ci: add back npm audit #408
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CICD | |
| on: | |
| push: | |
| branches: [mainline] | |
| pull_request: | |
| jobs: | |
| build: | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [14.x, 16.x, 18.x, 20.x] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| # 14.x fails with "npm ERR! Cannot read property '@commitlint/config-conventional' of undefined" | |
| # when running `npm ci` due to the new package-lock.json format. Run `npm i` instead | |
| - name: Install (14.x) | |
| if: matrix.node-version == '14.x' | |
| run: npm i | |
| - name: Install | |
| if: matrix.node-version != '14.x' | |
| run: npm ci | |
| - name: Test | |
| run: npm test | |
| - name: Verify Typescript Types | |
| if: matrix.node-version == '20.x' | |
| run: npm run verify-typescript-types | |
| - name: Lint | |
| if: matrix.node-version == '20.x' | |
| run: npm run lint | |
| - name: Audit | |
| if: matrix.node-version == '20.x' | |
| run: npm audit --audit-level critical | |
| - name: Release | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/mainline' && matrix.node-version == '20.x' | |
| run: npm run release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} |