Reminder for 'run npm audit' #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Reminder for 'run npm audit'" | |
| on: | |
| schedule: | |
| - cron: '0 22 * * *' | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'master' | |
| jobs: | |
| run-npm-audit: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| issues: write | |
| if: github.repository == 'line/line-bot-sdk-nodejs' | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version: '24' | |
| - name: Run npm audit and check diff | |
| id: audit | |
| run: ./scripts/npm-audit.sh | |
| continue-on-error: true | |
| - name: Create or update reminder issue | |
| if: steps.audit.outcome == 'failure' | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| env: | |
| TZ: 'Asia/Tokyo' | |
| with: | |
| script: | | |
| const { owner, repo } = context.repo; | |
| const title = 'Reminder: run npm audit'; | |
| const securityURL = `https://github.com/${owner}/${repo}/security`; | |
| const baseBody = [ | |
| 'Fix all vulnerabilities. You can check with `./scripts/npm-audit.sh` locally, then send a PR with the fixes.', | |
| `After fixing, make sure the vulnerabilities count in **${securityURL}** is **0**.` | |
| ].join('\n\n'); | |
| const { data: result } = await github.rest.search.issuesAndPullRequests({ | |
| q: `repo:${owner}/${repo} is:issue is:open in:title "${title}"` | |
| }); | |
| const today = new Date(); | |
| if (result.total_count === 0) { | |
| await github.rest.issues.create({ | |
| owner, | |
| repo, | |
| title, | |
| body: `${baseBody}\n\n0 days have passed.` | |
| }); | |
| } else { | |
| const issue = result.items[0]; | |
| const created = new Date(issue.created_at); | |
| const diffDays = Math.floor((today - created) / 86_400_000); | |
| await github.rest.issues.update({ | |
| owner, | |
| repo, | |
| issue_number: issue.number, | |
| body: `${baseBody}\n\n${diffDays} days have passed.` | |
| }); | |
| } |