From aa247eb8f0c84357774c9974295b623b41013a70 Mon Sep 17 00:00:00 2001
From: Austin Vazquez <macedonv@amazon.com>
Date: Mon, 5 Aug 2024 19:37:46 -0700
Subject: [PATCH] ci: add review dependencies workflow

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
---
 .github/workflows/review-dependencies.yaml | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/review-dependencies.yaml

diff --git a/.github/workflows/review-dependencies.yaml b/.github/workflows/review-dependencies.yaml
new file mode 100644
index 0000000..441c95a
--- /dev/null
+++ b/.github/workflows/review-dependencies.yaml
@@ -0,0 +1,24 @@
+name: Review dependencies
+
+on:
+  pull_request:
+    branches: ['main']
+    paths:
+      - 'package.json'
+      - 'package-lock.json'
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+
+    permissions:
+      # Write permissions needed to comment review results on PR.
+      # Pwn request risk mitigated by using pull_request workflow trigger
+      # and external contributor workflow runs require maintainer approval.
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+        with:
+          comment-summary-in-pr: always