run dependency review only on pull requests (#1443)

* separate dependency review to a separate workflow * PR feedback
aws-amplify · May 7, 2024 · 80a4a10 · 80a4a10
1 parent d1716d1
commit 80a4a10
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/.changeset/rich-queens-admire.md b/.changeset/rich-queens-admire.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/.github/workflows/health_checks.yml b/.github/workflows/health_checks.yml
@@ -428,13 +428,14 @@ jobs:
         with:
           category: /language:javascript
   dependency-review:
+    if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
     permissions:
       contents: read
     steps:
       - name: Checkout repository
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
       - name: Dependency Review
-        uses: actions/dependency-review-action@v4
+        uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # version 4.3.2
         with:
           config-file: ./.github/dependency_review_config.yml