-
Notifications
You must be signed in to change notification settings - Fork 17
47 lines (42 loc) · 1.24 KB
/
npm-audit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: npm audit
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
#on:
# workflow_dispatch:
# schedule:
# - cron: '0 10 * * MON' # Every Monday at 10AM UTC
on:
pull_request:
branches: ['main']
jobs:
npm-audit:
name: npm audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup NodeJS
uses: actions/setup-node@v4
with:
node-version: '20'
- name: install dependencies
run: npm ci
- id: run_npm_audit
uses: oke-py/npm-audit-action@v2
with:
audit_level: moderate
github_token: ${{ secrets.GITHUB_TOKEN }}
create_issues: false
create_pr_comments: false
production_flag: true
- name: Send Slack notification on failure
uses: ravsamhq/notify-slack-action@v2
if: always()
with:
status: ${{ job.status }}
notify_when: 'failure'
notification_title: "Vanilla components NPM audit found some vulnerabilities"
message_format: ${{steps.run_npm_audit.outputs.npm_audit}}
footer: 'Linked to Repo <{repo_url}|{repo}>'
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}