Skip to content
Security Audit

feat(monkey): add persona-driven chaos-testing skill #65

Sign in to view logs

feat(monkey): add persona-driven chaos-testing skill

feat(monkey): add persona-driven chaos-testing skill #65

Workflow file for this run

.github/workflows/security-audit.yml at 86010c6
name: Security Audit
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
pull-requests: write
jobs:
security-audit:
name: Skill Security
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
- name: Run security audit
id: audit
continue-on-error: true
run: node scripts/skill-security-audit.cjs --markdown > /tmp/security-audit.txt
- name: Comment security audit
if: github.event_name == 'pull_request'
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const report = fs.readFileSync('/tmp/security-audit.txt', 'utf-8').trim();
const marker = '## Skill Security Audit';
const hasFindings = !report.includes('no security issues found');
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
const existing = comments.find(c => c.body.includes(marker));
if (hasFindings) {
if (existing) {
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: existing.id,
body: report,
});
} else {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: report,
});
}
} else if (existing) {
await github.rest.issues.deleteComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: existing.id,
});
}
- name: Fail if HIGH severity issues found
if: steps.audit.outcome == 'failure'
run: |
echo "Security audit found HIGH severity issues. See PR comment for details."
exit 1