ci: add review dependencies workflow

austinvazquez · austinvazquez · commit 8198976e966b · 2024-08-05T19:37:46.000-07:00
Signed-off-by: Austin Vazquez &lt;macedonv@amazon.com&gt;
diff --git a/.github/workflows/review-dependencies.yaml b/.github/workflows/review-dependencies.yaml
@@ -0,0 +1,24 @@
+name: Review dependencies
+
+on:
+  pull_request:
+    branches: ['main']
+    paths:
+      - 'package.json'
+      - 'package-lock.json'
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+
+    permissions:
+      # Write permissions needed to comment review results on PR.
+      # Pwn request risk mitigated by using pull_request workflow trigger
+      # and external contributor workflow runs require maintainer approval.
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+        with:
+          comment-summary-in-pr: always
