Website prep #46

Workflow file for this run

.github/workflows/dependency-security.yml at ad6f19f

	name: Dependency Security

	env:
	FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

	on:
	pull_request:
	branches: [ main ]
	schedule:
	- cron: '17 4 * * 1'
	workflow_dispatch:

	permissions:
	contents: read
	pull-requests: read

	jobs:
	dependency-review:
	# GitHub's dependency review action requires repository-level dependency
	# graph support and Advanced Security. Keep it opt-in so PRs do not fail
	# on repos where that feature is unavailable.
	if: github.event_name == 'pull_request' && vars.ENABLE_GITHUB_DEPENDENCY_REVIEW == 'true'
	runs-on: ubuntu-latest
	steps:
	- name: Review dependency changes
	uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
	with:
	fail-on-severity: high
	warn-only: false

	backend-audit:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Set up Python
	uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
	with:
	python-version: '3.13'
	cache: 'pip'
	cache-dependency-path: 'backend/requirements*.txt'

	- name: Install pip-audit
	run: pip install pip-audit==2.10.0

	- name: Audit backend dependencies
	run: pip-audit -r backend/requirements-dev.lock.txt

	frontend-audit:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Set up Node.js
	uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
	with:
	node-version: '20'

	- name: Audit frontend production dependencies
	run: cd frontend && npm audit --package-lock-only --omit=dev --audit-level=high

	companion-audit:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Set up Node.js
	uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
	with:
	node-version: '20'

	- name: Audit companion production dependencies
	run: cd companion && npm audit --package-lock-only --omit=dev --audit-level=high

	- name: Set up Rust toolchain
	uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable

	- name: Install cargo-audit
	run: cargo install cargo-audit --version 0.22.1 --locked

	- name: Audit Rust dependencies
	run: cd companion/src-tauri && cargo audit

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Website prep #46

Workflow file

Website prep #46

Uh oh!

Workflow file for this run