name: PullRequest
on: pull_request
permissions: {}
jobs:
ci:
permissions:
contents: read
security-events: write
uses: ./.github/workflows/ci.yml
dependency-review:
name: Security check of added dependencies
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
persist-credentials: false
- name: Dependency review
uses: actions/dependency-review-action@v2
diff-npm-package:
name: Diff content of NPM package
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
persist-credentials: false
- name: Deepen cloned repo
env:
BASE_SHA: ${{ github.event.pull_request.base.sha }}
run: 'git fetch --depth=1 origin "$BASE_SHA:refs/tags/BASE"'
- name: Setup Node.js
uses: actions/setup-node@v3
with:
cache: npm
node-version-file: '.node-version'
- name: Install Dependencies
run: npm ci --ignore-scripts
- name: Generate report
run: 'npm run diff:npm BASE HEAD'
- name: Upload generated report
uses: actions/upload-artifact@v3
with:
name: npm-dist-diff.html
path: ./reports/npm-dist-diff.html
if-no-files-found: ignore