scheduled pnpm audit #328
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: scheduled pnpm audit | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| issues: write | |
| on: | |
| schedule: | |
| - cron: '0 10 * * *' | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| scan: | |
| name: pnpm audit | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ | |
| node-version: [20.x] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| # https://github.com/pnpm/action-setup | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| # version from package.json | |
| run_install: false | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'pnpm' | |
| - name: SETUP - Install dependencies | |
| run: | | |
| echo "Installing dependencies..." | |
| pnpm i --frozen-lockfile | |
| - name: CHECK - Check for outdated dependencies (non-blocking warning) | |
| run: | | |
| echo "🔍 Checking for outdated dependencies..." | |
| if pnpm outdated --depth=3; then | |
| echo "::notice title=Deps OK::✅ Dependencies are up to date 🎉" | |
| else | |
| echo "::warning title=⚠️ Outdated Dependencies::Some dependencies are outdated. Please consider updating them." | |
| fi | |
| - name: CHECK - Run inline pnpm audit (non-blocking warning) | |
| run: | | |
| echo "🔍 Checking for vulnerabilities..." | |
| if pnpm audit; then | |
| echo "::notice title=Audit OK::✅ Audit is fine 🎉" | |
| else | |
| echo "::warning title=ℹ️ vulnerabilities found" | |
| fi |