gandalf-the-greybeard[bot]
991278ebac
Adds a security audit step (npm audit --omit=dev) to catch known vulnerabilities in production dependencies. Runs after tests so build failures are reported before audit findings. Uses --omit=dev to focus on production-facing risk. This covers all 6 plugin repos that use the shared workflow.
47 lines
877 B
YAML
47 lines
877 B
YAML
name: Plugin CI
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
node-version:
|
|
description: 'Node.js version to use'
|
|
required: false
|
|
type: string
|
|
default: '22'
|
|
|
|
jobs:
|
|
ci:
|
|
runs-on: local-ubuntu-latest
|
|
timeout-minutes: 10
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: ${{ inputs.node-version }}
|
|
cache: 'npm'
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Build plugin
|
|
run: npx @kinvolk/headlamp-plugin build
|
|
|
|
- name: Lint
|
|
run: npm run lint
|
|
|
|
- name: Type-check
|
|
run: npm run tsc
|
|
|
|
- name: Format check
|
|
run: npm run format:check
|
|
|
|
- name: Run tests
|
|
run: npm test
|
|
|
|
- name: Security audit
|
|
run: npm audit --omit=dev
|