From 79615331c09d49ea0ccc45326ce21f882d6625fb Mon Sep 17 00:00:00 2001
From: Scott Leggett <scott@sl.id.au>
Date: Fri, 22 Sep 2023 15:41:08 +0800
Subject: [PATCH] chore: add dep-review CI

---
 .github/dependency-review-config.yml     | 12 ++++++++++++
 .github/workflows/dependency-review.yaml | 15 +++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 .github/dependency-review-config.yml
 create mode 100644 .github/workflows/dependency-review.yaml

diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
new file mode 100644
index 0000000..3705f78
--- /dev/null
+++ b/.github/dependency-review-config.yml
@@ -0,0 +1,12 @@
+# https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md
+allow_licenses:
+- 'Apache-2.0'
+- 'BSD-2-Clause'
+- 'BSD-2-Clause-FreeBSD'
+- 'BSD-3-Clause'
+- 'ISC'
+- 'MIT'
+- 'PostgreSQL'
+- 'Python-2.0'
+- 'X11'
+- 'Zlib'
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
new file mode 100644
index 0000000..15f0a9d
--- /dev/null
+++ b/.github/workflows/dependency-review.yaml
@@ -0,0 +1,15 @@
+name: 'Dependency Review'
+on:
+- pull_request
+permissions:
+  contents: read
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Checkout Repository'
+      uses: actions/checkout@v4
+    - name: Dependency Review
+      uses: actions/dependency-review-action@v3
+      with:
+        config-file: '.github/dependency-review-config.yml'