mirror of
https://github.com/kjanat/articulate-parser.git
synced 2026-01-16 09:02:10 +01:00
Kaj Kowalski
af15bcccd4
Updates CI to latest major actions (checkout v5, setup-go v6, upload-artifact v5, CodeQL v4) for security and compatibility. Uses stable major tag for autofix action. Updates Docker images to Go 1.25 and Alpine 3.22 to leverage newer toolchain and patched bases. Updates open-pull-requests-limit to 2 in dependabot.yml and upgrade CodeQL action to v4
26 lines
734 B
YAML
26 lines
734 B
YAML
name: Dependency Review
|
|
|
|
# This workflow is designed to be called by other workflows rather than triggered automatically
|
|
# This allows for more controlled execution and integration with other CI/CD processes
|
|
# To enable automatic execution on pull requests, uncomment the line below:
|
|
# on: [pull_request]
|
|
on: [workflow_call]
|
|
|
|
permissions:
|
|
contents: read
|
|
# Required to post security advisories
|
|
security-events: write
|
|
|
|
jobs:
|
|
dependency-review:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: 'Checkout Repository'
|
|
uses: actions/checkout@v5
|
|
|
|
- name: 'Dependency Review'
|
|
uses: actions/dependency-review-action@v4
|
|
with:
|
|
fail-on-severity: moderate
|
|
comment-summary-in-pr: always
|