Skip to content

Latest commit

 

History

History
65 lines (46 loc) · 2.59 KB

README.md

File metadata and controls

65 lines (46 loc) · 2.59 KB

Test

npm audit fix Action

This action runs npm audit fix and creates a pull request.

Usage

For example, you can add this action by creating .github/workflows/npm-audit-fix.yml:

name: npm audit fix

on:
  schedule:
    - cron: "0 0 * * *"
  workflow_dispatch:

jobs:
  npm-audit-fix:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - uses: actions/checkout@v3
      - uses: ybiquitous/npm-audit-fix-action@v6

Inputs

Name Value Default
github_token GitHub token ${{ github.token }}
github_user GitHub user name for commit changes ${{ github.actor }}
github_email GitHub user email for commit changes ${{ github.actor }}@users.noreply.github.com
branch Created branch npm-audit-fix-action/fix
default_branch Default branch n/a
commit_title Commit and PR title build(deps): npm audit fix
labels PR labels dependencies, javascript, security
npm_args Arguments for the npm command n/a

See action.yml.

Using a personal access token

If you want to run your CI with pull requests created by this action, you may need to set your personal access token instead of the GitHub's default token:

For example:

with:
  github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}

The reason is that the default token does not have enough permissions to trigger CI. See also the GitHub document about the token permissions.

Screenshot

A pull request created by npm-audit-fix-action

License

MIT © Masafumi Koba