Add base-ref and head-ref to Dependency Review action

This update ensures that the Dependency Review action has the correct references for base and head in pull request events. It helps in accurately reviewing dependency changes between the branches. Reference: actions/dependency-review-action#456 (comment)
wneessen · Oct 28, 2024 · 8bc9b8b · 8bc9b8b
1 parent c8478fb
commit 8bc9b8b
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -100,6 +100,9 @@ jobs:
               uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master
             - name: 'Dependency Review'
               uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5
+              with:
+                  base-ref: ${{ github.event.pull_request.base.sha || 'main' }}
+                  head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
     govulncheck:
         name: Go vulnerabilities check
         runs-on: ubuntu-latest