From b9efe4da9849e40d3081cd0fa06e942c5bf7cf7c Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 17:12:11 +0000 Subject: [PATCH] feat: add npm audit checks to CI workflow - Add 'Audit - Production' job for production dependencies - Add 'Audit - All' job for all dependencies - Follow existing CI job pattern with 15-minute timeout --- .github/workflows/ci.yml | 48 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 952ddb9af2..72ac0939fe 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -103,3 +103,51 @@ jobs: - name: Check Licenses run: npm run check-licenses + + audit-prod: + name: Audit - Production + runs-on: ubuntu-latest + timeout-minutes: 15 + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Setup Node.js + uses: actions/setup-node@v5 + with: + cache: 'npm' + node-version: ${{ env.NODE_VERSION }} + registry-url: 'https://npm.pkg.github.com' + scope: '@deepnote' + + - name: Install dependencies + run: npm ci --prefer-offline --no-audit + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Run audit for production dependencies + run: npm audit --production + + audit-all: + name: Audit - All + runs-on: ubuntu-latest + timeout-minutes: 15 + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Setup Node.js + uses: actions/setup-node@v5 + with: + cache: 'npm' + node-version: ${{ env.NODE_VERSION }} + registry-url: 'https://npm.pkg.github.com' + scope: '@deepnote' + + - name: Install dependencies + run: npm ci --prefer-offline --no-audit + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Run audit for all dependencies + run: npm audit