From a5d2e2ba13fc9f8cd5b10ad92a575392e24e9afb Mon Sep 17 00:00:00 2001
From: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
Date: Thu, 11 May 2023 11:27:28 -0700
Subject: [PATCH] ci: improve ci

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
---
 .github/{dependabot.yml => dependabot.yaml} |  0
 .github/workflows/ci.yaml                   | 20 ++++++++++++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)
 rename .github/{dependabot.yml => dependabot.yaml} (100%)

diff --git a/.github/dependabot.yml b/.github/dependabot.yaml
similarity index 100%
rename from .github/dependabot.yml
rename to .github/dependabot.yaml
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 35d819d7..c2239923 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -13,16 +13,28 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go: ['1.17', '1.18', '1.19']
+        go: ['1.17', '1.18', '1.19', '1.20']
 
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
         with:
           go-version: ${{ matrix.go }}
 
-      - name: Checkout code
-        uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Test
         run: go test -v ./...
+
+  dependency-review:
+    name: Dependency review
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e # v3.0.4