From 3a389887aed29dda323355d2787f42ce10d02d28 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=B4me=20Benoit?= Date: Thu, 7 Sep 2023 15:26:17 +0200 Subject: [PATCH] build(ci): make dependency review works on PRs MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Jérôme Benoit --- .github/workflows/ci.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9ec01225..a5bfe298 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,11 +19,14 @@ jobs: with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: 'Dependency Review' - if: ${{ matrix.os == 'ubuntu-latest' && matrix.node == '18.x' }} + if: ${{ github.event_name == 'push' && matrix.os == 'ubuntu-latest' && matrix.node == '18.x' }} uses: actions/dependency-review-action@v3 with: - base-ref: main + base-ref: ${{ github.ref_name }} head-ref: ${{ github.sha }} + - name: 'Pull Request Dependency Review' + if: ${{ github.event_name == 'pull_request' && matrix.os == 'ubuntu-latest' && matrix.node == '18.x' }} + uses: actions/dependency-review-action@v3 - uses: pnpm/action-setup@v2 with: version: 8 @@ -65,11 +68,14 @@ jobs: with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: 'Dependency Review' - if: ${{ matrix.os == 'ubuntu-latest' && matrix.node == '18.x' }} + if: ${{ github.event_name == 'push' && matrix.os == 'ubuntu-latest' && matrix.node == '18.x' }} uses: actions/dependency-review-action@v3 with: - base-ref: main + base-ref: ${{ github.ref_name }} head-ref: ${{ github.sha }} + - name: 'Pull Request Dependency Review' + if: ${{ github.event_name == 'pull_request' && matrix.os == 'ubuntu-latest' && matrix.node == '18.x' }} + uses: actions/dependency-review-action@v3 - uses: pnpm/action-setup@v2 with: version: 8 -- 2.34.1