Npm Audits and GitHub Actions

$ npm audit
found 0 vulnerabilities
jobs:
audit:
name: Audit packages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Audit packages
run: npm audit --audit-level moderate
env:
CI: true
name: PR buildon:
pull_request:
workflow_dispatch:
jobs:
audit:
name: Audit packages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Audit packages
run: npm audit --audit-level moderate
env:
CI: true
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
build:
name: Build with Node ${{ matrix.node_version }}
runs-on: ubuntu-latest
strategy:
matrix:
node_version:
- 12
- 14
- 15
- 16
- 17
- 18
steps:
- uses: actions/checkout@v3
- id: build
uses: ./.github/actions/build
with:
node_version: ${{ matrix.node_version }}
Branch protection rules — checks on PR
Branch protection rules — checks on PR
PR — waiting for all checks to pass
PR — waiting for all checks to pass
All checks passed, I’m able to merge
All checks passed, I’m able to merge
name: Static analysison:
schedule:
- cron: '30 8 * * 6'
jobs:
audit:
name: Audit packages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Audit packages
run: npm audit --audit-level moderate
env:
CI: true
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
Release pipeline with audit check
Release pipeline with audit check
name: Run tests and publishon:
push:
branches:
- master
paths-ignore:
- '.github/**'
- '**.md'
- 'tests/**'
workflow_dispatch:
jobs:
audit:
name: Audit packages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Audit packages
run: npm audit --audit-level moderate
env:
CI: true
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
build:
name: Build with Node ${{ matrix.node_version }}
needs:
- audit
- analyze
runs-on: ubuntu-latest
strategy:
matrix:
node_version:
- 12
- 14
- 15
- 16
- 17
- 18
steps:
- uses: actions/checkout@v3
- id: build
uses: ./.github/actions/build
with:
node_version: ${{ matrix.node_version }}
release:
name: Release to npm
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '18'
registry-url: 'https://registry.npmjs.org'
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store