-
Notifications
You must be signed in to change notification settings - Fork 8
32 lines (27 loc) · 1.1 KB
/
audit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
name: Audit
# Controls when the workflow will run
on: push
env:
TOKEN_LISTS_ACTIONS_OR_CI_BUILD: true
DAPP_RADAR_PROJECT_ID: ${{ secrets.DAPP_RADAR_PROJECT_ID }}
DAPP_RADAR_API_KEY: ${{ secrets.DAPP_RADAR_API_KEY }}
API_AUTH_TOKEN_GITHUB: ${{ secrets.API_AUTH_TOKEN_GITHUB }}
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
audit:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: '20.x'
registry-url: 'https://registry.npmjs.org'
- run: sudo apt-get update -y
- run: sudo apt-get install -y librsvg2-bin libimagequant-dev pkg-config
- run: npm install -g yarn
- run: yarn --version
- run: yarn
- run: yarn audit