- ci.yml: run Playwright tests on every push to main, then deploy to VPS if tests pass; includes post-deploy health check - audit.yml: weekly npm audit (Mondays 07:00 UTC), fails on high/critical - Requires VPS_SSH_KEY secret (already configured in repo settings)
28 lines
530 B
YAML
28 lines
530 B
YAML
name: Security · npm audit
|
|
|
|
on:
|
|
schedule:
|
|
# Each Monday at 07:00 UTC
|
|
- cron: '0 7 * * 1'
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
audit:
|
|
name: npm audit
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Run audit (fail on high/critical)
|
|
run: npm audit --audit-level=high
|