-
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
252f489
commit f365d7a
Showing
3 changed files
with
133 additions
and
92 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| name: Composer Dependency Health Check | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ main ] | ||
| pull_request: | ||
| branches: [ main ] | ||
| schedule: | ||
| - cron: '0 0 * * 1' # Run weekly on Mondays | ||
|
|
||
| jobs: | ||
| dependency-check: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup PHP | ||
| uses: shivammathur/setup-php@v2 | ||
| with: | ||
| php-version: '8.3' | ||
| extensions: mbstring, xml, ctype, iconv, intl, pdo_sqlite, dom, filter, gd, iconv, json, mbstring, pdo | ||
|
|
||
| - name: Validate composer.json and composer.lock | ||
| run: composer validate | ||
|
|
||
| - name: Install dependencies | ||
| run: composer install --prefer-dist --no-progress --no-suggest | ||
|
|
||
| - name: Check for outdated dependencies | ||
| run: composer outdated --direct --format=json > outdated.json | ||
|
|
||
| - name: Security Check | ||
| uses: symfonycorp/security-checker-action@v5 | ||
| id: security-check | ||
|
|
||
| - name: Process and Output Dependency Health Results | ||
| if: always() | ||
| run: | | ||
| echo "# Composer Dependency Health Report" >> $GITHUB_STEP_SUMMARY | ||
| echo "## Outdated Packages:" >> $GITHUB_STEP_SUMMARY | ||
| if [ -s outdated.json ]; then | ||
| jq -r '.installed[] | "- \(.name) (\(.version) => \(.latest))"' outdated.json >> $GITHUB_STEP_SUMMARY | ||
| else | ||
| echo "No outdated packages found." >> $GITHUB_STEP_SUMMARY | ||
| fi | ||
| echo "## Security Vulnerabilities:" >> $GITHUB_STEP_SUMMARY | ||
| if [ -s ${{ steps.security-check.outputs.logfile }} ]; then | ||
| cat ${{ steps.security-check.outputs.logfile }} >> $GITHUB_STEP_SUMMARY | ||
| else | ||
| echo "No security vulnerabilities detected." >> $GITHUB_STEP_SUMMARY | ||
| fi | ||
| echo "This report was automatically generated by the Composer Dependency Health Check workflow." >> $GITHUB_STEP_SUMMARY | ||
| - name: Check for Critical Issues | ||
| if: always() | ||
| run: | | ||
| VULNERABILITIES=$(cat ${{ steps.security-check.outputs.logfile }} | wc -l) | ||
| OUTDATED=$(jq '.installed | length' outdated.json) | ||
| if [ $VULNERABILITIES -gt 0 ] || [ $OUTDATED -gt 0 ]; then | ||
| echo "::warning::Dependency issues detected. Please check the workflow summary for details." | ||
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| name: NPM Dependency Health Check | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ main ] | ||
| pull_request: | ||
| branches: [ main ] | ||
| schedule: | ||
| - cron: '0 0 * * 1' # Run weekly on Mondays | ||
|
|
||
| jobs: | ||
| dependency-check: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: '18' # or your preferred Node.js version | ||
|
|
||
| - name: Cache npm packages | ||
| uses: actions/cache@v3 | ||
| with: | ||
| path: ~/.npm | ||
| key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} | ||
| restore-keys: | | ||
| ${{ runner.OS }}-node- | ||
| - name: Install dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Check for outdated dependencies | ||
| run: npm outdated --json > outdated.json | ||
|
|
||
| - name: Run security audit | ||
| run: npm audit --json > audit.json | ||
|
|
||
| - name: Process and Output Dependency Health Results | ||
| if: always() | ||
| run: | | ||
| echo "# NPM Dependency Health Report" >> $GITHUB_STEP_SUMMARY | ||
| echo "## Outdated Packages:" >> $GITHUB_STEP_SUMMARY | ||
| if [ -s outdated.json ] && [ "$(cat outdated.json)" != "{}" ]; then | ||
| jq -r 'to_entries[] | "- \(.key) (\(.value.current) => \(.value.latest))"' outdated.json >> $GITHUB_STEP_SUMMARY | ||
| else | ||
| echo "No outdated packages found." >> $GITHUB_STEP_SUMMARY | ||
| fi | ||
| echo "## Security Vulnerabilities:" >> $GITHUB_STEP_SUMMARY | ||
| if [ -s audit.json ] && [ "$(jq '.vulnerabilities | length' audit.json)" != "0" ]; then | ||
| jq -r '.vulnerabilities | to_entries[] | "- \(.key) (\(.value.severity)): \(.value.title)"' audit.json >> $GITHUB_STEP_SUMMARY | ||
| else | ||
| echo "No security vulnerabilities detected." >> $GITHUB_STEP_SUMMARY | ||
| fi | ||
| echo "This report was automatically generated by the NPM Dependency Health Check workflow." >> $GITHUB_STEP_SUMMARY | ||
| - name: Check for Critical Issues | ||
| if: always() | ||
| run: | | ||
| VULNERABILITIES=$(jq '.vulnerabilities | length' audit.json) | ||
| OUTDATED=$(jq 'length' outdated.json) | ||
| if [ $VULNERABILITIES -gt 0 ] || [ $OUTDATED -gt 0 ]; then | ||
| echo "::warning::Dependency issues detected. Please check the workflow summary for details." | ||
| fi |
This file was deleted.
Oops, something went wrong.