π Dependency Update and Vulnerability Scan #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: π Dependency Update and Vulnerability Scan | |
| on: | |
| schedule: | |
| - cron: '0 2 * * 0' # Runs weekly on Sunday at 2 a.m. UTC | |
| workflow_dispatch: # Allows manual triggering | |
| jobs: | |
| update-and-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: π οΈ Checkout code | |
| uses: actions/checkout@v4 | |
| - name: π§ Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: ποΈ Remove package-lock.json | |
| run: rm -f package-lock.json | |
| - name: π¦ Install npm-check-updates | |
| run: npm install -g npm-check-updates | |
| - name: β¬οΈ Update all npm packages | |
| run: | | |
| ncu -u | |
| npm install | |
| - name: π¦ Update dependencies with legacy peer deps | |
| run: npm update --legacy-peer-deps | |
| - name: π¨ Build | |
| run: npm run build | |
| - name: π§ͺ Test with coverage | |
| run: npm run test | |
| - name: π Commit changes | |
| if: success() | |
| run: | | |
| git config --local user.name "Debugging Duck π¦" | |
| git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
| git add . | |
| git diff-index --quiet HEAD || git commit -m "β¬οΈ update all npm dependencies β¬οΈ" | |
| - name: π Push changes | |
| if: success() | |
| run: git push | |
| - name: π¨ Notify failure | |
| if: failure() | |
| run: echo "Build or tests failed. Please investigate." |