Skip to content

Commit 7615e40

Browse files
committed
fix(ci): align vibecoder workflows with npm and current trivy action
1 parent 553aff9 commit 7615e40

3 files changed

Lines changed: 10 additions & 17 deletions

File tree

.github/workflows/ci.yml

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -17,21 +17,14 @@ jobs:
1717
steps:
1818
- uses: actions/checkout@v4
1919

20-
- name: Add Node.js (fnm) to PATH
21-
run: echo "$HOME/.local/share/fnm/node-versions/v24.14.0/installation/bin" >> $GITHUB_PATH
22-
23-
- name: Enable pnpm via corepack
24-
run: corepack enable pnpm
25-
26-
2720
- name: Install dependencies
28-
run: pnpm install --frozen-lockfile
21+
run: npm ci
2922

3023
- name: Lint
31-
run: pnpm run lint
24+
run: npm run lint
3225

3326
- name: Typecheck
34-
run: pnpm run typecheck
27+
run: npm run typecheck
3528

3629
semgrep:
3730
name: Semgrep (SAST)
@@ -65,7 +58,7 @@ jobs:
6558
steps:
6659
- uses: actions/checkout@v4
6760
- name: Trivy scan
68-
uses: aquasecurity/trivy-action@master
61+
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
6962
with:
7063
scan-type: fs
7164
scan-ref: .

.github/workflows/security.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
- uses: actions/checkout@v4
2121

2222
- name: Trivy vulnerability scanner
23-
uses: aquasecurity/trivy-action@v0.30.0
23+
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
2424
with:
2525
scan-type: fs
2626
scan-ref: .

.github/workflows/trivy-autofix.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
- uses: actions/checkout@v4
1717

1818
- name: Trivy vulnerability scan
19-
uses: aquasecurity/trivy-action@v0.30.0
19+
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
2020
with:
2121
scan-type: fs
2222
scan-ref: .
@@ -44,10 +44,6 @@ jobs:
4444
if: steps.check.outputs.count != '0'
4545
run: echo "$HOME/.local/share/fnm/node-versions/v24.14.0/installation/bin" >> $GITHUB_PATH
4646

47-
- name: Enable pnpm via corepack
48-
if: steps.check.outputs.count != '0'
49-
run: corepack enable pnpm
50-
5147
- name: Auto-fix CVEs via npm overrides
5248
if: steps.check.outputs.count != '0'
5349
run: |
@@ -71,6 +67,10 @@ jobs:
7167
f.write(chr(10))
7268
"
7369
70+
- name: Install dependencies after override patch
71+
if: steps.check.outputs.count != '0'
72+
run: npm install --package-lock-only
73+
7474
- name: Create Pull Request
7575
if: steps.check.outputs.count != '0'
7676
uses: peter-evans/create-pull-request@v7

0 commit comments

Comments
 (0)