fix(showcase): add missing react-virtualized workspace dependency #261
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security Audit | ||
|
Check failure on line 1 in .github/workflows/security-audit.yml
|
||
| on: | ||
| schedule: | ||
| # Run weekly on Monday at 00:00 UTC | ||
| - cron: '0 0 * * 1' | ||
| workflow_dispatch: | ||
| push: | ||
| paths: | ||
| - 'package.json' | ||
| - 'pnpm-lock.yaml' | ||
| - '**/package.json' | ||
| jobs: | ||
| audit: | ||
| name: Security Audit | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' | ||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@v3 | ||
| with: | ||
| version: 9 | ||
| - name: Cache pnpm store | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: | | ||
| ~/.pnpm-store | ||
| ~/.local/share/pnpm/store | ||
| ~/.cache/pnpm | ||
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('pnpm-lock.yaml') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-pnpm-store- | ||
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
| - name: Run npm audit | ||
| run: pnpm audit --audit-level=moderate | ||
| - name: Run Snyk Security Scan | ||
| if: ${{ secrets.SNYK_TOKEN != '' }} | ||
| uses: snyk/actions/node@master | ||
| env: | ||
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | ||
| - name: Report missing Snyk configuration | ||
| if: ${{ secrets.SNYK_TOKEN == '' }} | ||
| run: echo "Snyk scan skipped because SNYK_TOKEN is not configured." >> $GITHUB_STEP_SUMMARY | ||
| - name: Generate Security Report | ||
| if: always() | ||
| run: | | ||
| echo "## Security Audit Report" >> $GITHUB_STEP_SUMMARY | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| echo "Run completed at: $(date)" >> $GITHUB_STEP_SUMMARY | ||
