feat: add dependency diff and provenance GitHub Action for PRs

2026-04-28 18:38:24 -05:00 · 2026-02-17 11:38:57 +01:00
parent e6ae87d703
commit 8f48b585b7
1 changed files with 43 additions and 0 deletions
--- a/.github/workflows/dependency-diff.yml
+++ b/.github/workflows/dependency-diff.yml
@@ -0,0 +1,43 @@
+name: Dependency Checks
+
+on:
+  pull_request:
+    paths:
+      - frontend/pnpm-lock.yaml
+      - desktop/pnpm-lock.yaml
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  diff_dependencies:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        directory: [frontend, desktop]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Create Diff
+        uses: e18e/action-dependency-diff@v1
+        with:
+          working-directory: ${{ matrix.directory }}
+
+  check-provenance:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        directory: [frontend, desktop]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Check provenance downgrades
+        uses: danielroe/provenance-action@main
+        with:
+          workspace-path: ${{ matrix.directory }}
+          fail-on-provenance-change: true