forta-bot-templates/.github/workflows/npm-audit.yml at main · arbitraryexecution/forta-bot-templates · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
---
# Custom workflow for running NPM audit
name: NPM Vulnerability Checker
# yamllint disable-line rule:truthy
on:
  # Enabling manual test
  # REF: https://stackoverflow.com/questions/58933155/manual-workflow-triggers-in-github-actions
  workflow_dispatch:
  push:
  schedule:
    - cron: "0 0 * * *"

jobs:
  npm-audit:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
    timeout-minutes: 5

    steps:
      - name: Checkout the repo
        uses: actions/checkout@v3
      - name: Use Node.js
        uses: actions/setup-node@v3
        with:
          node-version: lts/*
      - name: Install Packages
        run: npm install

      - name: Check for vulnerabilities
        id: VulnerabilityCheck
        continue-on-error: true
        run: npm audit
      - name: List outdated packages if vulnerabilities are detected
        if: steps.VulnerabilityCheck.outcome == 'failure'
        run: npm outdated