Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UHF-9380: Npm audit action #572

Merged
merged 3 commits into from
Jan 29, 2024
Merged

UHF-9380: Npm audit action #572

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0ebf01e
UHF-9380: Added npm audit github action to run npm audit fix in custo…
khalima Jan 24, 2024
ec578cc
UHF-9380: Handle BC breaks when running npm audit fix.
khalima Jan 25, 2024
b764835
UHF-9380: Simplified npm audit action.
khalima Jan 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 69 additions & 0 deletions .github/workflows/npm-audit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: Npm audit

on:
workflow_dispatch:
schedule:
- cron: '0 12 * * 0' # Run every fortnight on Sunday at 12

jobs:
npm_audit:
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Run npm audit
id: npm_audit
run: |
find public/modules/custom public/themes/custom -type f -name ".nvmrc" -exec sh -c '
dir=$(dirname "$1")
node_version=$(cat "$1")
echo "Using Node.js version $node_version in $dir"
cd "$dir"
export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
nvm install $node_version
nvm use $node_version
set +e
npm audit --package-lock-only --loglevel=error;
# The npm audit command will exit with a 0 exit code if no vulnerabilities were found.
if [ $? -gt 0 ]; then
npm audit fix --package-lock-only --loglevel=error;
if [ $? -gt 0 ]; then
echo "BC_BREAK=:exclamation: NPM Audit fix could not fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_ENV;
fi;
echo "CREATE_PR=true" >> $GITHUB_OUTPUT;
fi;
set -e
' sh {} \;


- name: Create Pull Request
if: steps.npm_audit.outputs.CREATE_PR == 'true'
uses: peter-evans/create-pull-request@v4
with:
committer: GitHub <noreply@github.com>
author: actions-bot <actions-bot@users.noreply.github.com>
commit-message: Updated node modules based on npm audit fix
title: Automatic npm audit fix
labels: auto-update
body: |
# Npm audit

${{ env.BC_BREAK }}

## How to install

* Update the HDBT theme
* `git fetch --all`
* `git checkout automation/npm-audit`
* `git pull origin automation/npm-audit`
* In the custom module or custom theme folder, run `nvm use && npm i && npm run build`

## How to test
Run `npm audit`

* [ ] Check that the `npm audit` prints `found 0 vulnerabilities`
* [ ] Check that the changes for distributed files are sensible

branch: automation/npm-audit
Loading