Skip to content

🚀 Dependency Update and Vulnerability Scan #66

🚀 Dependency Update and Vulnerability Scan

🚀 Dependency Update and Vulnerability Scan #66

name: 🚀 Dependency Update and Vulnerability Scan
on:
schedule:
- cron: '0 2 * * *'
workflow_dispatch:
push:
branches:
- main
jobs:
update-and-scan:
runs-on: ubuntu-latest
steps:
- name: 🛠️ Checkout code
uses: actions/checkout@v4
- name: 🔧 Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: 🗑️ Remove package-lock.json
run: rm -f package-lock.json
- name: 📦 Install npm-check-updates
run: npm install -g npm-check-updates
- name: ⬆️ Update all packages except ESLint
run: |
ncu -x eslint -u
npm install
npm install eslint@8.57.0 --save-dev
- name: 📦 Update dependencies with legacy peer deps
run: npm update --legacy-peer-deps
- name: 🔨 Build
run: npm run build
- name: 🧪 Test with coverage
run: npm run test
- name: 🎭 Mask Debricked credentials
run: |
echo "::add-mask::${{ secrets.DEBRICKED_TOKEN }}"
- name: Install Debricked CLI
run: |
curl -L https://github.com/debricked/cli/releases/latest/download/cli_linux_x86_64.tar.gz | tar -xz debricked
sudo mv debricked /usr/local/bin/debricked
- name: 🛡️ Debricked Vulnerability Scan
run: |
debricked scan -t ${{ secrets.DEBRICKED_TOKEN }} -r ${{ github.repository }} -c ${{ github.sha }}
- name: 📝 Commit changes
if: success()
run: |
git config --local user.name "Debugging Duck 🦆"
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git add .
git diff-index --quiet HEAD || git commit -m "⬆️ update all npm dependencies except ESLint ⬆️"
- name: 🚀 Push changes
if: success()
run: git push