chore(deps): update all non-major dependencies #419

Workflow file for this run

.github/workflows/analysis.yml at 9a06ce4

	name: Analysis

	on:
	pull_request:
	types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
	push:
	branches: [main]
	schedule:
	- cron: "30 8 1 * *" # 8:30 UDT = 12:30 PDT, runs monthly
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	tests:
	name: Unit Tests
	if: ${{ ! github.event.pull_request.draft }}
	runs-on: ubuntu-22.04
	steps:
	- uses: bcgov-nr/[email protected]
	with:
	commands: \|
	npm ci
	npm run test-unit
	dir: api
	node_version: 18.18.2
	sonar_args: >
	-Dsonar.exclusions=*/.spec.ts
	-Dsonar.javascript.lcov.reportPaths=coverage/api/lcov.info
	-Dsonar.organization=bcgov-sonarcloud
	-Dsonar.projectKey=nr-fom
	sonar_token: ${{ secrets.SONAR_TOKEN }}

	codeql:
	name: CodeQL
	if: ${{ ! github.event.pull_request.draft }}
	needs: [tests]
	runs-on: ubuntu-22.04
	timeout-minutes: 5
	steps:
	- uses: actions/checkout@v4
	- uses: github/codeql-action/init@v3
	with:
	languages: javascript
	- uses: github/codeql-action/analyze@v3

	# https://github.com/marketplace/actions/aqua-security-trivy
	trivy:
	name: Trivy Security Scan
	if: ${{ ! github.event.pull_request.draft }}
	needs: [tests]
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@v4

	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/[email protected]
	with:
	format: "sarif"
	output: "trivy-results.sarif"
	ignore-unfixed: true
	scan-type: "fs"
	scanners: "vuln,secret,config"
	severity: "CRITICAL,HIGH"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: "trivy-results.sarif"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update all non-major dependencies #419

Workflow file

chore(deps): update all non-major dependencies #419

Jobs

Run details

Workflow file for this run