From a45a2f41ecd4a4d1f07d1e5280ee2f03f96a04aa Mon Sep 17 00:00:00 2001 From: Adam Kroon Date: Tue, 14 Feb 2023 09:47:21 -0800 Subject: [PATCH] adding npm audit actions on PR for api and frontend --- .github/workflows/npm-audit-api.yaml | 27 +++++++++++++++++++++++ .github/workflows/npm-audit-frontend.yaml | 27 +++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 .github/workflows/npm-audit-api.yaml create mode 100644 .github/workflows/npm-audit-frontend.yaml diff --git a/.github/workflows/npm-audit-api.yaml b/.github/workflows/npm-audit-api.yaml new file mode 100644 index 000000000..652bf583f --- /dev/null +++ b/.github/workflows/npm-audit-api.yaml @@ -0,0 +1,27 @@ +name: NPM Audit - API + +on: + pull_request: + branches: + - main + +jobs: + scan: + name: npm audit + runs-on: ubuntu-latest + steps: + # Checkout Repository + - uses: actions/checkout@v3 + + # Install API Dependencies + - name: install dependencies + run: | + cd src/backend/ + npm ci + + # Checkout for moderate or higher vulnerabilities in Frontend package.json + - uses: oke-py/npm-audit-action@v2 + with: + audit_level: moderate + github_token: ${{ secrets.GITHUB_TOKEN }} + working_directory: src/backend diff --git a/.github/workflows/npm-audit-frontend.yaml b/.github/workflows/npm-audit-frontend.yaml new file mode 100644 index 000000000..63b885394 --- /dev/null +++ b/.github/workflows/npm-audit-frontend.yaml @@ -0,0 +1,27 @@ +name: NPM Audit - Frontend + +on: + pull_request: + branches: + - main + +jobs: + scan: + name: npm audit + runs-on: ubuntu-latest + steps: + # Checkout Repository + - uses: actions/checkout@v3 + + # Install Frontend Dependencies + - name: install dependencies + run: | + cd src/frontend/ + npm ci + + # Checkout for moderate or higher vulnerabilities in Frontend package.json + - uses: oke-py/npm-audit-action@v2 + with: + audit_level: moderate + github_token: ${{ secrets.GITHUB_TOKEN }} + working_directory: src/frontend