feat: add yarn audit checks to CI workflow

devin-ai-integration[bot] · devin-ai-integration[bot] · commit 4d362fb6cfdb · 2025-10-09T17:12:13.000Z
- Add 'Audit - Production' job for production dependencies
- Add 'Audit - All' job for all dependencies
- Use jlpm (yarn) for dependency auditing
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -169,3 +169,47 @@ jobs:
       - uses: actions/checkout@v4
       - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
       - uses: jupyterlab/maintainer-tools/.github/actions/check-links@v1
+        with:
+          ignore_links: 'https://github.com/deepnote/jupyterlab-deepnote/pull/ https://github.com/deepnote/jupyterlab-deepnote/issues/'
+
+  audit-prod:
+    name: Audit - Production
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Base Setup
+        uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
+
+      - name: Install dependencies
+        run: jlpm
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run audit for production dependencies
+        run: jlpm audit --groups "dependencies"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  audit-all:
+    name: Audit - All
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Base Setup
+        uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
+
+      - name: Install dependencies
+        run: jlpm
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run audit for all dependencies
+        run: jlpm audit
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
