Skip to content

feat!: add lockfile generation support #444

feat!: add lockfile generation support

feat!: add lockfile generation support #444

# This is a workflow for analyzing dependency lockfiles
# in this repository with Phylum during pull requests.
---
name: Phylum_analyze
on: pull_request
jobs:
Analyze_PR_with_Phylum:
name: Analyze PR with phylum
permissions: # Ensure least privilege of actions
contents: read # For actions/checkout
pull-requests: write # For phylum-dev/phylum-analyze-pr-action
runs-on: ubuntu-latest
steps:
- name: Checkout the repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
fetch-depth: 0
- name: Analyze poetry.lock file
uses: phylum-dev/phylum-analyze-pr-action@53d203dd18c41350a673bcc236aa05337eb6edf3 # v2.1.1
with:
phylum_token: ${{ secrets.PHYLUM_TOKEN }}
cmd: phylum-ci -vv