This action runs npm audit fix and creates a pull request.
For example, you can add this action by creating .github/workflows/npm-audit-fix.yml:
name: npm audit fix
on:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
jobs:
npm-audit-fix:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v3
- uses: ybiquitous/npm-audit-fix-action@v6| Name | Value | Default |
|---|---|---|
| github_token | GitHub token | ${{ github.token }} |
| github_user | GitHub user name for commit changes | ${{ github.actor }} |
| github_email | GitHub user email for commit changes | ${{ github.actor }}@users.noreply.github.com |
| branch | Created branch | npm-audit-fix-action/fix |
| default_branch | Default branch | n/a |
| commit_title | Commit and PR title | build(deps): npm audit fix |
| labels | PR labels | dependencies, javascript, security |
| npm_args | Arguments for the npm command |
n/a |
See action.yml.
If you want to run your CI with pull requests created by this action, you may need to set your personal access token instead of the GitHub's default token:
For example:
with:
github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}The reason is that the default token does not have enough permissions to trigger CI. See also the GitHub document about the token permissions.
MIT © Masafumi Koba