name: Dependency review

on:
  pull_request:

permissions:
  contents: read
  pull-requests: write

jobs:
  license_review:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Dependency review
        uses: actions/dependency-review-action@v4
        with:
          fail-on-severity: moderate
          allow-licenses: Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, CC0-1.0, Unlicense, BlueOak-1.0.0
          comment-summary-in-pr: always