more ai slop... added tests, csp security with nonce genration, loggi… #1

Workflow file for this run

.github/workflows/dependency-audit.yml at 83501fc

	name: Dependency Audit

	on:
	push:
	branches: [ main, develop ]
	pull_request:
	branches: [ main ]
	schedule:
	# Run weekly on Sundays at 2 AM UTC
	- cron: '0 2 * * 0'

	jobs:
	audit:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install pnpm
	uses: pnpm/action-setup@v4
	with:
	version: latest

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Security Audit
	run: pnpm run audit:security
	continue-on-error: true

	- name: Check Unused Dependencies
	run: pnpm run audit:unused
	continue-on-error: true

	- name: License Compatibility Check
	run: pnpm run audit:licenses
	continue-on-error: true

	- name: Build Size Check
	run: \|
	pnpm build
	node scripts/audit-deps.js
	continue-on-error: true

	- name: Upload Audit Results
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: audit-results
	path: \|
	logs/
	.pnpm-audit-report.json
	retention-days: 30

	security-alerts:
	runs-on: ubuntu-latest
	if: github.event_name == 'schedule' \|\| github.event_name == 'push'

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: '20'
	cache: 'pnpm'

	- name: Install pnpm
	uses: pnpm/action-setup@v4
	with:
	version: latest

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Generate Security Report
	run: \|
	echo "# Dependency Security Report" > security-report.md
	echo "Generated: $(date)" >> security-report.md
	echo "" >> security-report.md

	echo "## Security Vulnerabilities" >> security-report.md
	pnpm audit --audit-level moderate --long \|\| echo "Vulnerabilities found - see details above" >> security-report.md
	echo "" >> security-report.md

	echo "## License Issues" >> security-report.md
	node scripts/license-check.js >> security-report.md \|\| true
	echo "" >> security-report.md

	echo "## Unused Dependencies" >> security-report.md
	pnpm run audit:unused >> security-report.md \|\| true

	- name: Create Issue on Security Findings
	uses: actions/github-script@v7
	if: failure()
	with:
	script: \|
	const fs = require('fs');

	try {
	const report = fs.readFileSync('security-report.md', 'utf8');

	await github.rest.issues.create({
	owner: context.repo.owner,
	repo: context.repo.repo,
	title: `🔒 Security Audit Alert - ${new Date().toISOString().split('T')[0]}`,
	body: `Automated security audit found issues requiring attention:\n\n${report}`,
	labels: ['security', 'dependencies', 'audit']
	});
	} catch (error) {
	console.log('No security report generated or issue creation failed:', error.message);
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

more ai slop... added tests, csp security with nonce genration, loggi… #1

Workflow file

more ai slop... added tests, csp security with nonce genration, loggi… #1

Uh oh!

Workflow file for this run