44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a2e092190d8eb0fc9ceb8533572f04fff52f097b
privacy.sexy/.github/workflows/checks.security.yaml
undergroundwires 242a497e7d Bump node environment to 16.x 
- Bump setup-node action to v2.
- Use composite actions to reuse same setting. This is preferred over
  reusable templates because reusable templates are on job-level but
  setting up node should be a step.
2022-03-07 21:38:30 +01:00

23 lines
573 B
YAML
Raw Blame History

name: security-checks
on:
push:
pull_request:
paths: [ '/package.json', '/package-lock.json' ] # Allow PRs to be green if they do not introduce dependency change
schedule:
- cron: '0 0 * * 0' # at 00:00 on every Sunday
jobs:
npm-audit:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Setup node
uses: ./.github/actions/setup-node
-
name: NPM audit
run: exit "$(npm audit)" # Since node 15.x, it does not fail with error if we don't explicitly exit
Reference in New Issue View Git Blame Copy Permalink