From b53b2c03761d65647100400706670a0fe2d813ab Mon Sep 17 00:00:00 2001
From: Cole Miller <cole@zed.dev>
Date: Mon, 2 Dec 2024 19:39:18 -0500
Subject: [PATCH] Run dependency review for pull requests only (#21432)

This was an oversight in the original PR, dependency-review-action won't
work properly for `push` events
([example](https://github.com/zed-industries/zed/actions/runs/12130053580/job/33819624076)).

Release Notes:

- N/A
---
 .github/workflows/ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 33c85f74b9..602808f1b5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -114,6 +114,7 @@ jobs:
           script/generate-licenses /tmp/zed_licenses_output
 
       - name: Check for new vulnerable dependencies
+        if: github.event_name == 'pull_request'
         uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4
         with:
           license-check: false