Skip to content

NPM Vulnerability Reports #29

NPM Vulnerability Reports

NPM Vulnerability Reports #29

name: NPM Vulnerability Reports
on:
schedule:
- cron: "0 15 * * 2" # Tuesday morning at 7:00-8:00am Pacific Time.
workflow_dispatch:
# START HERE! v
# ADD REQUIRED FILES:
# - .github/helpers/parse-json5-config.js
# - .github/helpers/npm-audit/enhance-vulnerability-list.cjs
# - .github/helpers/npm-audit/find-direct-dependencies.cjs
# - .github/helpers/npm-audit/find-indirect-vulnerable-deps.cjs
# - .github/helpers/npm-audit/get-latest-dep-info.cjs
# - .github/helpers/npm-audit/is-fix-available.cjs
# - .github/helpers/npm-audit/run-npm-audit.cjs
# - .github/helpers/npm-audit/parse-npm-vulnerabilities.cjs
# - .github/helpers/npm-audit/create-report.cjs
# - .github/helpers/npm-audit/create-report-issues.cjs
# - .github/helpers/github-api/github-api-requests.cjs
# - .github/helpers/github-api/create-and-close-existing-issue.cjs
# - .github/config/vulnerability-report.json5
# EDIT .github/config/vulnerability-report.json5
# DO NOT Edit below env variables.
env:
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
# Parse Vars from config.
parse-json5-config:
runs-on: ubuntu-22.04
outputs:
directoryPaths: ${{ steps.parse_config.outputs.directoryPaths }}
steps:
# Checkout branch.
- name: Checkout Repository
uses: actions/checkout@v4
# Install json5 npm package for parsing config.
- name: Install Dependencies
run: npm install json5
# Run script to convert json5 config to Output Vars.
- name: Run Script
id: parse_config
run: node .github/helpers/parse-json5-config.mjs .github/config/vulnerability-report.json5
# Check package versions for updates.
parse-vulnerabilities:
runs-on: ubuntu-22.04
needs: parse-json5-config
env:
directoryPaths: ${{ needs.parse-json5-config.outputs.directoryPaths }}
container:
# Lightweight NodeJS Image
image: node:21.5-bullseye-slim
steps:
# Checkout branch.
- name: Checkout repository
uses: actions/checkout@v4
# Run NodeJS script to check for latest npm dependency versions and capture output.
- name: Run NPM DEP Check Node.js script
id: check_versions
run: |
npm i -D semver
node .github/helpers/npm-audit/parse-npm-vulnerabilities.cjs > vulnerabilities.json
cat vulnerabilities.json
# Upload the output as an artifact.
- name: Upload output
uses: actions/upload-artifact@v3
with:
name: vulnerabilities
path: vulnerabilities.json
# Write the output text for the GitHub Issue.
write-output:
needs:
- parse-json5-config
- parse-vulnerabilities
runs-on: ubuntu-22.04
env:
directoryPaths: ${{ needs.parse-json5-config.outputs.directoryPaths }}
container:
# Lightweight NodeJS Image
image: node:21.5-bullseye-slim
steps:
# Checkout branch.
- name: Checkout repository
uses: actions/checkout@v4
# Download the output artifact from parse-package-versions.
- name: Download output
uses: actions/download-artifact@v3
with:
name: vulnerabilities
path: .
# Run NodeJS script to create GitHub Issue body.
- name: Run NPM DEP Check Node.js script
id: check_versions
run: |
node .github/helpers/npm-audit/create-report.cjs > outputText.json
# Upload the output as an artifact.
- name: Upload output
uses: actions/upload-artifact@v3
with:
name: outputText
path: outputText.json
# Create the GitHub Issues.
create-issues:
needs:
- parse-json5-config
- write-output
runs-on: ubuntu-22.04
env:
directoryPaths: ${{ needs.parse-json5-config.outputs.directoryPaths }}
container:
# Lightweight NodeJS Image
image: node:21.5-bullseye-slim
steps:
# Checkout branch.
- name: Checkout repository
uses: actions/checkout@v4
# Download the output artifact.
- name: Download output
uses: actions/download-artifact@v3
with:
name: outputText
path: .
# Install @octokit/rest npm package for making GitHub rest API requests.
- name: Install @octokit/rest npm
run: npm i @octokit/rest
# Run Node Script to Create GitHub Issue.
- name: Create GitHub Issues
run: |
node .github/helpers/npm-audit/create-report-issues.cjs