From 3aef3ae763095595a39cdd38921e12f0b1746633 Mon Sep 17 00:00:00 2001 From: Andy Scherzinger Date: Thu, 28 Nov 2024 09:22:50 +0100 Subject: [PATCH] ci(npm): Add scheduled automated `npm audit fix` Signed-off-by: Andy Scherzinger --- .github/workflows/npm-audit-fix.yml | 75 +++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 .github/workflows/npm-audit-fix.yml diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml new file mode 100644 index 0000000..77bd90e --- /dev/null +++ b/.github/workflows/npm-audit-fix.yml @@ -0,0 +1,75 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT + +name: Npm audit fix and compile + +on: + workflow_dispatch: + schedule: + # At 2:30 on Sundays + - cron: '30 2 * * 0' + +jobs: + build: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + branches: ['main'] + + name: npm-audit-fix-${{ matrix.branches }} + + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + ref: ${{ matrix.branches }} + + - name: Read package.json node and npm engines version + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 + id: versions + with: + fallbackNode: '^20' + fallbackNpm: '^10' + + - name: Set up node ${{ steps.versions.outputs.nodeVersion }} + uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + with: + node-version: ${{ steps.versions.outputs.nodeVersion }} + + - name: Set up npm ${{ steps.versions.outputs.npmVersion }} + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' + + - name: Fix npm audit + id: npm-audit + uses: nextcloud-libraries/npm-audit-action@2a60bd2e79cc77f2cc4d9a3fe40f1a69896f3a87 # v0.1.0 + + - name: Run npm ci and npm run build + if: always() + env: + CYPRESS_INSTALL_BINARY: 0 + run: | + npm ci + npm run build --if-present + + - name: Create Pull Request + if: always() + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + with: + token: ${{ secrets.COMMAND_BOT_PAT }} + commit-message: 'fix(deps): Fix npm audit' + committer: GitHub + author: nextcloud-command + signoff: true + branch: automated/noid/${{ matrix.branches }}-fix-npm-audit + title: '[${{ matrix.branches }}] Fix npm audit' + body: ${{ steps.npm-audit.outputs.markdown }} + labels: | + dependencies + 3. to review