Skip to content

refactor: update_reference_to_git_dependencies #17

refactor: update_reference_to_git_dependencies

refactor: update_reference_to_git_dependencies #17

name: Dependency Review
on:
pull_request:
branches:
- main
- master
jobs:
dependency-review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # this is needed for gh cli
steps:
# Checking if repo is public. If it's not, dependency review will be skipped.
- name: Check if repo is public
run: |
response=$(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" repos/${{ github.repository}} | jq -r '.visibility')
if [ "$response" == "public" ]; then
echo "Repository is Public. Going ahead with dependency Review."
echo 'is_public=true' >> $GITHUB_ENV
fi
# Checkout the repository using actions/checkout
- name: "Checkout Repository"
if: env.is_public == 'true'
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
# Review dependency changes for any known vulnerabilities using https://github.com/actions/dependency-review-action
- name: "Dependency Review"
if: env.is_public == 'true'
uses: actions/dependency-review-action@2ce029c676cacb6112c47192ee072c7f783330c5
with:
comment-summary-in-pr: always