diff options
| author | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2023-04-28 18:40:10 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-28 18:40:10 +0200 |
| commit | 05573be4fcce587e4b8f8e907cc089f54c14398e (patch) | |
| tree | 6a28bd146c47d6962e9b27f24a5f71db3c01ec5e | |
| parent | 74f31bac8c0473f3dc92fcb54967f4cf977c413f (diff) | |
| parent | f4bef823eb1f770e11811207b0b09c0bc0a42065 (diff) | |
| download | nextcloud-server-05573be4fcce587e4b8f8e907cc089f54c14398e.tar.gz nextcloud-server-05573be4fcce587e4b8f8e907cc089f54c14398e.zip | |
Merge pull request #37968 from nextcloud/enh/noid/add-npm-audit-fix
| -rw-r--r-- | .github/workflows/npm-audit-fix.yml | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml new file mode 100644 index 00000000000..2632da4f7c5 --- /dev/null +++ b/.github/workflows/npm-audit-fix.yml @@ -0,0 +1,67 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization + +name: npm audit fix and compile + +on: + workflow_dispatch: + schedule: + # At 2:30 on Sundays + - cron: '30 2 * * 0' + +jobs: + build: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + branches: ["main", "master", "stable26", "stable25", "stable24"] + + name: npm-audit-fix-${{ matrix.branches }} + + steps: + - name: Checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 + with: + ref: ${{ matrix.branches }} + + - name: Read package.json node and npm engines version + uses: skjnldsv/read-package-engines-version-actions@1bdcee71fa343c46b18dc6aceffb4cd1e35209c6 # v1.2 + id: versions + with: + fallbackNode: '^16' + fallbackNpm: '^7' + + - name: Set up node ${{ steps.versions.outputs.nodeVersion }} + uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3 + with: + node-version: ${{ steps.versions.outputs.nodeVersion }} + + - name: Set up npm ${{ steps.versions.outputs.npmVersion }} + run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + + - name: Fix npm audit, run npm ci and npm run build + run: | + npm audit fix + npm ci + npm run build --if-present + + - name: Create Pull Request + if: always() + uses: peter-evans/create-pull-request@18f7dc018cc2cd597073088f7c7591b9d1c02672 # v3 + with: + token: ${{ secrets.COMMAND_BOT_PAT }} + commit-message: "chore(deps): fix npm audit" + committer: GitHub <noreply@github.com> + author: nextcloud-command <nextcloud-command@users.noreply.github.com> + signoff: true + branch: automated/noid/${{ matrix.branches }}-fix-npm-audit + title: "[${{ matrix.branches }}] Fix npm audit" + body: | + Auto-generated fix of npm audit + labels: | + dependencies + 3. to review |