-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
UHF-9380: Simplified npm audit action.
- Loading branch information
Showing
1 changed file
with
4 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,18 +13,17 @@ jobs: | |
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Use Node.js from .nvmrc in modules/custom | ||
| id: npm_audit_modules | ||
| - name: Run npm audit | ||
| id: npm_audit | ||
| run: | | ||
| find public/modules/custom -type f -name ".nvmrc" -exec sh -c ' | ||
| find public/modules/custom public/themes/custom -type f -name ".nvmrc" -exec sh -c ' | ||
| dir=$(dirname "$1") | ||
| node_version=$(cat "$1") | ||
| echo "Using Node.js version $node_version in $dir" | ||
| cd "$dir" | ||
| export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" | ||
| nvm install $node_version | ||
| nvm use $node_version | ||
| npm install --silent | ||
| set +e | ||
| npm audit --package-lock-only --loglevel=error; | ||
| # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. | ||
|
|
@@ -38,33 +37,9 @@ jobs: | |
| set -e | ||
| ' sh {} \; | ||
| - name: Use Node.js from .nvmrc in themes/custom | ||
| id: npm_audit_themes | ||
| run: | | ||
| find public/themes/custom -type f -name ".nvmrc" -exec sh -c ' | ||
| dir=$(dirname "$1") | ||
| node_version=$(cat "$1") | ||
| echo "Using Node.js version $node_version in $dir" | ||
| cd "$dir" | ||
| export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" | ||
| nvm install $node_version | ||
| nvm use $node_version | ||
| npm install --silent | ||
| set +e | ||
| npm audit --package-lock-only --loglevel=error; | ||
| # The npm audit command will exit with a 0 exit code if no vulnerabilities were found. | ||
| if [ $? -gt 0 ]; then | ||
| npm audit fix --package-lock-only --loglevel=error; | ||
| if [ $? -gt 0 ]; then | ||
| echo "BC_BREAK=:exclamation: NPM Audit fix could not fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_ENV; | ||
| fi; | ||
| echo "CREATE_PR=true" >> $GITHUB_OUTPUT; | ||
| fi; | ||
| set -e | ||
| ' sh {} \; | ||
| - name: Create Pull Request | ||
| if: steps.npm_audit_modules.outputs.CREATE_PR == 'true' || steps.npm_audit_themes.outputs.CREATE_PR == 'true' | ||
| if: steps.npm_audit.outputs.CREATE_PR == 'true' | ||
| uses: peter-evans/create-pull-request@v4 | ||
| with: | ||
| committer: GitHub <[email protected]> | ||
|
|
||