diff --git a/.github/scripts/pkg-deps/pkg-deps b/.github/scripts/pkg-deps/pkg-deps
new file mode 100755
index 000000000..c4cff2310
--- /dev/null
+++ b/.github/scripts/pkg-deps/pkg-deps
@@ -0,0 +1,62 @@
+#!/bin/bash
+
+set -e
+
+export LC_COLLATE=C
+
+if [[ -z "$branch" ]]; then
+ echo "error: no branch specified" >&2
+ exit 1
+fi
+
+version=$(echo "$branch" | grep -Eo '[0-9.]+')
+docker run -i -d --rm --name ubuntu ubuntu:"$version" >&2
+
+cleanup() {
+ docker rm -f ubuntu >&2
+}
+trap cleanup EXIT
+
+docker exec ubuntu apt-get update >&2
+
+msg_file="${msg_file:-$(mktemp)}"
+echo "Writing dependencies diff to $msg_file" >&2
+if [[ -n "$GITHUB_OUTPUT" ]]; then
+ echo "msg_file=$msg_file" >> $GITHUB_OUTPUT
+fi
+
+echo -e "Diff of dependencies:\n" > "$msg_file"
+for f in $@; do
+ echo "Processing $f.." >&2
+ pkg=$(yq '.package' "$f")
+
+ fupstream="$(mktemp)"
+ docker exec ubuntu apt depends \
+ --no-recommends --no-suggests --no-conflicts \
+ --no-breaks --no-replaces --no-enhances \
+ "$pkg" 2>/dev/null | \
+ sed -nr 's/.*Depends:\s(\S*).*/\1/p' | \
+ sed 's//; s/>//; s/:any//' | \
+ sort | uniq > "$fupstream"
+
+ flocal="$(mktemp)"
+ yq '.slices.[].essential[]' "$f" | \
+ sed "s/_.*//; /^$pkg$/d" | sort | uniq > "$flocal"
+
+ fdiff="$(mktemp)"
+ if ! diff -u "$fupstream" "$flocal" > "$fdiff"; then
+ echo "" >> "$msg_file"
+ echo -e "$f
\n" >> "$msg_file"
+ echo "\`\`\`diff" >> "$msg_file"
+ cat "$fdiff" | tail -n +3 >> "$msg_file"
+ echo "\`\`\`" >> "$msg_file"
+ echo -e "\n " >> "$msg_file"
+ fi
+done
+
+if ! grep "" "$msg_file"; then
+ echo -e "\tNone found." >> "$msg_file"
+fi
+
+echo -e "\n---" >> "$msg_file"
+cat "$msg_file"
diff --git a/.github/workflows/pkg-deps.yaml b/.github/workflows/pkg-deps.yaml
new file mode 100644
index 000000000..781bff330
--- /dev/null
+++ b/.github/workflows/pkg-deps.yaml
@@ -0,0 +1,52 @@
+name: Package dependencies
+
+on:
+ workflow_call:
+
+jobs:
+ check-dependency:
+ name: Check dependency
+ runs-on: ubuntu-latest
+ if: |
+ github.event_name == 'pull_request' &&
+ startswith(github.base_ref, 'ubuntu-')
+ env:
+ branch: ${{ github.base_ref }}
+ main-branch-path: files-from-main
+ permissions:
+ pull-requests: write
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Check changed paths
+ id: changed-paths
+ uses: dorny/paths-filter@v3
+ with:
+ # ref: https://github.com/marketplace/actions/paths-changes-filter
+ filters: |
+ slices:
+ - added|modified: 'slices/**/*.yaml'
+ # Space delimited list usable as command-line argument list in
+ # Linux shell. If needed, it uses single or double quotes to
+ # wrap filename with unsafe characters.
+ list-files: shell
+
+ - name: Checkout main branch
+ uses: actions/checkout@v4
+ with:
+ ref: main
+ path: ${{ env.main-branch-path }}
+
+ - name: Check dependencies
+ id: check-deps
+ env:
+ script-dir: "${{ env.main-branch-path }}/.github/scripts/pkg-deps"
+ run: |
+ set -ex
+ ./${{ env.script-dir }}/pkg-deps \
+ ${{ steps.changed-paths.outputs.slices_files }}
+
+ - name: Post messages to PR
+ uses: mshick/add-pr-comment@v2
+ with:
+ message-path: ${{ steps.check-deps.outputs.msg_file }}