stevedlawrence commented on code in PR #830: URL: https://github.com/apache/daffodil/pull/830#discussion_r948245400
########## .github/workflows/dependency-scan.yml: ########## @@ -0,0 +1,29 @@ +name: Dependency scan + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the "main" branch + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] Review Comment: Do we want this to run on pull requests? Seems like we would only want it to run when things are actually pushed to main? Someone adding a new dependency to a pull request shouldn't change the GitHub dependency graph. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
