Skip to content

Commit

Permalink
add dependency review
Browse files Browse the repository at this point in the history
  • Loading branch information
@sanityFair
sanityFair committed Nov 20, 2023
1 parent f285bc1 commit d066504
Showing 1 changed file with 35 additions and 0 deletions.
35 changes: 35 additions & 0 deletions .github/workflows/dependency-review.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: 'Dependency review'
on:
pull_request:
paths:
- packages/arui-scripts/**

permissions:
discussions: write
contents: read
pull-requests: write

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Use Node.js 18.x
uses: actions/setup-node@v1
- name: Npm Install
run: |
npm install
working-directory: ./packages/arui-scripts
- name: Run Audit
id: audit
uses: oke-py/npm-audit-action@v2
with:
audit_level: critical
github_token: ${{ secrets.GITHUB_TOKEN }}
working_directory: ./packages/arui-scripts
issue_assignees: oke-py
issue_labels: vulnerability
- name: Auto approve
if: steps.audit.outcome == 'success'
uses: hmarr/auto-approve-action@v3

0 comments on commit d066504

Please sign in to comment.