Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UHF-9380: Npm audit action #679

Merged
merged 5 commits into from
Jan 29, 2024
Merged

UHF-9380: Npm audit action #679

Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f242caa
UHF-9380: Added npm audit action.
khalima Jan 24, 2024
eea429f
UHF-9380: Added test triggerer.
khalima Jan 24, 2024
170876d
UHF-9380: Removed the test triggerer.
khalima Jan 24, 2024
f0a49f8
UHF-9380: Handle BC breaks when running npm audit fix.
khalima Jan 25, 2024
4e0dba6
UHF-9380: Do not install the node packages as it is not needed when r…
khalima Jan 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions .github/workflows/npm-audit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: Npm audit

on:
schedule:
- cron: '0 12 * * 0' # Run every fortnight on Sunday at 12

jobs:
npm_audit:
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Use Node.js from .nvmrc in modules
id: npm_audit_modules
run: |
find modules -type f -name ".nvmrc" -exec sh -c '
dir=$(dirname "$1")
node_version=$(cat "$1")
echo "Using Node.js version $node_version in $dir"
cd "$dir"
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
nvm install $node_version
nvm use $node_version
npm install --silent
set +e
npm audit --package-lock-only --loglevel=error;
# The npm audit command will exit with a 0 exit code if no vulnerabilities were found.
if [ $? -gt 0 ]; then npm audit fix --package-lock-only --loglevel=error; echo "CREATE_PR=true" >> $GITHUB_OUTPUT; fi;
set -e
' sh {} \;

- name: Create Pull Request
if: steps.npm_audit_modules.outputs.CREATE_PR == 'true'
uses: peter-evans/create-pull-request@v4
with:
committer: GitHub <noreply@github.com>
author: actions-bot <actions-bot@users.noreply.github.com>
commit-message: Updated node modules based on npm audit fix
title: Automatic npm audit fix
labels: auto-update
body: |
# Npm audit
## How to install

* Update the HDBT theme
* `git fetch --all`
* `git checkout automation/npm-audit`
* `git pull origin automation/npm-audit`
* In the custom module folder, run `nvm use && npm i && npm run build`

## How to test
Run `npm audit`

* [ ] Check that the `npm audit` prints `found 0 vulnerabilities`
* [ ] Check that the changes for distributed files are sensible

branch: automation/npm-audit
Loading