Merge pull request #91 from UKHomeOffice/improvement/npm-audit-in-ci

Add npm audit to ci pipeline
UKHomeOffice · Aug 1, 2018 · f96d025 · f96d025
2 parents d2ecc5d + a0f2017
commit f96d025
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -5,11 +5,22 @@ pipeline:
     secrets:
       - npm_auth_token
     commands:
-      - npm install
+      - npm install -g npm@6
+      - npm ci
       - npm test
     when:
       event: [push, pull_request, tag]
 
+  audit:
+    image: node:8
+    secrets:
+      - npm_auth_token
+    commands:
+      - npm install -g npm@6
+      - npx @lennym/ciaudit
+    when:
+      event: [push, pull_request, tag]
+
   compile:
     image: node:8
     secrets:

diff --git a/Dockerfile b/Dockerfile
@@ -3,10 +3,12 @@ FROM quay.io/ukhomeofficedigital/nodejs-base:v8
 ARG NPM_AUTH_USERNAME
 ARG NPM_AUTH_TOKEN
 
+RUN npm install -g npm@6
+
 COPY .npmrc /app/.npmrc
 COPY package.json /app/package.json
 COPY package-lock.json /app/package-lock.json
-RUN npm install --production --no-optional
+RUN npm ci --production --no-optional
 COPY . /app
 
 RUN rm /app/.npmrc