Audit fix #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Audit fix | |
| on: | |
| schedule: | |
| - cron: '0 9 * * *' | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| audit-fix: | |
| name: Run npm audit fix and create pull request | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run npm audit fix | |
| run: | | |
| npm audit 2>&1 > audit-report.txt || true | |
| npm audit fix || npm audit fix --force || true | |
| - name: Create pull request | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_REPO: ${{ github.repository }} | |
| run: | | |
| if git diff --quiet; then | |
| echo "No changes after npm audit fix, skipping PR creation" | |
| exit 0 | |
| fi | |
| BRANCH="npm-audit-fix-$(date +%Y%m%d-%H%M%S)" | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git checkout -b "$BRANCH" | |
| git add package.json package-lock.json | |
| git commit -m "chore(deps): npm audit fix" | |
| git push origin "$BRANCH" | |
| cat > pr-body.md << 'BODYEOF' | |
| Automated security fixes via `npm audit fix`. | |
| ## Audit Report | |
| ``` | |
| BODYEOF | |
| cat audit-report.txt >> pr-body.md | |
| echo '```' >> pr-body.md | |
| gh pr create \ | |
| --title "chore(deps): npm audit fix" \ | |
| --body-file pr-body.md \ | |
| --label "audit: fix" \ | |
| --base main \ | |
| --head "$BRANCH" |