forked from cartsnitch/cartsnitch
feat(ci): add npm audit vulnerability check
Adds an audit job to the CI workflow that runs npm audit with --audit-level=high, failing the job on critical or high severity vulnerabilities. Runs in parallel with lint and test, and does not gate the build-and-push jobs. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Stockboy Steve
committed by
Barcode Betty
Barcode Betty
parent
b18cb24ec4
commit
d4f7194d3f
@@ -47,6 +47,18 @@ jobs:
|
||||
- name: Run tests
|
||||
run: npx vitest run
|
||||
|
||||
audit:
|
||||
runs-on: runners-cartsnitch
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: "20"
|
||||
cache: npm
|
||||
- run: npm ci
|
||||
- name: Check for vulnerabilities
|
||||
run: npm audit --audit-level=high
|
||||
|
||||
build-and-push:
|
||||
runs-on: runners-cartsnitch
|
||||
needs: [lint, test]
|
||||
|
||||
Reference in New Issue
Block a user