You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@daffodil.apache.org by GitBox <gi...@apache.org> on 2022/08/17 17:55:45 UTC

[GitHub] [daffodil] stevedlawrence commented on a diff in pull request #830: Add dependency scanning for the build.sbt

stevedlawrence commented on code in PR #830:
URL: https://github.com/apache/daffodil/pull/830#discussion_r948245400


##########
.github/workflows/dependency-scan.yml:
##########
@@ -0,0 +1,29 @@
+name: Dependency scan
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "main" branch
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]

Review Comment:
   Do we want this to run on pull requests? Seems like we would only want it to run when things are actually pushed to main? Someone adding a new dependency to a pull request shouldn't change the GitHub dependency graph.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org