Add Dependency Review action (#140108)

2025-04-24 09:17:53 +00:00 · 2025-03-08 14:59:29 +01:00 · 2025-03-08 14:59:29 +01:00 · 244b666dee
commit 244b666dee
parent 105d9d5970
1 changed files with 19 additions and 0 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -638,6 +638,25 @@ jobs:
          . venv/bin/activate
          python -m script.gen_requirements_all validate

+  dependency-review:
+    name: Dependency review
+    runs-on: ubuntu-24.04
+    needs:
+      - info
+      - base
+    if: |
+      github.event.inputs.pylint-only != 'true'
+      && github.event.inputs.mypy-only != 'true'
+      && needs.info.outputs.requirements == 'true'
+      && github.event_name == 'pull_request'
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Dependency review
+        uses: actions/dependency-review-action@v4.5.0
+        with:
+          license-check: false # We use our own license audit checks
+
  audit-licenses:
    name: Audit licenses
    runs-on: ubuntu-24.04