The dependency-review job introduced in #133 requires a base_ref and head_ref when the workflow is not run on a pull_request
event:
Provide custom git references for the git base/head when performing the comparison check. This is only used for event types other than pull_request and pull_request_target.
This was failing the deploy workflow after a PR has been merged, since the event triggering the job is a push and not a pull_request:
Error: Both a base ref and head ref must be provided, either via the `base_ref`/`head_ref` config options, `base-ref`/`head-ref` workflow action options, or by running a `pull_request`/`pull_request_target` workflow.
In this PR a new workflow is introduced for PR-only jobs, and the dependency-review job is moved to this workflow.
This makes sense to me, since newly introducing dependencies should be checked before merging a PR, and not after it has been merged.
If this job is also desired on a push event. The before-push (github.event.before var for push events) and after-push (github.event.after var for push events) refs have to be set as the base_ref and head_ref for dependency-review
The
dependency-reviewjob introduced in #133 requires abase_refandhead_refwhen the workflow is not run on apull_requestevent:This was failing the
deployworkflow after a PR has been merged, since the event triggering the job is apushand not apull_request:In this PR a new workflow is introduced for PR-only jobs, and the dependency-review job is moved to this workflow. This makes sense to me, since newly introducing dependencies should be checked before merging a PR, and not after it has been merged.
If this job is also desired on a
pushevent. The before-push (github.event.beforevar for push events) and after-push (github.event.aftervar for push events) refs have to be set as thebase_refandhead_reffor dependency-review