Merge pull request #87 from route06/introduce-dependency-review-workflow

Introduce Dependency Review workflow

.github/workflows/dependency_review.yml

@@ -0,0 +1,32 @@
+# ## Summary
+#
+# Run Dependency Review, which is GitHub Advanced Security a feature
+
+# ## Usage
+#
+# name: Dependency Review
+#
+# on: [pull_request]
+#
+# jobs:
+#   dependency_review:
+#     uses: route06/actions/.github/workflows/dependency_review.yml@v2
+
+# ## Reference
+#
+# https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review
+
+name: Dependency Review
+
+on:
+  workflow_call:
+
+jobs:
+  dependency_review:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/dependency-review-action@v4

README.md

@@ -14,6 +14,7 @@ ROUTE06内外から使われることを想定したGitHub ActionsのReusable Wo
 * [codeql.yml](./.github/workflows/codeql.yml)
 * [create_gh_discussion.yml](./.github/workflows/create_gh_discussion.yml)
 * [create_gh_issue.yml](./.github/workflows/create_gh_issue.yml)
+* [dependency_review.yml](./.github/workflows/dependency_review.yml)
 * [get_last_discussion_url.yml](./.github/workflows/get_last_discussion_url.yml)
 * [gh_discussion_comment_to_slack.yml](./.github/workflows/gh_discussion_comment_to_slack.yml)
 * [notify_slack_on_ci_failed.yml](./.github/workflows/notify_slack_on_ci_failed.yml)