Skip to content

Npm audit

Npm audit #31

Workflow file for this run

name: Npm audit
on:
workflow_dispatch:
schedule:
- cron: '0 12 * * 0' # Run every fortnight on Sunday at 12
jobs:
npm_audit:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run npm audit
id: npm_audit
run: |
find public/modules/custom public/themes/custom -type f -name ".nvmrc" -exec sh -c '
dir=$(dirname "$1")
node_version=$(cat "$1")
echo "Using Node.js version $node_version in $dir"
cd "$dir"
export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
nvm install $node_version
nvm use $node_version
set +e
npm audit --package-lock-only --loglevel=error;
# The npm audit command will exit with a 0 exit code if no vulnerabilities were found.
if [ $? -gt 0 ]; then
npm audit fix --package-lock-only --loglevel=error;
if [ $? -gt 0 ]; then
echo "BC_BREAK=:exclamation: NPM Audit fix could not fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_ENV;
fi;
echo "CREATE_PR=true" >> $GITHUB_OUTPUT;
fi;
set -e
' sh {} \;
- name: Create Pull Request
if: steps.npm_audit.outputs.CREATE_PR == 'true'
uses: peter-evans/create-pull-request@v4
with:
committer: GitHub <noreply@github.com>
author: actions-bot <actions-bot@users.noreply.github.com>
commit-message: Updated node modules based on npm audit fix
title: Automatic npm audit fix
labels: auto-update
body: |
# Npm audit
${{ env.BC_BREAK }}
## How to install
* Update the HDBT theme
* `git fetch --all`
* `git checkout automation/npm-audit`
* `git pull origin automation/npm-audit`
* In the custom module or custom theme folder, run `nvm use && npm i && npm run build`
## How to test
Run `npm audit`
* [ ] Check that the `npm audit` prints `found 0 vulnerabilities`
* [ ] Check that the changes for distributed files are sensible
branch: automation/npm-audit