adding npm audit actions on PR for api and frontend

bcgov · Feb 14, 2023 · a45a2f4 · a45a2f4
1 parent 986498f
commit a45a2f4
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/.github/workflows/npm-audit-api.yaml b/.github/workflows/npm-audit-api.yaml
@@ -0,0 +1,27 @@
+name: NPM Audit - API
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  scan:
+    name: npm audit
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout Repository
+      - uses: actions/checkout@v3
+
+      # Install API Dependencies
+      - name: install dependencies
+        run: |
+          cd src/backend/
+          npm ci
+
+      # Checkout for moderate or higher vulnerabilities in Frontend package.json
+      - uses: oke-py/npm-audit-action@v2
+        with:
+          audit_level: moderate
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          working_directory: src/backend
diff --git a/.github/workflows/npm-audit-frontend.yaml b/.github/workflows/npm-audit-frontend.yaml
@@ -0,0 +1,27 @@
+name: NPM Audit - Frontend
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  scan:
+    name: npm audit
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout Repository
+      - uses: actions/checkout@v3
+
+      # Install Frontend Dependencies
+      - name: install dependencies
+        run: |
+          cd src/frontend/
+          npm ci
+
+      # Checkout for moderate or higher vulnerabilities in Frontend package.json
+      - uses: oke-py/npm-audit-action@v2
+        with:
+          audit_level: moderate
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          working_directory: src/frontend