From 8f48b585b7d183bef539e04026c405f459b209e5 Mon Sep 17 00:00:00 2001 From: kolaente Date: Tue, 17 Feb 2026 11:38:57 +0100 Subject: [PATCH] feat: add dependency diff and provenance GitHub Action for PRs --- .github/workflows/dependency-diff.yml | 43 +++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/dependency-diff.yml diff --git a/.github/workflows/dependency-diff.yml b/.github/workflows/dependency-diff.yml new file mode 100644 index 000000000..b3477137a --- /dev/null +++ b/.github/workflows/dependency-diff.yml @@ -0,0 +1,43 @@ +name: Dependency Checks + +on: + pull_request: + paths: + - frontend/pnpm-lock.yaml + - desktop/pnpm-lock.yaml + +permissions: + contents: read + pull-requests: write + +jobs: + diff_dependencies: + runs-on: ubuntu-latest + strategy: + matrix: + directory: [frontend, desktop] + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Create Diff + uses: e18e/action-dependency-diff@v1 + with: + working-directory: ${{ matrix.directory }} + + check-provenance: + runs-on: ubuntu-latest + strategy: + matrix: + directory: [frontend, desktop] + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Check provenance downgrades + uses: danielroe/provenance-action@main + with: + workspace-path: ${{ matrix.directory }} + fail-on-provenance-change: true