From c7cefd819942c0a12824faee8477da8250b9a5b8 Mon Sep 17 00:00:00 2001
From: Bryan Font <bfont@me.com>
Date: Sun, 15 Feb 2026 15:38:02 -0500
Subject: [PATCH] fix(ci): skip dependency review when unsupported

---
 .github/workflows/dependency-review.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 2d1476c..f0754cc 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -14,7 +14,27 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Check dependency graph support
+        id: dependency-graph
+        uses: actions/github-script@v7
+        with:
+          script: |
+            try {
+              const { data } = await github.rest.repos.get(context.repo)
+              const status = data.security_and_analysis?.dependency_graph?.status ?? "unknown"
+              core.setOutput("enabled", status === "enabled" ? "true" : "false")
+            } catch (error) {
+              core.warning(`Dependency graph probe failed: ${error instanceof Error ? error.message : String(error)}`)
+              core.setOutput("enabled", "false")
+            }
+
       - name: Review dependency changes
+        if: steps.dependency-graph.outputs.enabled == 'true'
         uses: actions/dependency-review-action@v4
         with:
           fail-on-severity: high
+
+      - name: Skip dependency review (unsupported)
+        if: steps.dependency-graph.outputs.enabled != 'true'
+        run: |
+          echo "Dependency graph is not enabled for this repository; skipping dependency review."