1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-17 14:14:55 +00:00

Merge branch 'main' into dependabot/npm_and_yarn/npm-dependencies-d095f69092

This commit is contained in:
Jason Hall 2026-02-21 02:08:49 -05:00 committed by GitHub
commit c2a0d4313f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 40 additions and 14 deletions

View file

@ -2,28 +2,28 @@ name: CI
on:
push:
branches: [ main ]
branches: [main]
pull_request:
branches: [ main ]
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.2
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm test
- name: Check test coverage
run: npm run test:coverage
@ -31,23 +31,23 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.2
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Build dist
run: npm run build
- name: Check if dist is up to date
run: |
if [ -n "$(git status --porcelain dist/)" ]; then
echo "::error::dist/ is not up to date. Please run 'npm run build' and commit the changes."
git diff dist/
exit 1
fi
fi

View file

@ -9,10 +9,36 @@ permissions:
jobs:
dependabot:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- uses: actions/checkout@v6
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Rebuild dist
run: npm run build
- name: Commit and push changes
run: |
if [ -n "$(git status --porcelain dist/)" ]; then
git config --global user.name "dependabot[bot]"
git config --global user.email "49699333+dependabot[bot]@users.noreply.github.com"
git add dist/
git commit -m "chore: rebuild dist"
git push
fi
- name: Enable auto-merge for Dependabot PRs
if: github.actor == 'dependabot[bot]'
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

View file

@ -35,7 +35,7 @@ jobs:
# NB: Could also set `fail-on-increase: false` and use `if: ${{steps.malcontent.outputs.risk-delta > 5}}` to allow some risk increase
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 #v3.29.0 - 11 Jun 2025
uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 #v3.29.0 - 11 Jun 2025
if: always() # Upload even if the malcontent check fails
with:
sarif_file: ${{ steps.malcontent.outputs.sarif-file }}