Skip to content

🚀 Dependency Update and Vulnerability Scan #61

🚀 Dependency Update and Vulnerability Scan

🚀 Dependency Update and Vulnerability Scan #61

name: 🚀 Dependency Update and Vulnerability Scan
on:
schedule:
- cron: '0 2 * * 5'
workflow_dispatch:
jobs:
update-and-scan:
runs-on: ubuntu-latest
steps:
- name: 🛠️ Checkout code
uses: actions/checkout@v4
- name: 🔧 Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: 🗑️ Remove package-lock.json
run: rm -f package-lock.json
- name: 📦 Install npm-check-updates
run: npm install -g npm-check-updates
- name: ⬆️ Update all packages except ESLint
run: |
ncu -x eslint -u
npm install
npm install [email protected] --save-dev
- name: 📦 Update dependencies with legacy peer deps
run: npm update --legacy-peer-deps
- name: 🎭 Mask Debricked credentials
run: |
echo "::add-mask::${{ secrets.DEBRICKED_TOKEN }}"
- name: Install Debricked CLI
run: |
curl -L https://github.com/debricked/cli/releases/latest/download/cli_linux_x86_64.tar.gz | tar -xz debricked
sudo mv debricked /usr/local/bin/debricked
- name: 🛡️ Debricked Vulnerability Scan
run: |
debricked scan -t ${{ secrets.DEBRICKED_TOKEN }} -r ${{ github.repository }} -c ${{ github.sha }}
- name: 🏗️ Build project
run: npm run build
- name: ✅ Run tests
run: npm test
- name: 📝 Commit changes
if: success()
run: |
git config --local user.name "Debugging Duck 🦆"
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git add .
git diff-index --quiet HEAD || git commit -m "⬆️ update all npm dependencies except ESLint ⬆️"
- name: 🚀 Push changes
if: success()
run: git push