Skip to content

Scheduled Yarn audit #2040

Scheduled Yarn audit

Scheduled Yarn audit #2040

name: Scheduled Yarn audit
on:
schedule:
# Once a day at 5 o-clock
- cron: "0 5 * * *"
push:
branches: [main]
pull_request:
paths:
- '.github/workflows/yarn-audit-scheduled.yml'
defaults:
run:
working-directory: ./frontend
jobs:
audit:
name: Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js environment
uses: actions/setup-node@v3
with:
node-version: "18"
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "::set-output name=dir::$(yarn config get cacheFolder)"
- uses: actions/cache@v3
id: yarn-cache
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install dependencies
run: yarn --prefer-offline --frozen-lockfile --check-files
- name: Run audit
run: yarn audit-ci --config audit-ci.jsonc
- name: Yarn audit scan failure slack notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_COLOR: ${{ job.status }}
SLACK_USERNAME: GitHub-Alerts
SLACK_TITLE: ${{ github.workflow }} has *FAILED*!
SLACK_MESSAGE: "*Yarn audit has found some vulnerabilities!*"
SLACK_CHANNEL: yjdh-alerts
if: failure()