Skip to content

Dev to main #537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
khalima merged 14 commits into from
Apr 8, 2025
Merged

Dev to main #537

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
9b86aa7
Update configuration
hel-platta-service Mar 26, 2025
2138d60
Merge pull request #536 from City-of-Helsinki/update-configuration
khalima Mar 26, 2025
49e7580
Updated node modules based on npm audit fix
actions-bot Mar 30, 2025
5faf602
Use NPM audit action from template
tuutti Mar 31, 2025
a55af7b
Merge pull request #539 from City-of-Helsinki/UHF-X-update-actions
khalima Mar 31, 2025
8a1dedf
Update configuration
hel-platta-service Apr 1, 2025
80b9d1c
Merge pull request #538 from City-of-Helsinki/update-configuration
teroelonen Apr 1, 2025
0002521
Update configuration
hel-platta-service Apr 1, 2025
61519b5
Merge pull request #540 from City-of-Helsinki/update-configuration
teroelonen Apr 1, 2025
2cc74c1
Merge branch 'dev' into automation/npm-audit
khalima Apr 3, 2025
6efd4eb
Updated package-lock.json
khalima Apr 3, 2025
a20b733
Merge pull request #532 from City-of-Helsinki/automation/npm-audit
khalima Apr 3, 2025
0fb19c5
Update configuration
hel-platta-service Apr 8, 2025
521fb19
Merge pull request #541 from City-of-Helsinki/update-configuration
khalima Apr 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 1 addition & 60 deletions .github/workflows/npm-audit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,63 +7,4 @@ on:

jobs:
npm_audit:
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Run npm audit
id: npm_audit
run: |
find public/modules/custom public/themes/custom -type f -name ".nvmrc" -exec sh -c '
dir=$(dirname "$1")
node_version=$(cat "$1")
echo "Using Node.js version $node_version in $dir"
cd "$dir"
export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
nvm install $node_version
nvm use $node_version
set +e
npm audit --package-lock-only --loglevel=error;
# The npm audit command will exit with a 0 exit code if no vulnerabilities were found.
if [ $? -gt 0 ]; then
npm audit fix --package-lock-only --loglevel=error;
if [ $? -gt 0 ]; then
echo "BC_BREAK=:exclamation: NPM Audit fix could not fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_ENV;
fi;
echo "CREATE_PR=true" >> $GITHUB_OUTPUT;
fi;
set -e
' sh {} \;


- name: Create Pull Request
if: steps.npm_audit.outputs.CREATE_PR == 'true'
uses: peter-evans/create-pull-request@v4
with:
committer: GitHub <[email protected]>
author: actions-bot <[email protected]>
commit-message: Updated node modules based on npm audit fix
title: Automatic npm audit fix
labels: auto-update
body: |
# Npm audit

${{ env.BC_BREAK }}

## How to install

* Update the HDBT theme
* `git fetch --all`
* `git checkout automation/npm-audit`
* `git pull origin automation/npm-audit`
* In the custom module or custom theme folder, run `nvm use && npm i && npm run build`

## How to test
Run `npm audit`

* [ ] Check that the `npm audit` prints `found 0 vulnerabilities`
* [ ] Check that the changes for distributed files are sensible

branch: automation/npm-audit
uses: city-of-helsinki/drupal-gh-actions/.github/workflows/npm-audit.yml@main
2 changes: 1 addition & 1 deletion .platform/schema
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
16
17
Loading