This action runs npm audit fix and creates a pull request.
For example, you can add this action by creating .github/workflows/npm-audit-fix.yml:
name: npm audit fix
on:
schedule:
- cron: 0 0 * * * # Run at 00:00 UTC every day
workflow_dispatch: # Trigger manually
branches: ["**"]
jobs:
run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: ybiquitous/npm-audit-fix-action@v2
# with:
# github_token: ${{ github.token }}
# branch: "npm-audit-fix-action/fix"
# default_branch: <automatically set>
# commit_title: "build(deps): npm audit fix"
# labels: "dependencies, security"See also action.yml about the available options.
If you want to run your CI with pull requests created by this action, you may need to set your personal access token instead of the GitHub's default token:
For example:
with:
github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}The reason is that the default token does not have enough permissions to trigger CI. See also the GitHub document about the token permissions.
MIT © Masafumi Koba