vikunja/.github/workflows/dependency-diff.yml

44 lines
1.1 KiB
YAML

name: Dependency Checks
on:
pull_request:
paths:
- frontend/pnpm-lock.yaml
- desktop/pnpm-lock.yaml
permissions:
contents: read
pull-requests: write
jobs:
diff_dependencies:
runs-on: ubuntu-latest
strategy:
matrix:
directory: [frontend, desktop]
steps:
- name: Checkout repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
- name: Create Diff
uses: e18e/action-dependency-diff@8e9b8c1957ab066d36235a43f4c1ff1522e1bdbc # v1.6.1
with:
working-directory: ${{ matrix.directory }}
check-provenance:
runs-on: ubuntu-latest
strategy:
matrix:
directory: [frontend, desktop]
steps:
- name: Checkout repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
- name: Check provenance downgrades
uses: danielroe/provenance-action@81568f71211c1839d6d3583c6a93037f5348c816 # main
with:
workspace-path: ${{ matrix.directory }}
fail-on-provenance-change: true