feat(sync)!: migrate backend from Cloudflare Workers to Supabase #120
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security Audit | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| # Run daily at 2 AM UTC | |
| - cron: '0 2 * * *' | |
| workflow_dispatch: # Allow manual trigger | |
| jobs: | |
| audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 1 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Run security audit | |
| run: bun audit --audit-level=high | |
| - name: Audit summary | |
| if: always() | |
| run: | | |
| echo "### Security Audit Results" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| bun audit --json > audit-results.json || true | |
| if [ -s audit-results.json ]; then | |
| echo "See detailed results in the audit step above." >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "✅ No vulnerabilities found!" >> $GITHUB_STEP_SUMMARY | |
| fi |