Skip to content
Nexus CI/CD, Release, Security

Update dependency simple-git to v3.36.0 [SECURITY] #236

Sign in to view logs

Update dependency simple-git to v3.36.0 [SECURITY]

Update dependency simple-git to v3.36.0 [SECURITY] #236

Workflow file for this run

.github/workflows/main.yml at 14fc614
name: Nexus CI/CD, Release, Security
on:
push:
branches: [main]
tags: ['v*.*.*']
pull_request:
branches: [main]
jobs:
ci:
name: CI (Lint, TypeCheck, Test, Build)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
- run: npm ci
- name: Validate lock file
run: npx lockfile-lint --path package-lock.json --type npm --validate-https --validate-integrity
- name: Lint
run: npm run lint
- name: Type Check
run: npm run typecheck
- name: Test
run: npm test
- name: Build
run: npm run build
codeql:
name: CodeQL (Code Scanning)
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- uses: github/codeql-action/init@v3
with:
languages: javascript
- uses: github/codeql-action/autobuild@v3
- uses: github/codeql-action/analyze@v3
security:
name: npm Audit (Vulnerability Scan)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- run: npm ci
- name: Audit for vulnerabilities
run: npm audit --audit-level=high
release:
name: Release & Publish
needs: [ci]
if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
registry-url: https://registry.npmjs.org/
- run: npm ci
- run: npm run build
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --access public
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: true