UHF-9380: Handle BC breaks when running npm audit fix.

City-of-Helsinki · Jan 25, 2024 · a2cbafe · a2cbafe
1 parent d65ea65
commit a2cbafe
Showing 1 changed file with 20 additions and 8 deletions.
diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml
@@ -1,6 +1,7 @@
 name: Npm audit
 
 on:
+  workflow_dispatch:
   schedule:
     - cron: '0 12 * * 0'  # Run every fortnight on Sunday at 12
 
@@ -20,16 +21,20 @@ jobs:
             node_version=$(cat "$1")
             echo "Using Node.js version $node_version in $dir"
             cd "$dir"
-            curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
-            export NVM_DIR="$HOME/.nvm"
-            [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
+            export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
             nvm install $node_version
             nvm use $node_version
             npm install --silent
             set +e
             npm audit --package-lock-only --loglevel=error;
             # The npm audit command will exit with a 0 exit code if no vulnerabilities were found.
-            if [ $? -gt 0 ]; then npm audit fix --package-lock-only --loglevel=error; echo "CREATE_PR=true" >> $GITHUB_OUTPUT; fi;
+            if [ $? -gt 0 ]; then
+              npm audit fix --package-lock-only --loglevel=error;
+              if [ $? -gt 0 ]; then
+                echo "BC_BREAK=:exclamation: NPM Audit fix could not fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_ENV;
+              fi;
+              echo "CREATE_PR=true" >> $GITHUB_OUTPUT;
+            fi;
             set -e
           ' sh {} \;
 
@@ -41,16 +46,20 @@ jobs:
             node_version=$(cat "$1")
             echo "Using Node.js version $node_version in $dir"
             cd "$dir"
-            curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
-            export NVM_DIR="$HOME/.nvm"
-            [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
+            export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
             nvm install $node_version
             nvm use $node_version
             npm install --silent
             set +e
             npm audit --package-lock-only --loglevel=error;
             # The npm audit command will exit with a 0 exit code if no vulnerabilities were found.
-            if [ $? -gt 0 ]; then npm audit fix --package-lock-only --loglevel=error; echo "CREATE_PR=true" >> $GITHUB_OUTPUT; fi;
+            if [ $? -gt 0 ]; then
+              npm audit fix --package-lock-only --loglevel=error;
+              if [ $? -gt 0 ]; then
+                echo "BC_BREAK=:exclamation: NPM Audit fix could not fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_ENV;
+              fi;
+              echo "CREATE_PR=true" >> $GITHUB_OUTPUT;
+            fi;
             set -e
           ' sh {} \;
 
@@ -65,6 +74,9 @@ jobs:
           labels: auto-update
           body: |
             # Npm audit
+
+            ${{ env.BC_BREAK }}
+
             ## How to install
 
             * Update the HDBT theme