Security & Data Audit #184
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security & Data Audit | |
| on: | |
| pull_request: | |
| paths: | |
| - 'src/docs.json' | |
| - 'tests/audit/**' | |
| - 'package.json' | |
| - 'package-lock.json' | |
| schedule: | |
| - cron: '0 0 * * *' # Daily at midnight | |
| workflow_dispatch: | |
| jobs: | |
| documentation-audit: | |
| name: Documentation Audit | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6.3.0 | |
| with: | |
| node-version: '24' | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run documentation audit | |
| run: npm run test:audit | |
| env: | |
| # Higher limit for scheduled runs (0 = no limit), lower for PRs | |
| DOCS_AUDIT_MAX_TOTAL: ${{ github.event_name == 'schedule' && '0' || '50' }} | |
| # Advisories are non-blocking for PRs | |
| continue-on-error: ${{ github.event_name == 'pull_request' }} | |
| dependency-audit: | |
| name: Dependency Audit | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6.3.0 | |
| with: | |
| node-version: '24' | |
| cache: npm | |
| - name: Run npm audit | |
| run: npm audit --omit=dev --audit-level=critical | |
| # Advisories are non-blocking for PRs | |
| continue-on-error: ${{ github.event_name == 'pull_request' }} |