nextcloud/.github/workflows/npm-audit-fix.yml

# This workflow is provided via the organization template repository
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization

name: Npm audit fix and compile

on:
  workflow_dispatch:
  schedule:
    # At 2:30 on Sundays
    - cron: '30 2 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        branches: ["main", "master", "stable27", "stable26", "stable25", "stable24"]
  
    name: npm-audit-fix-${{ matrix.branches }}

    steps:
      - name: Checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.6.0
        with:
          ref: ${{ matrix.branches }}

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2
        id: versions
        with:
          fallbackNode: '^20'
          fallbackNpm: '^9'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
        run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"

      - name: Fix npm audit
        run: |
          npm audit fix

      - name: Run npm ci and npm run build
        if: always()
        env:
          CYPRESS_INSTALL_BINARY: 0
        run: |
          npm ci
          npm run build --if-present

      - name: Create Pull Request
        if: always()
        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: "chore(deps): fix npm audit"
          committer: GitHub <noreply@github.com>
          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
          signoff: true
          branch: automated/noid/${{ matrix.branches }}-fix-npm-audit
          title: "[${{ matrix.branches }}] Fix npm audit"
          body: |
            Auto-generated fix of npm audit
          labels: |
            dependencies
            3. to review
add npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 16:01:46 +02:00			`# This workflow is provided via the organization template repository`
			`#`
			`# https://github.com/nextcloud/.github`
			`# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization`

chore: update workflows from templates Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com> 2023-06-01 18:09:13 +02:00			`name: Npm audit fix and compile`
add npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 16:01:46 +02:00
			`on:`
			`workflow_dispatch:`
			`schedule:`
			`# At 2:30 on Sundays`
			`- cron: '30 2 * * 0'`

			`jobs:`
			`build:`
			`runs-on: ubuntu-latest`

			`strategy:`
			`fail-fast: false`
			`matrix:`
chore: update workflows from templates Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com> 2023-06-01 18:09:13 +02:00			`branches: ["main", "master", "stable27", "stable26", "stable25", "stable24"]`
add npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 16:01:46 +02:00
			`name: npm-audit-fix-${{ matrix.branches }}`

			`steps:`
			`- name: Checkout`
chore(deps): Bump actions/checkout from 4.1.0 to 4.1.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2023-10-21 03:10:17 +02:00			`uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.6.0`
add npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 16:01:46 +02:00			`with:`
			`ref: ${{ matrix.branches }}`

			`- name: Read package.json node and npm engines version`
ci: skip cypress install Unecessary to download the cypress binary if we don't run cypress Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de> 2023-09-22 16:48:21 +02:00			`uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2`
add npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 16:01:46 +02:00			`id: versions`
			`with:`
ci: skip cypress install Unecessary to download the cypress binary if we don't run cypress Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de> 2023-09-22 16:48:21 +02:00			`fallbackNode: '^20'`
			`fallbackNpm: '^9'`
add npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 16:01:46 +02:00
			`- name: Set up node ${{ steps.versions.outputs.nodeVersion }}`
chore(deps): Bump actions/setup-node from 3.6.0 to 3.8.1 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.6.0 to 3.8.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c...5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2023-08-19 04:44:31 +02:00			`uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3`
add npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 16:01:46 +02:00			`with:`
			`node-version: ${{ steps.versions.outputs.nodeVersion }}`

			`- name: Set up npm ${{ steps.versions.outputs.npmVersion }}`
			`run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"`

update npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 18:53:39 +02:00			`- name: Fix npm audit`
add npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 16:01:46 +02:00			`run: \|`
			`npm audit fix`
update npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 18:53:39 +02:00
			`- name: Run npm ci and npm run build`
			`if: always()`
ci: skip cypress install Unecessary to download the cypress binary if we don't run cypress Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de> 2023-09-22 16:48:21 +02:00			`env:`
			`CYPRESS_INSTALL_BINARY: 0`
update npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 18:53:39 +02:00			`run: \|`
add npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 16:01:46 +02:00			`npm ci`
			`npm run build --if-present`

			`- name: Create Pull Request`
			`if: always()`
chore(deps): Bump peter-evans/create-pull-request from 3 to 5 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3 to 5. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...153407881ec5c347639a548ade7d8ad1d6740e38) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2023-08-19 04:44:27 +02:00			`uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5`
add npm-audit-fix Signed-off-by: Simon L <szaimen@e.mail.de> 2023-04-28 16:01:46 +02:00			`with:`
			`token: ${{ secrets.COMMAND_BOT_PAT }}`
			`commit-message: "chore(deps): fix npm audit"`
			`committer: GitHub <noreply@github.com>`
			`author: nextcloud-command <nextcloud-command@users.noreply.github.com>`
			`signoff: true`
			`branch: automated/noid/${{ matrix.branches }}-fix-npm-audit`
			`title: "[${{ matrix.branches }}] Fix npm audit"`
			`body: \|`
			`Auto-generated fix of npm audit`
			`labels: \|`
			`dependencies`
			`3. to review`