From 244b666dee3604eaa851089c6a0469818f8c0fe3 Mon Sep 17 00:00:00 2001
From: Franck Nijhof <git@frenck.dev>
Date: Sat, 8 Mar 2025 14:59:29 +0100
Subject: [PATCH] Add Dependency Review action (#140108)

---
 .github/workflows/ci.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 9ef851009f6..3f970ce5874 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -638,6 +638,25 @@ jobs:
           . venv/bin/activate
           python -m script.gen_requirements_all validate
 
+  dependency-review:
+    name: Dependency review
+    runs-on: ubuntu-24.04
+    needs:
+      - info
+      - base
+    if: |
+      github.event.inputs.pylint-only != 'true'
+      && github.event.inputs.mypy-only != 'true'
+      && needs.info.outputs.requirements == 'true'
+      && github.event_name == 'pull_request'
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Dependency review
+        uses: actions/dependency-review-action@v4.5.0
+        with:
+          license-check: false # We use our own license audit checks
+
   audit-licenses:
     name: Audit licenses
     runs-on: ubuntu-24.04
-- 
GitLab