8000 ci: use new shared dependency review workflow · nuxt/nuxt@9e6770f · GitHub
[go: up one dir, main page]
Skip to content

Commit 9e6770f

Browse files
danielroedanielroe
committed
ci: use new shared dependency review workflow
1 parent 17e16b1 commit 9e6770f

File tree

2 files changed

+12
-38
lines changed

2 files changed

+12
-38
lines changed

.github/workflows/dependency-review.yml

Lines changed: 12 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,18 @@
1-
# Dependency Review Action
2-
#
3-
# This Action will scan dependency manifest files that change as part of a Pull Request,
4-
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
5-
# Once installed, if the workflow run is marked as required,
6-
# PRs introducing known-vulnerable packages will be blocked from merging.
7-
#
8-
# Source repository: https://github.com/actions/dependency-review-action
9-
name: 'Dependency Review'
10-
on: [pull_request]
1+
name: 'Dependency review'
2+
3+
on:
4+
merge_group:
5+
push:
6+
branches:
7+
- main
8+
- 3.x
9+
pull_request:
1110

1211
permissions:
1312
contents: read
1413

1514
jobs:
1615
dependency-review:
17-
runs-on: ubuntu-latest
18-
steps:
19-
- name: 'Checkout Repository'
20-
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
21-
- name: 'Dependency Review'
22-
uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
16+
uses: nuxt/.github/.github/workflows/dependency-review.yml@main
17+
with:
18+
fail-on-provenance-change: true

.github/workflows/provenance.yml

Lines changed: 0 additions & 22 deletions
This file was deleted.

0 commit comments

Comments
 (0)
0