Merge pull request #1629 from schul-cloud/feature/OPS-247

create npm audit workflow
hpi-schul-cloud · Mar 4, 2020 · 7ba96ee · 7ba96ee
2 parents 09a9d16 + 2ae8101
commit 7ba96ee
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
@@ -0,0 +1,18 @@
+name: Security Audit
+
+on: [push]
+
+jobs:
+  PROD:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: npm audit prod
+        run: npm audit --production --audit-level=low
+  DEV:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: npm audit dev
+      # --only=dev currently does not work: https://npm.community/t/npm-audit-without-fix-ignores-only-prod/3959/7
+        run: npm audit --only=dev --audit-level=moderate