terraform-provider-mongodbatlas
terraform-provider-mongodbatlas copied to clipboard
chore: Includes GH actions dependency review in PR checks
Description
We have this action in our CFN repository but was missing here.
Type of change:
- [ ] Bug fix (non-breaking change which fixes an issue). Please, add the "bug" label to the PR.
- [ ] New feature (non-breaking change which adds functionality). Please, add the "enhancement" label to the PR.
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected). Please, add the "breaking change" label to the PR.
- [ ] This change requires a documentation update
- [ ] Documentation fix/enhancement
Required Checklist:
- [x] I have signed the MongoDB CLA
- [x] I have read the contribution guidelines
- [x] I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
- [x] I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
- [x] I have added any necessary documentation (if appropriate)
- [x] I have run make fmt and formatted my code
- [x] If changes include deprecations or removals, I defined an isolated PR with a relevant title as it will be used in the auto-generated changelog.
- [x] If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.
Further comments
Will wait to merge as we saw a false positive raised in CFN repository PR, raised an issue to the dependency-review-action to get more clarity: https://github.com/actions/dependency-review-action/issues/676.
This PR has gone 7 days without any activity and meets the project’s definition of "stale". This will be auto-closed if there is no new activity over the next 7 days. If the issue is still relevant and active, you can simply comment with a "bump" to keep it open, or add the label "not_stale". Thanks for keeping our repository healthy!
Closing this PR for now, https://github.com/actions/dependency-review-action/issues/676 confirmed that this action is not able to infer the proper ordering of pinned GitHub Actions versions so this will likely bring up false positives.