123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 |
- # This workflow is provided via the organization template repository
- #
- # https://github.com/nextcloud/.github
- # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
- #
- # SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors
- # SPDX-License-Identifier: MIT
- name: Npm audit fix and compile
- on:
- workflow_dispatch:
- schedule:
- # At 2:30 on Sundays
- - cron: '30 2 * * 0'
- jobs:
- build:
- runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- branches: ['main', 'master', 'stable30', 'stable29', 'stable28']
- name: npm-audit-fix-${{ matrix.branches }}
- steps:
- - name: Checkout
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- with:
- ref: ${{ matrix.branches }}
- - name: Read package.json node and npm engines version
- uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
- id: versions
- with:
- fallbackNode: '^20'
- fallbackNpm: '^10'
- - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v3
- with:
- node-version: ${{ steps.versions.outputs.nodeVersion }}
- - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
- run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'
- - name: Fix npm audit
- id: npm-audit
- uses: nextcloud-libraries/npm-audit-action@2a60bd2e79cc77f2cc4d9a3fe40f1a69896f3a87 # v0.1.0
- - name: Run npm ci and npm run build
- if: always()
- env:
- CYPRESS_INSTALL_BINARY: 0
- run: |
- npm ci
- npm run build --if-present
- - name: Create Pull Request
- if: always()
- uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
- with:
- token: ${{ secrets.COMMAND_BOT_PAT }}
- commit-message: 'fix(deps): Fix npm audit'
- committer: GitHub <noreply@github.com>
- author: nextcloud-command <nextcloud-command@users.noreply.github.com>
- signoff: true
- branch: automated/noid/${{ matrix.branches }}-fix-npm-audit
- title: '[${{ matrix.branches }}] Fix npm audit'
- body: ${{ steps.npm-audit.outputs.markdown }}
- labels: |
- dependencies
- 3. to review
|