From 46718d2d654d3f061d55bda2f9e3f133ca91fa9f Mon Sep 17 00:00:00 2001
From: gal kahana <gal.kahana@hotmail.com>
Date: Sat, 1 Jul 2023 10:49:10 +0300
Subject: [PATCH 1/6] feat: add dependency review to cicd

---
 .github/workflows/build.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f1611b8..dc0f51e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -7,6 +7,15 @@ on:
     branches: [ "master" ]
 
 jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v3
+        with:
+          fail-on-severity: high
   build-node-publish:
     strategy:
       fail-fast: false

From 747bb32197236b6e34cf300f50660fa20b3b3f22 Mon Sep 17 00:00:00 2001
From: gal kahana <gal.kahana@hotmail.com>
Date: Sat, 1 Jul 2023 10:51:47 +0300
Subject: [PATCH 2/6] add dependency between jobs

---
 .github/workflows/build.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index dc0f51e..2ba8fe7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,11 +1,15 @@
 name: Build
 
+
 on:
   push:
     branches: [ "*" ]
   pull_request:
     branches: [ "master" ]
 
+permissions:
+  contents: read
+
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
@@ -17,6 +21,7 @@ jobs:
         with:
           fail-on-severity: high
   build-node-publish:
+    needs: dependecy-review
     strategy:
       fail-fast: false
       matrix:

From ed38ff81591bde823c56e79621e998fb51a53197 Mon Sep 17 00:00:00 2001
From: gal kahana <gal.kahana@hotmail.com>
Date: Sat, 1 Jul 2023 10:52:34 +0300
Subject: [PATCH 3/6] spelling

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2ba8fe7..1422ddb 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -21,7 +21,7 @@ jobs:
         with:
           fail-on-severity: high
   build-node-publish:
-    needs: dependecy-review
+    needs: dependency-review
     strategy:
       fail-fast: false
       matrix:

From f8361ac714accf3a667eb450077720112af5660e Mon Sep 17 00:00:00 2001
From: gal kahana <gal.kahana@hotmail.com>
Date: Sat, 1 Jul 2023 10:56:22 +0300
Subject: [PATCH 4/6] support for push only

---
 .github/workflows/build.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 1422ddb..6527778 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -20,6 +20,8 @@ jobs:
         uses: actions/dependency-review-action@v3
         with:
           fail-on-severity: high
+          base-ref: ${{ github.event.before }}
+          head-ref: ${{ github.sha }}          
   build-node-publish:
     needs: dependency-review
     strategy:

From a646995e80666673a1d678c89569685037d6dda1 Mon Sep 17 00:00:00 2001
From: gal kahana <gal.kahana@hotmail.com>
Date: Sat, 1 Jul 2023 10:58:59 +0300
Subject: [PATCH 5/6] conditional

---
 .github/workflows/build.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6527778..dd801c6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,12 +16,18 @@ jobs:
     steps:
       - name: 'Checkout Repository'
         uses: actions/checkout@v3
-      - name: 'Dependency Review'
+      - name: 'Dependency Review Push'
         uses: actions/dependency-review-action@v3
         with:
           fail-on-severity: high
           base-ref: ${{ github.event.before }}
-          head-ref: ${{ github.sha }}          
+          head-ref: ${{ github.sha }}  
+          if: ${{ github.event_name == 'push'}} 
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v3
+        with:
+          fail-on-severity: high
+          if: ${{ github.event_name != 'push'}}                      
   build-node-publish:
     needs: dependency-review
     strategy:

From 2aefeb15c177c9fac444328791d70ccba8c6fcc2 Mon Sep 17 00:00:00 2001
From: gal kahana <gal.kahana@hotmail.com>
Date: Sat, 1 Jul 2023 11:00:48 +0300
Subject: [PATCH 6/6] maybe this way

---
 .github/workflows/build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index dd801c6..42dc221 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -18,16 +18,16 @@ jobs:
         uses: actions/checkout@v3
       - name: 'Dependency Review Push'
         uses: actions/dependency-review-action@v3
+        if: ${{ github.event_name == 'push'}} 
         with:
           fail-on-severity: high
           base-ref: ${{ github.event.before }}
           head-ref: ${{ github.sha }}  
-          if: ${{ github.event_name == 'push'}} 
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v3
+        if: ${{ github.event_name != 'push'}}                      
         with:
           fail-on-severity: high
-          if: ${{ github.event_name != 'push'}}                      
   build-node-publish:
     needs: dependency-review
     strategy: