sigs.k8s.io/cluster-api-provider-azure@v1.14.3/.github/workflows/dependency-review.yml

sigs.k8s.io/cluster-api-provider-azure@v1.14.3/.github/workflows/dependency-review.yml (about)

     1  # Dependency Review Action
     2  #
     3  # This Action will scan dependency manifest files that change as part of a Pull Request,
     4  # surfacing known-vulnerable versions of the packages declared or updated in the PR.
     5  # Once installed, if the workflow run is marked as required,
     6  # PRs introducing known-vulnerable packages will be blocked from merging.
     7  #
     8  # Source repository: https://github.com/actions/dependency-review-action
     9  name: 'Dependency Review'
    10  on: [pull_request]
    11  
    12  permissions:
    13    contents: read
    14  
    15  jobs:
    16    dependency-review:
    17      runs-on: ubuntu-latest
    18      steps:
    19        - name: Harden Runner
    20          uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
    21          with:
    22            egress-policy: audit
    23  
    24        - name: 'Checkout Repository'
    25          uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
    26        - name: 'Dependency Review'
    27          uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3