From 06246ef55e2499d118178bef09818933dc158cce Mon Sep 17 00:00:00 2001 From: sudheer0071 Date: Sat, 5 Oct 2024 21:29:53 +0530 Subject: [PATCH 1/2] script to update the outdated packages --- .github/workflows/outdated-packages.yml | 30 +++++++++++++++++++++++++ .github/workflows/trivy.yml | 25 +++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 .github/workflows/outdated-packages.yml diff --git a/.github/workflows/outdated-packages.yml b/.github/workflows/outdated-packages.yml new file mode 100644 index 0000000..65539ac --- /dev/null +++ b/.github/workflows/outdated-packages.yml @@ -0,0 +1,30 @@ +name: Check for outdated npm packages + +on: + pull_request: + types: [opened, reopened, synchronize] + +jobs: + outdated-packages: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: '20.x' + + + - name: Install dependencies + run: npm install + + + - name: Check for outdated npm packages + run: npx npm-check-updates + + # Optionally fail the workflow if any outdated packages are found + - name: Fail if outdated packages are found + run: npx npm-check-updates --error-level 2 diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index ff94a7d..cad5919 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -40,6 +40,31 @@ jobs: run: | npm outdated > npm-outdated-report.txt || echo "Some packages may be outdated." + - name: Updates the outdated dependencies + run: + npx npm-check-updates -u + npm update + + - name: Commit changes push them + run: | + git config --global user.name 'github-actions[bot]' + git config --global user.email 'github-actions[bot]@users.noreply.github.com' + git add package.json package-lock.json + git commit -m "chore: update outdated npm packages" + git push origin HEAD || echo "No changes to push" + + - name: Create Pull Request for updated Dependenncies + uses: peter-evans/create-pull-request@v5 + with: + branch: update-dependencies-branch + title: "chore: update outdated npm dependencies" + body: | + This PR updates the following outdated npm dependencies: + - Updated dependencies using npm-check-updates + - Automatically created by GitHub Actions + commit-message: "chore: update outdated npm dependencies" + labels: "dependencies, automated update" + assignees: "your-github-username" # Optional: assign the PR to someone - name: Handling empty files run: | is_empty(){ From be26b2e16ac941de97d9d07798ffb06b05f552d8 Mon Sep 17 00:00:00 2001 From: sudheer0071 Date: Sat, 5 Oct 2024 21:32:28 +0530 Subject: [PATCH 2/2] removing the separate file of outdated workflow file --- .github/workflows/outdated-packages.yml | 30 ------------------------- 1 file changed, 30 deletions(-) delete mode 100644 .github/workflows/outdated-packages.yml diff --git a/.github/workflows/outdated-packages.yml b/.github/workflows/outdated-packages.yml deleted file mode 100644 index 65539ac..0000000 --- a/.github/workflows/outdated-packages.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Check for outdated npm packages - -on: - pull_request: - types: [opened, reopened, synchronize] - -jobs: - outdated-packages: - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Set up Node.js - uses: actions/setup-node@v3 - with: - node-version: '20.x' - - - - name: Install dependencies - run: npm install - - - - name: Check for outdated npm packages - run: npx npm-check-updates - - # Optionally fail the workflow if any outdated packages are found - - name: Fail if outdated packages are found - run: npx npm-check-updates --error-level 2