Skip to content

fix: package.json to reduce vulnerabilities #19

fix: package.json to reduce vulnerabilities

fix: package.json to reduce vulnerabilities #19

on:
pull_request_target:
types: [opened]
push:
name: Pull request automation
jobs:
pull-request-automation:
runs-on: ubuntu-latest
if: ${{ github.repository == 'WordPress/gutenberg' }}
strategy:
matrix:
node: ['14']
steps:
# Checkout defaults to using the branch which triggered the event, which
# isn't necessarily `trunk` (e.g. in the case of a merge).
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: trunk
- name: Use desired version of NodeJS
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: ${{ matrix.node }}
- name: Cache NPM packages
uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # v3.2.5
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.os }}-node-${{ matrix.node }}-npm-pr-automation-cache-${{ hashFiles('**/package-lock.json') }}
# Changing into the action's directory and running `npm install` is much
# faster than a full project-wide `npm ci`.
- name: Install NPM dependencies
run: npm install
working-directory: packages/project-management-automation
- uses: ./packages/project-management-automation
with:
github_token: ${{ secrets.GITHUB_TOKEN }}