[meta] add dependency-review workflow

fixator10 · web-flow · commit b94681ba0928 · 2022-09-21T23:54:30.000+04:00
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,30 @@
+name: 'Dependency Review'
+on: [pull_request]
+permissions:
+  contents: read
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v2
+        with:
+          # Possible values: "critical", "high", "moderate", "low"
+          # fail-on-severity: critical
+          #
+          # Possible values in comma separated list: "unknown", "runtime", or "development"
+          fail-on-scopes: unknown, runtime, development
+          #
+          # Possible values: Any available git ref
+          # base-ref: ${{ github.event.pull_request.base.ref }}
+          # head-ref: ${{ github.event.pull_request.head.ref }}
+          #
+          # You can only include one of these two options: `allow-licenses` and `deny-licenses`. These options are not supported on Enterprise Server.
+          #
+          # Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses
+          # allow-licenses: GPL-3.0, BSD-3-Clause, MIT
+          #
+          # Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses
+          # deny-licenses: LGPL-2.0, BSD-2-Clause
