From 713375affc4ae068e673682024378ff1730b9155 Mon Sep 17 00:00:00 2001 From: Jeff Ching Date: Tue, 10 Sep 2024 13:02:29 -0700 Subject: [PATCH] ci: add bulk npm audit workflow (#5494) Also makes the individual `npm audit fix` workflow manual trigger only --- .github/workflows/audit-bulk.yaml | 37 +++++++++++++++++++++++++++++++ .github/workflows/audit.yaml | 3 --- 2 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/audit-bulk.yaml diff --git a/.github/workflows/audit-bulk.yaml b/.github/workflows/audit-bulk.yaml new file mode 100644 index 00000000000..7f4a2b40791 --- /dev/null +++ b/.github/workflows/audit-bulk.yaml @@ -0,0 +1,37 @@ +on: + workflow_dispatch: + schedule: + # every Monday morning + - cron: '0 1 * * 1' +name: npm-audit-bulk +jobs: + updatePackages: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + with: + fetch-depth: 0 + - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 + with: + node-version: 18 + - run: | + # for each package-lock.json, run npm audit fix + for `find packages -type d -name node_modules -prune -o -name package-lock.json -print | grep -v test` + do + # ignore failures and continue + npm audit fix || true + done + - uses: googleapis/code-suggester@9c92ffb751cbdc880473aa650013b3a3292f743a # v4 + env: + ACCESS_TOKEN: ${{ secrets.YOSHI_CODE_BOT_TOKEN }} + with: + command: pr + upstream_owner: googleapis + upstream_repo: repo-automation-bots + description: 'ran `npm audit fix`' + title: 'chore: update lock files' + message: 'chore: update lock files' + branch: update-lock-file-all + primary: main + force: true + git_dir: '.' diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml index aa728ea1d1c..a789195df03 100644 --- a/.github/workflows/audit.yaml +++ b/.github/workflows/audit.yaml @@ -1,8 +1,5 @@ on: workflow_dispatch: - schedule: - # every Monday morning - - cron: '0 1 * * 1' name: npm-audit jobs: findPackages: