forked from cartsnitch/cartsnitch
feat(ci): add npm audit vulnerability check
Adds an audit job to the CI workflow that runs npm audit with --audit-level=high, failing the job on critical or high severity vulnerabilities. Runs in parallel with lint and test, and does not gate the build-and-push jobs. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
committed by
Barcode Betty
parent
b18cb24ec4
commit
d4f7194d3f
@@ -47,6 +47,18 @@ jobs:
|
|||||||
- name: Run tests
|
- name: Run tests
|
||||||
run: npx vitest run
|
run: npx vitest run
|
||||||
|
|
||||||
|
audit:
|
||||||
|
runs-on: runners-cartsnitch
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- uses: actions/setup-node@v4
|
||||||
|
with:
|
||||||
|
node-version: "20"
|
||||||
|
cache: npm
|
||||||
|
- run: npm ci
|
||||||
|
- name: Check for vulnerabilities
|
||||||
|
run: npm audit --audit-level=high
|
||||||
|
|
||||||
build-and-push:
|
build-and-push:
|
||||||
runs-on: runners-cartsnitch
|
runs-on: runners-cartsnitch
|
||||||
needs: [lint, test]
|
needs: [lint, test]
|
||||||
|
|||||||
Reference in New Issue
Block a user