Write the dependency change detection guardrail check.
File
.github/workflows/guardrail-dependencies.yml
What
- Trigger: PR opened or synchronized
- Detect changes to: package.json, requirements.txt, go.mod, Cargo.toml, pom.xml, etc.
- If new dependencies added: check PR body and linked issue for justification
- No justification:
action_required with annotation on dependency file
- Check for non-stale PR approval override
Reference
- docs/design.md: Dependency Change Detection (Layer 4)
Write the dependency change detection guardrail check.
File
.github/workflows/guardrail-dependencies.ymlWhat
action_requiredwith annotation on dependency fileReference