Skip to content

Bump the npm-minor-and-patch group with 3 updates #337

Bump the npm-minor-and-patch group with 3 updates

Bump the npm-minor-and-patch group with 3 updates #337

Workflow file for this run

name: CI
on:
push:
branches:
- master
pull_request:
schedule:
- cron: "0 7 * * 1"
workflow_dispatch:
permissions:
contents: read
jobs:
test:
name: Validation gate
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Set up Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22
cache: npm
- name: Install dependencies
run: npm ci
- name: Run full validation gate
run: npm run validate
dependency-vulnerabilities:
name: Dependency vulnerability gate
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Set up Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22.12
cache: npm
- name: Install dependencies
run: npm ci
- name: Fail on high or critical advisories
run: npm audit --audit-level=high
trivy:
name: Trivy scan (informational)
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Check out repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Run Trivy vulnerability and secret scan
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
with:
scan-type: fs
scan-ref: .
format: sarif
output: trivy-results.sarif
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
if: always()
with:
sarif_file: trivy-results.sarif