From 76597acd6bd883eec1dee87b9d490b0b462de095 Mon Sep 17 00:00:00 2001 From: Andrew McClenaghan Date: Fri, 21 Apr 2023 11:54:29 +1000 Subject: [PATCH] feat: Dependancy review comment with summary --- .github/workflows/dependency-review.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 369f9f99..5303995e 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,6 +15,9 @@ permissions: jobs: dependency-review: runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write steps: - name: Harden Runner uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 @@ -25,3 +28,5 @@ jobs: uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: 'Dependency Review' uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e # v3.0.4 + with: + comment-summary-in-pr: true