aboutsummaryrefslogtreecommitdiffstats
path: root/.github/workflows/npm-audit-fix.yml
blob: 2fe41891648eb0a39d86cb3beb0ae1cf19b5e168 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# This workflow is provided via the organization template repository
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization

name: Npm audit fix and compile

on:
  workflow_dispatch:
  schedule:
    # At 2:30 on Sundays
    - cron: '30 2 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        branches: ["main", "master", "stable29", "stable28", "stable27"]

    name: npm-audit-fix-${{ matrix.branches }}

    steps:
      - name: Checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.6.0
        with:
          ref: ${{ matrix.branches }}

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2
        id: versions
        with:
          fallbackNode: '^20'
          fallbackNpm: '^9'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
        run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"

      - name: Fix npm audit
        run: |
          npm audit fix

      - name: Run npm ci and npm run build
        if: always()
        env:
          CYPRESS_INSTALL_BINARY: 0
          PUPPETEER_SKIP_DOWNLOAD: true
        run: |
          npm ci
          npm run build --if-present

      - name: Create Pull Request
        if: always()
        uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # v5
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: "chore(deps): fix npm audit"
          committer: GitHub <noreply@github.com>
          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
          signoff: true
          branch: automated/noid/${{ matrix.branches }}-fix-npm-audit
          title: "[${{ matrix.branches }}] Fix npm audit"
          body: |
            Auto-generated fix of npm audit
          labels: |
            dependencies
            3. to review