From 77d0864d8b094040d47868408aa8d42cdda5f0b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Barto=C5=A1?= <bartos.developer152@gmail.com>
Date: Sun, 29 Dec 2024 03:08:31 +0100
Subject: [PATCH] Dependency review improvements

---
 .github/workflows/dependency-review.yaml | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
index 891f921..c2359bf 100644
--- a/.github/workflows/dependency-review.yaml
+++ b/.github/workflows/dependency-review.yaml
@@ -1,15 +1,17 @@
 name: "Dependency Review"
 
 on:
-  pull_request:
+  pull_request_target:
     types: [ "opened", "synchronize", "edited", "reopened" ]
-    paths-ignore:
-      - "docs/**"
+    paths:
+      - "*"
+      - ".github/**"
   push:
     branches:
       - "**"
-    paths-ignore:
-      - "docs/**"
+    paths:
+      - "*"
+      - ".github/**"
 
 concurrency:
   group: "${{ github.workflow }}-${{ github.ref }}"
@@ -17,16 +19,13 @@ concurrency:
 
 permissions:
   contents: "read"
+  pull-requests: "write"
 
 jobs:
   dependency-review:
     name: "Dependency Review"
     runs-on: "ubuntu-latest"
 
-    if: |
-      github.event_name != 'pull_request'
-      || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
-
     steps:
       - name: "Checkout"
         uses: "actions/checkout@v4"
@@ -34,5 +33,8 @@ jobs:
       - name: "Dependency Review"
         uses: "actions/dependency-review-action@v4"
         with:
-          base-ref: "${{ github.event.before }}"
-          head-ref: "${{ github.sha }}"
+          base-ref: "${{ github.event_name == 'push' && github.event.before || '' }}"
+          head-ref: "${{ github.event_name == 'push' && github.sha || '' }}"
+          comment-summary-in-pr: "always"
+          fail-on-severity: "high"
+          show-openssf-scorecard: false