NPM Vulnerability Reports #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: NPM Vulnerability Reports | |
on: | |
schedule: | |
- cron: "0 15 * * 2" # Tuesday morning at 7:00-8:00am Pacific Time. | |
workflow_dispatch: | |
# START HERE! v | |
# ADD REQUIRED FILES: | |
# - .github/helpers/parse-json5-config.js | |
# - .github/helpers/npm-audit/enhance-vulnerability-list.cjs | |
# - .github/helpers/npm-audit/find-direct-dependencies.cjs | |
# - .github/helpers/npm-audit/find-indirect-vulnerable-deps.cjs | |
# - .github/helpers/npm-audit/get-latest-dep-info.cjs | |
# - .github/helpers/npm-audit/is-fix-available.cjs | |
# - .github/helpers/npm-audit/run-npm-audit.cjs | |
# - .github/helpers/npm-audit/parse-npm-vulnerabilities.cjs | |
# - .github/helpers/npm-audit/create-report.cjs | |
# - .github/helpers/npm-audit/create-report-issues.cjs | |
# - .github/helpers/github-api/github-api-requests.cjs | |
# - .github/helpers/github-api/create-and-close-existing-issue.cjs | |
# - .github/config/vulnerability-report.json5 | |
# EDIT .github/config/vulnerability-report.json5 | |
# DO NOT Edit below env variables. | |
env: | |
GITHUB_REPOSITORY: ${{ github.repository }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
# Parse Vars from config. | |
parse-json5-config: | |
runs-on: ubuntu-22.04 | |
outputs: | |
directoryPaths: ${{ steps.parse_config.outputs.directoryPaths }} | |
steps: | |
# Checkout branch. | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
# Install json5 npm package for parsing config. | |
- name: Install Dependencies | |
run: npm install json5 | |
# Run script to convert json5 config to Output Vars. | |
- name: Run Script | |
id: parse_config | |
run: node .github/helpers/parse-json5-config.mjs .github/config/vulnerability-report.json5 | |
# Check package versions for updates. | |
parse-vulnerabilities: | |
runs-on: ubuntu-22.04 | |
needs: parse-json5-config | |
env: | |
directoryPaths: ${{ needs.parse-json5-config.outputs.directoryPaths }} | |
container: | |
# Lightweight NodeJS Image | |
image: node:21.5-bullseye-slim | |
steps: | |
# Checkout branch. | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Run NodeJS script to check for latest npm dependency versions and capture output. | |
- name: Run NPM DEP Check Node.js script | |
id: check_versions | |
run: | | |
npm i -D semver | |
node .github/helpers/npm-audit/parse-npm-vulnerabilities.cjs > vulnerabilities.json | |
# Upload the output as an artifact. | |
- name: Upload output | |
uses: actions/upload-artifact@v3 | |
with: | |
name: vulnerabilities | |
path: vulnerabilities.json | |
# Write the output text for the GitHub Issue. | |
write-output: | |
needs: | |
- parse-json5-config | |
- parse-vulnerabilities | |
runs-on: ubuntu-22.04 | |
env: | |
directoryPaths: ${{ needs.parse-json5-config.outputs.directoryPaths }} | |
container: | |
# Lightweight NodeJS Image | |
image: node:21.5-bullseye-slim | |
steps: | |
# Checkout branch. | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Download the output artifact from parse-package-versions. | |
- name: Download output | |
uses: actions/download-artifact@v3 | |
with: | |
name: vulnerabilities | |
path: . | |
# Run NodeJS script to create GitHub Issue body. | |
- name: Run NPM DEP Check Node.js script | |
id: check_versions | |
run: | | |
node .github/helpers/npm-audit/create-report.cjs > outputText.json | |
# Upload the output as an artifact. | |
- name: Upload output | |
uses: actions/upload-artifact@v3 | |
with: | |
name: outputText | |
path: outputText.json | |
# Create the GitHub Issues. | |
create-issues: | |
needs: | |
- parse-json5-config | |
- write-output | |
runs-on: ubuntu-22.04 | |
env: | |
directoryPaths: ${{ needs.parse-json5-config.outputs.directoryPaths }} | |
container: | |
# Lightweight NodeJS Image | |
image: node:21.5-bullseye-slim | |
steps: | |
# Checkout branch. | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Download the output artifact. | |
- name: Download output | |
uses: actions/download-artifact@v3 | |
with: | |
name: outputText | |
path: . | |
# Install @octokit/rest npm package for making GitHub rest API requests. | |
- name: Install @octokit/rest npm | |
run: npm i @octokit/rest | |
# Run Node Script to Create GitHub Issue. | |
- name: Create GitHub Issues | |
run: | | |
node .github/helpers/npm-audit/create-report-issues.cjs |