name: Dependency Checks on: pull_request: paths: - frontend/pnpm-lock.yaml - desktop/pnpm-lock.yaml permissions: contents: read pull-requests: write jobs: diff_dependencies: runs-on: ubuntu-latest strategy: matrix: directory: [frontend, desktop] steps: - name: Checkout repository uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 - name: Create Diff uses: e18e/action-dependency-diff@8e9b8c1957ab066d36235a43f4c1ff1522e1bdbc # v1.6.1 with: working-directory: ${{ matrix.directory }} check-provenance: runs-on: ubuntu-latest strategy: matrix: directory: [frontend, desktop] steps: - name: Checkout repository uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 - name: Check provenance downgrades uses: danielroe/provenance-action@81568f71211c1839d6d3583c6a93037f5348c816 # main with: workspace-path: ${{ matrix.directory }} fail-on-provenance-change: true