From 4eca554f73809bafcad8e0b5fa723480302d0a3c Mon Sep 17 00:00:00 2001 From: Will Da Silva Date: Thu, 21 Jul 2022 16:37:28 -0400 Subject: [PATCH] ci: Use `pull_request_target` for dependency review workflow (#849) Use `pull_request_target` for dependency review workflow Closes #841 --- .github/workflows/dependency-review.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 87a389bf5..cbf0e9b08 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,12 +1,12 @@ name: Dependency Review on: - pull_request: {} + pull_request_target: {} workflow_dispatch: inputs: {} env: - FOSSA_CLI_VERSION: '3.3.9' + FOSSA_CLI_INSTALLER_VERSION: '3.3.10' permissions: contents: read @@ -19,11 +19,14 @@ jobs: uses: actions/checkout@v3.0.2 - name: GitHub dependency vulnerability check - uses: actions/dependency-review-action@v2 + if: ${{ github.event_name == 'pull_request_target' }} + # Use this fork until https://github.com/actions/dependency-review-action/pull/165 is merged + uses: WillDaSilva/dependency-review-action@main - name: FOSSA dependency license check run: | - curl --no-progress-meter -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/v${FOSSA_CLI_VERSION}/install-latest.sh | bash + # `$FOSSA_CLI_INSTALLER_VERSION` only controls the version of the installer used - the latest version of `fossa-cli` will always be used. + curl --no-progress-meter -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/v${FOSSA_CLI_INSTALLER_VERSION}/install-latest.sh | bash echo '## FOSSA dependency license check' >> $GITHUB_STEP_SUMMARY echo '' >> $GITHUB_STEP_SUMMARY