Add audit check to CI and pre-push Git hook (#185)

Author: mcmire

.github/workflows/super_diff.yml

@@ -31,6 +31,25 @@ jobs:
         run: yarn --immutable
       - name: Lint
         run: yarn lint
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - name: Use Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version-file: ".nvmrc"
+          cache: "yarn"
+      - name: Install Ruby dependencies
+        run: bin/ci/install
+      - name: Install Yarn dependencies
+        run: yarn --immutable
+      - name: Audit
+        run: yarn audit
   test:
     needs:
       - lint

Gemfile

@@ -7,6 +7,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 gem "appraisal",
     github: "thoughtbot/appraisal",
     ref: "2f5be65b8e127bd602fd149f395f2f8fa50616a8"
+gem "bundler-audit"
 gem "childprocess"
 gem "climate_control"
 gem "pry-byebug", platform: :mri

package.json

@@ -5,10 +5,11 @@
   "private": true,
   "scripts": {
     "lint": "prettier --check .",
+    "audit": "yarn npm audit && bundle exec bundle audit",
     "lint:fix": "yarn lint --write"
   },
   "simple-git-hooks": {
-    "pre-push": "yarn lint"
+    "pre-push": "yarn lint && yarn audit"
   },
   "devDependencies": {
     "@lavamoat/allow-scripts": "^2.3.0",