Npm audit #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Npm audit | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 12 * * 0' # Run every fortnight on Sunday at 12 | |
| jobs: | |
| npm_audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run npm audit | |
| id: npm_audit | |
| run: | | |
| find public/modules/custom public/themes/custom -type f -name ".nvmrc" -exec sh -c ' | |
| dir=$(dirname "$1") | |
| node_version=$(cat "$1") | |
| echo "Using Node.js version $node_version in $dir" | |
| cd "$dir" | |
| export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" | |
| nvm install $node_version | |
| nvm use $node_version | |
| set +e | |
| npm audit --package-lock-only --loglevel=error; | |
| # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. | |
| if [ $? -gt 0 ]; then | |
| npm audit fix --package-lock-only --loglevel=error; | |
| if [ $? -gt 0 ]; then | |
| echo "BC_BREAK=:exclamation: NPM Audit fix could not fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_ENV; | |
| fi; | |
| echo "CREATE_PR=true" >> $GITHUB_OUTPUT; | |
| fi; | |
| set -e | |
| ' sh {} \; | |
| - name: Create Pull Request | |
| if: steps.npm_audit.outputs.CREATE_PR == 'true' | |
| uses: peter-evans/create-pull-request@v4 | |
| with: | |
| committer: GitHub <noreply@github.com> | |
| author: actions-bot <actions-bot@users.noreply.github.com> | |
| commit-message: Updated node modules based on npm audit fix | |
| title: Automatic npm audit fix | |
| labels: auto-update | |
| body: | | |
| # Npm audit | |
| ${{ env.BC_BREAK }} | |
| ## How to install | |
| * Update the HDBT theme | |
| * `git fetch --all` | |
| * `git checkout automation/npm-audit` | |
| * `git pull origin automation/npm-audit` | |
| * In the custom module or custom theme folder, run `nvm use && npm i && npm run build` | |
| ## How to test | |
| Run `npm audit` | |
| * [ ] Check that the `npm audit` prints `found 0 vulnerabilities` | |
| * [ ] Check that the changes for distributed files are sensible | |
| branch: automation/npm-audit |