From b4268d5b6dea367babae64de483a437ef1b9605d Mon Sep 17 00:00:00 2001
From: Erik Godding Boye <egboye@gmail.com>
Date: Sun, 26 Jan 2025 16:45:30 +0100
Subject: [PATCH] ci: add dependency review job to PR workflow

---
 .github/workflows/pr.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
index 1c7e92714d..29840ea3d5 100644
--- a/.github/workflows/pr.yaml
+++ b/.github/workflows/pr.yaml
@@ -69,6 +69,13 @@ jobs:
       - name: Check that make fakes has been run
         run: git diff --no-ext-diff --exit-code
 
+  ci-dependency-review:
+    name: CI Dependency Review
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+
   build-push-image:
     name: CI Build Image
     uses: ./.github/workflows/build-push-image.yaml