fix(cli): fix quote stripping in composio run and detect in-band errors #1101
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Audit Typescript SDK | |
| on: | |
| push: | |
| branches: [master, next] | |
| paths: | |
| - "ts/**" | |
| pull_request: | |
| branches: [master, next] | |
| paths: | |
| - "ts/**" | |
| jobs: | |
| audit: | |
| name: Audit | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v6 | |
| - name: Setup Node.js, pnpm, Bun | |
| uses: ./.github/actions/setup-node-pnpm-bun | |
| with: | |
| enable-caching: 'false' | |
| - name: Run pnpm audit (production dependencies only) | |
| id: audit | |
| continue-on-error: true | |
| run: pnpm audit --prod > audit-output.txt 2>&1 | |
| - name: Comment on PR if audit failed | |
| if: steps.audit.outcome == 'failure' && github.event_name == 'pull_request' | |
| run: | | |
| { | |
| echo "⚠️ **Security Audit Warning**" | |
| echo "" | |
| echo "The \`pnpm audit --prod\` check found security vulnerabilities in production dependencies." | |
| echo "" | |
| echo "Please review and fix the vulnerabilities. You can try running:" | |
| echo "\`\`\`bash" | |
| echo "pnpm audit --fix --prod" | |
| echo "\`\`\`" | |
| echo "" | |
| echo "<details>" | |
| echo "<summary>Audit output</summary>" | |
| echo "" | |
| echo "\`\`\`" | |
| cat audit-output.txt | |
| echo "\`\`\`" | |
| echo "" | |
| echo "</details>" | |
| } > audit-comment.txt | |
| - name: Post audit comment to PR | |
| if: steps.audit.outcome == 'failure' && github.event_name == 'pull_request' | |
| uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # 3.0.1 | |
| with: | |
| file-path: audit-comment.txt | |
| comment-tag: pnpm-audit-security-warning |