Skip to content

npm-audit-alert-prod #123

npm-audit-alert-prod

npm-audit-alert-prod #123

name: npm-audit-alert-prod
on:
schedule:
- cron: "0 12 * * *"
workflow_dispatch:
jobs:
npm-audit:
runs-on: ubuntu-latest
steps:
- name: Get commit hash of the version installed to production
run: |
echo "COMMIT_HASH=$( curl "https://dashboard.ops.opintopolku.fi/data/services" | jq --raw-output '.services[] | select(.name == "rekisterointi") | .environments.sade.commit_hash' )" >> $GITHUB_OUTPUT
id: get_prod_version
- uses: actions/checkout@v4
with:
ref: ${{ steps.get_prod_version.outputs.COMMIT_HASH }}
- name: Install deps
run: npm ci
working-directory: rekisterointi-ui
- name: Run npm audit
run: |
npm audit 2>&1 | tee audit.log
result_code=${PIPESTATUS[0]}
content="$(cat audit.log)"
content="${content//'%'/'%25'}"
content="${content//$'\n'/'%0A'}"
content="${content//$'\r'/'%0D'}"
echo "content=$content" >> "$GITHUB_OUTPUT"
exit $result_code
id: run_audit
working-directory: rekisterointi-ui
- name: Send Slack alert if previous steps failed
if: failure()
run: |
curl -X POST -H 'Content-type: application/json' --data '{"channel": "#yleiskäyttöiset-alerts", "icon_emoji": ":warning:", "text": "*${{ github.repository }}:*\n${{ steps.run_audit.outputs.content }}"}' ${{ secrets.SLACK_WEBHOOK_URL }}