diff options
author | Luke Karrys <luke@lukekarrys.com> | 2022-10-13 17:55:08 +0300 |
---|---|---|
committer | Nathan Fritz <fritzy@github.com> | 2022-10-13 18:55:11 +0300 |
commit | 9d7a6ffe0ac8740507ff2552ea763cb1649f7fb9 (patch) | |
tree | 7613d4d121957dad97589fa4f1c5fe33d274d9ef | |
parent | a09e19d88f046e54e8d75343883635a1bd056310 (diff) |
chore: only audit production workspaces
After #5309 moved docs dependencies to proudction deps, we started
failing our daily audit CI check. Currently these deps are production
so they are available when we run `pack`, but they don't need to be
audited since they are never present in our published tarball.
This change runs `audit` on the root CLI and all workspaces within the
`workspaces/` directory, which are the only production workspaces.
-rw-r--r-- | .github/workflows/audit.yml | 2 | ||||
-rw-r--r-- | scripts/template-oss/audit.yml | 13 | ||||
-rw-r--r-- | scripts/template-oss/root.js | 1 |
3 files changed, 15 insertions, 1 deletions
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 281331a54..b3f3b982b 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -31,4 +31,4 @@ jobs: - name: Reset Deps run: node . run resetdeps -- --package-lock - name: Run Audit - run: node . audit + run: node . audit -iwr -w workspaces diff --git a/scripts/template-oss/audit.yml b/scripts/template-oss/audit.yml new file mode 100644 index 000000000..3859c5e3d --- /dev/null +++ b/scripts/template-oss/audit.yml @@ -0,0 +1,13 @@ +name: Audit + +on: + workflow_dispatch: + schedule: + # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1 + - cron: "0 8 * * 1" + +jobs: + audit: + {{> job jobName="Audit Dependencies" jobDepFlags="--package-lock" }} + - name: Run Audit + run: {{ rootNpmPath }} audit -iwr -w workspaces diff --git a/scripts/template-oss/root.js b/scripts/template-oss/root.js index a3b960db0..13bd4c5fa 100644 --- a/scripts/template-oss/root.js +++ b/scripts/template-oss/root.js @@ -7,6 +7,7 @@ module.exports = { '.github/workflows/ci-release.yml': 'ci-release.yml', '.github/dependabot.yml': false, '.github/workflows/post-dependabot.yml': false, + '.github/workflows/audit.yml': 'audit.yml', }, }, workspaceRepo: { |