forked from xlabtg/teleton-plugins
-
Notifications
You must be signed in to change notification settings - Fork 0
71 lines (64 loc) · 2.09 KB
/
plugin-deps.yml
File metadata and controls
71 lines (64 loc) · 2.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
name: Plugin Dependencies
on:
pull_request:
paths:
- "plugins/*/package.json"
- "plugins/*/package-lock.json"
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
- name: Find plugins with package.json
id: find
run: |
plugins=""
for pkg in plugins/*/package.json; do
dir=$(dirname "$pkg")
name=$(basename "$dir")
plugins="$plugins $name"
done
echo "plugins=$plugins" >> "$GITHUB_OUTPUT"
- name: Verify lockfiles exist
run: |
exit_code=0
for pkg in plugins/*/package.json; do
dir=$(dirname "$pkg")
if [ ! -f "$dir/package-lock.json" ]; then
echo "::error file=$pkg::Missing package-lock.json alongside package.json"
exit_code=1
fi
done
exit $exit_code
- name: Check for postinstall scripts
run: |
for pkg in plugins/*/package.json; do
dir=$(dirname "$pkg")
name=$(basename "$dir")
if [ -f "$dir/package-lock.json" ]; then
if grep -q '"postinstall"' "$dir/package-lock.json"; then
echo "::warning file=$pkg::Plugin '$name' has dependencies with postinstall scripts"
fi
fi
done
- name: Install and audit deps
run: |
exit_code=0
for pkg in plugins/*/package.json; do
dir=$(dirname "$pkg")
name=$(basename "$dir")
if [ ! -f "$dir/package-lock.json" ]; then
continue
fi
echo "--- $name ---"
if ! npm ci --ignore-scripts --no-audit --no-fund --prefix "$dir"; then
echo "::error file=$pkg::npm ci failed for plugin '$name'"
exit_code=1
continue
fi
npm audit --prefix "$dir" || echo "::warning file=$pkg::Audit issues in plugin '$name'"
done
exit $exit_code