From 6f84279c417e44d6798aabaf3a081404b02c7801 Mon Sep 17 00:00:00 2001
From: Big Andy <8012398+big-andy-coates@users.noreply.github.com>
Date: Wed, 16 Aug 2023 15:23:23 +0100
Subject: [PATCH] Enable a build check for bad dependencies and licenses.

USes https://github.com/marketplace/actions/dependency-review to check for bad dependencies or unwanted license types.
---
 .github/workflows/dependencies.yml | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
index 2efa9bf..192997f 100644
--- a/.github/workflows/dependencies.yml
+++ b/.github/workflows/dependencies.yml
@@ -33,4 +33,21 @@ jobs:
         env:
           DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: runtimeClasspath
           DEPENDENCY_GRAPH_INCLUDE_PROJECTS: "^:(?!(buildSrc|test-)).*"
-        run: ./gradlew allDeps --configuration runtimeClasspath
\ No newline at end of file
+        run: ./gradlew allDeps --configuration runtimeClasspath
+
+  check-dependencies:
+    if: github.event_name == 'pull_request'
+    needs: submit-dependencies
+    permissions:
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.0.0
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v3
+        with:
+          comment-summary-in-pr: true
+          # Think carefully about the implications of adding dependencies with new licence types.
+          # Licence ids: https://spdx.org/licenses/
+          # License risks: https://brainhub.eu/library/open-source-licenses-to-avoid
+          allow-licenses: MIT