-
-
Notifications
You must be signed in to change notification settings - Fork 10
135 lines (115 loc) · 4.14 KB
/
audit.yml
File metadata and controls
135 lines (115 loc) · 4.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Dependency Audit
on:
schedule:
- cron: "0 9 * * 1"
workflow_dispatch:
permissions:
contents: read
issues: write
jobs:
audit:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version-file: package.json
- name: Setup Node
uses: actions/setup-node@v6
with:
node-version-file: package.json
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Dependency tree
run: bun pm ls --all
- name: Check for outdated packages
uses: actions/github-script@v8
with:
script: |
const { execSync } = require("child_process");
let result = {};
try {
const output = execSync("bunx npm-check-updates --jsonUpgraded", {
encoding: "utf-8",
});
result = JSON.parse(output);
} catch (error) {
// npm-check-updates exits non-zero when updates are found
try {
result = JSON.parse(error.stdout);
} catch {
core.warning("Failed to parse npm-check-updates output");
return;
}
}
const packages = Object.entries(result);
if (packages.length === 0) {
core.info("All dependencies are up to date.");
await core.summary
.addHeading("Dependency Audit", 2)
.addRaw("All dependencies are up to date.")
.write();
return;
}
const rows = packages.map(([name, version]) => [name, version]);
const table = rows
.map(([name, version]) => `| ${name} | ${version} |`)
.join("\n");
const summaryBody = [
"## Dependency Audit",
"",
`Found **${packages.length}** outdated package(s):`,
"",
"| Package | Latest |",
"| --- | --- |",
table,
].join("\n");
await core.summary.addRaw(summaryBody).write();
// Determine if any updates look critical (major version bumps)
const critical = packages.filter(([, version]) => {
// npm-check-updates prefixes with ^ or ~ — strip to compare
const clean = version.replace(/^[\^~]/, "");
const major = parseInt(clean.split(".")[0], 10);
return major > 0; // heuristic: flag all for issue creation
});
if (critical.length === 0) {
return;
}
// Create or update a GitHub issue
const issueTitle = "Dependency Audit: outdated packages found";
const issueBody = [
"The weekly dependency audit found outdated packages.",
"",
"| Package | Latest |",
"| --- | --- |",
table,
"",
`_Generated by the Dependency Audit workflow on ${new Date().toISOString().split("T")[0]}._`,
].join("\n");
const { data: issues } = await github.rest.issues.listForRepo({
owner: context.repo.owner,
repo: context.repo.repo,
labels: "dependencies",
state: "open",
per_page: 1,
});
if (issues.length > 0) {
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issues[0].number,
body: issueBody,
});
core.info(`Updated existing issue #${issues[0].number}`);
} else {
const { data: created } = await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: issueTitle,
body: issueBody,
labels: ["dependencies"],
});
core.info(`Created issue #${created.number}`);
}