diff --git a/.github/workflows/npm-audit-alert-prod.yml b/.github/workflows/npm-audit-alert-prod.yml new file mode 100644 index 0000000..88e5b8b --- /dev/null +++ b/.github/workflows/npm-audit-alert-prod.yml @@ -0,0 +1,37 @@ +name: npm-audit-alert-prod + +on: + schedule: + - cron: "0 12 * * *" + workflow_dispatch: + +jobs: + npm-audit: + runs-on: ubuntu-latest + steps: + - name: Get commit hash of the version installed to production + run: | + echo "COMMIT_HASH=$( curl "https://dashboard.ops.opintopolku.fi/data/services" | jq --raw-output '.services[] | select(.name == "rekisterointi") | .environments.sade.commit_hash' )" + id: get_prod_version + - uses: actions/checkout@v4 + with: + ref: ${{ steps.get_prod_version.outputs.COMMIT_HASH }} + - name: Install deps + run: npm ci + working-directory: rekisterointi-ui + - name: Run npm audit + run: | + npm audit 2>&1 | tee audit.log + result_code=${PIPESTATUS[0]} + content="$(cat audit.log)" + content="${content//'%'/'%25'}" + content="${content//$'\n'/'%0A'}" + content="${content//$'\r'/'%0D'}" + echo "content=$content" >> "$GITHUB_OUTPUT" + exit $result_code + id: run_audit + working-directory: rekisterointi-ui + - name: Send Slack alert if previous steps failed + if: failure() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"channel": "#yleiskäyttöiset-alerts", "icon_emoji": ":warning:", "text": "*${{ github.repository }}:*\n${{ steps.run_audit.outputs.content }}"}' ${{ secrets.SLACK_WEBHOOK_URL }} diff --git a/.github/workflows/npm-audit-alert.yml b/.github/workflows/npm-audit-alert.yml index ed16580..2145990 100644 --- a/.github/workflows/npm-audit-alert.yml +++ b/.github/workflows/npm-audit-alert.yml @@ -7,8 +7,6 @@ on: paths: - "rekisterointi-ui/package.json" - "rekisterointi-ui/package-lock.json" - schedule: - - cron: "0 12 * * *" jobs: npm-audit: