README.md: Show an example of only running on dependency changes (#52)

Several of the `cargo deny` checks will always produce identical results if dependencies have not changed. Add a sample pipeline that runs all of those checks only on pull requests that modify `Cargo.toml` or `Cargo.lock`.
EmbarkStudios · Mar 25, 2023 · cb4dc2d · cb4dc2d
1 parent 8af37f5
commit cb4dc2d
Showing 1 changed file with 23 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -76,7 +76,29 @@ jobs:
         arguments: --all-features
 ```
 
-### Recommended pipeline to avoid sudden breakages
+### Recommended pipeline if not using advisories, to only run on dependency changes
+
+If you use this pipeline, you should have `Cargo.lock` files checked into your
+repository.
+
+```yaml
+name: CI
+on:
+  pull_request:
+    paths:
+      - '**/Cargo.lock'
+      - '**/Cargo.toml'
+jobs:
+  cargo-deny:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: EmbarkStudios/cargo-deny-action@v1
+      with:
+        command: check bans licenses sources
+```
+
+### Recommended pipeline if using advisories, to avoid sudden breakages
 
 ```yaml
 name: CI