github.com/cosmos/cosmos-sdk@v0.50.10/.github/workflows/dependencies-review.yml

github.com/cosmos/cosmos-sdk@v0.50.10/.github/workflows/dependencies-review.yml (about)

     1  name: "Dependency Review"
     2  on:
     3    pull_request:
     4    merge_group:
     5  
     6  permissions:
     7    contents: read
     8  
     9  jobs:
    10    dependency-review:
    11      runs-on: ubuntu-latest
    12      steps:
    13        - name: "Checkout Repository"
    14          uses: actions/checkout@v3
    15        - uses: actions/setup-go@v4
    16          with:
    17            go-version: "1.21"
    18            check-latest: true
    19        - name: "Dependency Review"
    20          uses: actions/dependency-review-action@v3
    21          with:
    22            base-ref: ${{ github.event.pull_request.base.sha || 'main' }}
    23            head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
    24            fail-on-severity: high # otherwise we fail on ourselves due to https://github.com/advisories/GHSA-qfc5-6r3j-jj22, https://github.com/advisories/GHSA-w44m-8mv2-v78h TODO(@julienrbrt) submit a PR to the action to ignore packages
    25        - name: "Dependency audit"
    26          run: ./scripts/dep-assert.sh
    27        - name: "Go vulnerability check"
    28          run: make vulncheck