NPM Dependency Health Check #319
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: NPM Dependency Health Check | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
schedule: | |
- cron: '0 0 * * 1' # Run weekly on Mondays | |
jobs: | |
dependency-check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '22' # or your preferred Node.js version | |
- name: Cache npm packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.OS }}-node- | |
- name: Install dependencies | |
run: npm ci | |
- name: Check for outdated dependencies | |
run: npm outdated --json > outdated.json || echo "{}" > outdated.json | |
- name: Run security audit | |
run: npm audit --json > audit.json || echo "{}" > audit.json | |
- name: Process and Output Dependency Health Results | |
if: always() | |
run: | | |
echo "# NPM Dependency Health Report" >> $GITHUB_STEP_SUMMARY | |
echo "## Outdated Packages:" >> $GITHUB_STEP_SUMMARY | |
if [ -s outdated.json ] && [ "$(cat outdated.json)" != "{}" ]; then | |
jq -r 'to_entries[] | "- \(.key) (\(.value.current) => \(.value.latest))"' outdated.json >> $GITHUB_STEP_SUMMARY | |
else | |
echo "No outdated packages found." >> $GITHUB_STEP_SUMMARY | |
fi | |
echo "## Security Vulnerabilities:" >> $GITHUB_STEP_SUMMARY | |
if [ -s audit.json ] && [ "$(jq '.vulnerabilities | length' audit.json)" != "0" ]; then | |
jq -r '.vulnerabilities | to_entries[] | "- \(.key) (\(.value.severity)): \(.value.title)"' audit.json >> $GITHUB_STEP_SUMMARY | |
else | |
echo "No security vulnerabilities detected." >> $GITHUB_STEP_SUMMARY | |
fi | |
echo "This report was automatically generated by the NPM Dependency Health Check workflow." >> $GITHUB_STEP_SUMMARY | |
- name: Check for Critical Issues | |
if: always() | |
run: | | |
VULNERABILITIES=$(jq '.vulnerabilities | length' audit.json) | |
OUTDATED=$(jq 'length' outdated.json) | |
if [ "$VULNERABILITIES" != "0" ] || [ "$OUTDATED" != "0" ]; then | |
echo "::warning::Dependency issues detected. Please check the workflow summary for details." | |
fi |