Add base-ref and head-ref to Dependency Review action

This update ensures that the Dependency Review action has the correct references for base and head in pull request events. It helps in accurately reviewing dependency changes between the branches. Reference: https://github.com/actions/dependency-review-action/issues/456#issuecomment-1537840047
This commit is contained in:
Winni Neessen 2024-10-28 22:59:16 +01:00
parent c8478fb6c0
commit 8bc9b8b7fd
Signed by: wneessen
GPG key ID: 385AC9889632126E

View file

@ -100,6 +100,9 @@ jobs:
uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master
- name: 'Dependency Review' - name: 'Dependency Review'
uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5 uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5
with:
base-ref: ${{ github.event.pull_request.base.sha || 'main' }}
head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
govulncheck: govulncheck:
name: Go vulnerabilities check name: Go vulnerabilities check
runs-on: ubuntu-latest runs-on: ubuntu-latest