mirror of
https://github.com/lockin-bot/react-telegram.git
synced 2026-01-12 22:27:38 +08:00
2d57a7c9c9
- Add README.md to packages/examples for docs workflow - Fix CI workflow bun filter commands and add test env vars - Add security permissions for SARIF upload in security workflow - Document NPM_TOKEN requirement in release workflow 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
49 lines
1.1 KiB
YAML
49 lines
1.1 KiB
YAML
name: Security
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
schedule:
|
|
- cron: '0 0 * * 1' # Weekly on Monday
|
|
|
|
permissions:
|
|
contents: read
|
|
security-events: write
|
|
|
|
jobs:
|
|
audit:
|
|
name: Security Audit
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Bun
|
|
uses: oven-sh/setup-bun@v2
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: Install dependencies
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: Run npm audit
|
|
run: |
|
|
# Convert to npm for audit (bun doesn't have audit yet)
|
|
npm audit --audit-level=moderate
|
|
continue-on-error: true
|
|
|
|
- name: Check for known vulnerabilities
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
scan-type: 'fs'
|
|
scan-ref: '.'
|
|
format: 'sarif'
|
|
output: 'trivy-results.sarif'
|
|
|
|
- name: Upload Trivy scan results
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
with:
|
|
sarif_file: 'trivy-results.sarif' |