Fix: vulnerabilities package #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Package Audit and Comment on Vulnerabilities' | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - '**/package.json' | |
| - '**/pnpm-lock.yaml' | |
| jobs: | |
| audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install pnpm | |
| run: npm install -g pnpm | |
| - name: Set up PNPM_HOME and PATH | |
| run: | | |
| echo "PNPM_HOME=$HOME/.local/share/pnpm" >> $GITHUB_ENV | |
| echo "PATH=$HOME/.local/share/pnpm:$PATH" >> $GITHUB_ENV | |
| mkdir -p $HOME/.local/share/pnpm | |
| export PNPM_HOME=$HOME/.local/share/pnpm | |
| export PATH=$PNPM_HOME:$PATH | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Run pnpm audit | |
| id: audit | |
| run: | | |
| result=$(pnpm audit --json) | |
| echo "Audit result: $result" | |
| echo "$result" > audit-result.json | |
| if echo "$result" | grep -q '"advisory"'; then | |
| echo "Vulnerabilities found!" | |
| exit 1 | |
| else | |
| echo "No vulnerabilities found." | |
| fi | |
| - name: Post comment on PR if vulnerabilities found | |
| if: failure() | |
| uses: peter-evans/create-or-update-comment@v2 | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| body: | | |
| 🚨 **Vulnerabilities Found** 🚨 | |
| There are vulnerabilities detected during the `pnpm audit`. Please check the audit results. | |
| You can run `pnpm audit` locally to view more details. |