-
Notifications
You must be signed in to change notification settings - Fork 3
38 lines (33 loc) · 1.29 KB
/
dep_review.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
name: Dependency Review
on:
pull_request:
branches:
- main
- master
jobs:
dependency-review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # this is needed for gh cli
steps:
# Checking if repo is public. If it's not, dependency review will be skipped.
- name: Check if repo is public
run: |
response=$(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" repos/${{ github.repository}} | jq -r '.visibility')
if [ "$response" == "public" ]; then
echo "Repository is Public. Going ahead with dependency Review."
echo 'is_public=true' >> $GITHUB_ENV
fi
# Checkout the repository using actions/checkout
- name: "Checkout Repository"
if: env.is_public == 'true'
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
# Review dependency changes for any known vulnerabilities using https://github.com/actions/dependency-review-action
- name: "Dependency Review"
if: env.is_public == 'true'
uses: actions/dependency-review-action@2ce029c676cacb6112c47192ee072c7f783330c5
with:
comment-summary-in-pr: always