The dependency-review job introduced in #133 requires a base_ref and head_ref when the workflow is not run on a pull_request
event:
Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than pull_request and pull_request_target.
This was failing the deploy workflow after a PR has been merged, since the event triggering the job is a push and not a pull_request:
Error: Both a base ref and head ref must be provided, either via the `base_ref`/`head_ref` config options, `base-ref`/`head-ref` workflow action options, or by running a `pull_request`/`pull_request_target` workflow.
In this PR a new workflow is introduced for PR-only jobs, and the dependency-review job is moved to this workflow.
This makes sense to me, since newly introducing dependencies should be checked before merging a PR, and not after it has been merged.
If this job is also desired on a push event. The before-push (github.event.before var for push events) and after-push (github.event.after var for push events) refs have to be set as the base_ref and head_ref for dependency-review
The
dependency-review
job introduced in #133 requires abase_ref
andhead_ref
when the workflow is not run on apull_request
event:This was failing the
deploy
workflow after a PR has been merged, since the event triggering the job is apush
and not apull_request
:In this PR a new workflow is introduced for PR-only jobs, and the dependency-review job is moved to this workflow. This makes sense to me, since newly introducing dependencies should be checked before merging a PR, and not after it has been merged.
If this job is also desired on a
push
event. The before-push (github.event.before
var for push events) and after-push (github.event.after
var for push events) refs have to be set as thebase_ref
andhead_ref
for dependency-review