to: |
| 16 | +# |
| 17 | +# permissions: |
| 18 | +# contents: write |
| 19 | +# |
| 20 | +# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api |
| 21 | +permissions: |
| 22 | + contents: read |
| 23 | + # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option |
| 24 | + pull-requests: write |
| 25 | + |
| 26 | +jobs: |
| 27 | + dependency-review: |
| 28 | + runs-on: ubuntu-latest |
| 29 | + steps: |
| 30 | + - name: 'Checkout repository' |
| 31 | + uses: actions/checkout@v4 |
| 32 | + - name: 'Dependency Review' |
| 33 | + uses: actions/dependency-review-action@v4 |
| 34 | + # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options. |
| 35 | + with: |
| 36 | + comment-summary-in-pr: always |
| 37 | + # fail-on-severity: moderate |
| 38 | + # deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later |
| 39 | + # retry-on-snapshot-warnings: true |
| 40 | + - name: Cache |
| 41 | + uses: actions/cache@v5.0.3 |
| 42 | + with: |
| 43 | + # A list of files, directories, and wildcard patterns to cache and restore |
| 44 | + path: |
| 45 | + # An explicit key for restoring and saving the cache |
| 46 | + key: |
| 47 | + # An ordered multiline string listing the prefix-matched keys, that are used for restoring stale cache if no cache hit occurred for key. Note `cache-hit` returns false in this case. |
| 48 | + restore-keys: # optional |
| 49 | + # The chunk size used to split up large files during upload, in bytes |
| 50 | + upload-chunk-size: # optional |
| 51 | + # An optional boolean when enabled, allows windows runners to save or restore caches that can be restored or saved respectively on other platforms |
| 52 | + enableCrossOsArchive: # optional, default is false |
| 53 | + # Fail the workflow if cache entry is not found |
| 54 | + fail-on-cache-miss: # optional, default is false |
| 55 | + # Check if a cache entry exists for the given input(s) (key, restore-keys) without downloading the cache |
| 56 | + lookup-only: # optional, default is false |
| 57 | + # Run the post step to save the cache even if another step before fails |
| 58 | + save-always: # optional, default is false |
| 59 | + |
0 commit comments