From db3936c753c016d87f11329d5363d584c810ad1d Mon Sep 17 00:00:00 2001
From: Victor Sollerhed <victor.sollerhed@gmail.com>
Date: Mon, 6 Nov 2023 21:49:11 +0100
Subject: [PATCH] Dogfooding use together with Dependency Review

Verifies it works with Dependency Review, as per:
- https://github.com/scalacenter/sbt-dependency-submission/issues/135
- https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review
- https://github.com/actions/dependency-review-action
---
 .github/workflows/ci.yml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7bb4ef5..60f46ac 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -76,4 +76,15 @@ jobs:
       run: |
         cat ${{ steps.dependency-submission.outputs.snapshot-json-path }} | jq
 
-        
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write # for comment-summary-in-pr
+    needs: test-action
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          comment-summary-in-pr: always