From c4a80baa0fb97769a6b33706b6a426c0256dae7e Mon Sep 17 00:00:00 2001
From: Emilien Escalle <emilien.escalle@escemi.com>
Date: Mon, 29 Jul 2024 09:47:56 +0200
Subject: [PATCH] feat: add dependency review action scan

Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
---
 .github/workflows/continuous-integration.yml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
index 47db9b0..e0ddb56 100644
--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@@ -27,10 +27,15 @@ on:
         required: false
         default: true
       code-ql:
-        description: "Code QL analysis language. See https://github.com/github/codeql-action."
+        description: "Code QL analysis language. See <https://github.com/github/codeql-action>."
         type: string
         required: false
         default: "typescript"
+      dependency-review:
+        description: "Enable dependency review scan. See <https://github.com/actions/dependency-review-action>."
+        type: boolean
+        required: false
+        default: true
       test:
         description: "Optional flag to enable test."
         type: boolean
@@ -62,6 +67,16 @@ jobs:
           languages: ${{ inputs.code-ql }}
       - uses: github/codeql-action/analyze@v3.25.14
 
+  dependency-review:
+    name: 🛡️ Dependency Review
+    if: github.event_name == 'pull_request' && inputs.checks == true && inputs.dependency-review
+    permissions:
+      contents: read
+    runs-on: "ubuntu-latest"
+    steps:      
+      - uses: hoverkraft-tech/ci-github-common/actions/checkout@0.14.0
+      - uses: actions/dependency-review-action@v4
+
   setup:
     name: ⚙️ Setup
     runs-on: "ubuntu-latest"