File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -17,21 +17,14 @@ jobs:
1717 steps :
1818 - uses : actions/checkout@v4
1919
20- - name : Add Node.js (fnm) to PATH
21- run : echo "$HOME/.local/share/fnm/node-versions/v24.14.0/installation/bin" >> $GITHUB_PATH
22-
23- - name : Enable pnpm via corepack
24- run : corepack enable pnpm
25-
26-
2720 - name : Install dependencies
28- run : pnpm install --frozen-lockfile
21+ run : npm ci
2922
3023 - name : Lint
31- run : pnpm run lint
24+ run : npm run lint
3225
3326 - name : Typecheck
34- run : pnpm run typecheck
27+ run : npm run typecheck
3528
3629 semgrep :
3730 name : Semgrep (SAST)
6558 steps :
6659 - uses : actions/checkout@v4
6760 - name : Trivy scan
68- uses : aquasecurity/trivy-action@master
61+ uses : aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
6962 with :
7063 scan-type : fs
7164 scan-ref : .
Original file line number Diff line number Diff line change 2020 - uses : actions/checkout@v4
2121
2222 - name : Trivy vulnerability scanner
23- uses : aquasecurity/trivy-action@v0.30 .0
23+ uses : aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35 .0
2424 with :
2525 scan-type : fs
2626 scan-ref : .
Original file line number Diff line number Diff line change 1616 - uses : actions/checkout@v4
1717
1818 - name : Trivy vulnerability scan
19- uses : aquasecurity/trivy-action@v0.30 .0
19+ uses : aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35 .0
2020 with :
2121 scan-type : fs
2222 scan-ref : .
4444 if : steps.check.outputs.count != '0'
4545 run : echo "$HOME/.local/share/fnm/node-versions/v24.14.0/installation/bin" >> $GITHUB_PATH
4646
47- - name : Enable pnpm via corepack
48- if : steps.check.outputs.count != '0'
49- run : corepack enable pnpm
50-
5147 - name : Auto-fix CVEs via npm overrides
5248 if : steps.check.outputs.count != '0'
5349 run : |
7167 f.write(chr(10))
7268 "
7369
70+ - name : Install dependencies after override patch
71+ if : steps.check.outputs.count != '0'
72+ run : npm install --package-lock-only
73+
7474 - name : Create Pull Request
7575 if : steps.check.outputs.count != '0'
7676 uses : peter-evans/create-pull-request@v7
You can’t perform that action at this time.
0 commit comments