Skip to content

feat(ci): add Dependency and License checks to build workflow#377

Open
jenstroeger wants to merge 3 commits into
mainfrom
add-dependency-review-for-pr
Open

feat(ci): add Dependency and License checks to build workflow#377
jenstroeger wants to merge 3 commits into
mainfrom
add-dependency-review-for-pr

Conversation

@jenstroeger

@jenstroeger jenstroeger commented Nov 11, 2022

Copy link
Copy Markdown
Owner

I stumbled upon the dependency-review-action which looked useful. Not sure if build.yaml is a good place, or better pr-change-set.yaml. What do you think, @behnazh?

@jenstroeger jenstroeger requested a review from behnazh November 11, 2022 12:56
@jenstroeger jenstroeger mentioned this pull request Nov 11, 2022
Open
@jenstroeger jenstroeger mentioned this pull request Nov 21, 2022
Open
@jenstroeger

jenstroeger commented Nov 21, 2022

Copy link
Copy Markdown
Owner Author

Closing for further discussion in issue #5.

@thbeu

thbeu commented Nov 23, 2022

Copy link
Copy Markdown
Contributor

Hm, why was it closed? I'd prefer to run the dependency-review-action on PR whenever the pyproject.toml changes.

@jenstroeger

jenstroeger commented Nov 23, 2022

Copy link
Copy Markdown
Owner Author

Oh… 😳

I closed it so we can discuss first where this action should run, and I thought that issue #5 is a good place for that discussion. Reopening this PR, feel free to chime in!

@jenstroeger jenstroeger reopened this Nov 23, 2022
@behnazh

behnazh commented Jan 19, 2023

Copy link
Copy Markdown
Collaborator

I stumbled upon the dependency-review-action which looked useful. Not sure if build.yaml is a good place, or better pr-change-set.yaml. What do you think, @behnazh?

Currently the dependencies might change at the last stage when pushing to main and bumping the version. So technically pr-change-set.yaml is not enough unless we want to check licenses only when dependencies are added/removed through PRs and not worry about updates through bump commit to main because the license won't change.

@jenstroeger jenstroeger force-pushed the add-dependency-review-for-pr branch from aa6ac62 to d9b4d6e Compare June 18, 2026 02:40
@jenstroeger jenstroeger changed the base branch from staging to main June 18, 2026 02:41
@jenstroeger jenstroeger force-pushed the add-dependency-review-for-pr branch from 4d18df1 to 45487a1 Compare June 18, 2026 03:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@behnazh behnazh Awaiting requested review from behnazh behnazh is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jenstroeger @thbeu @behnazh