This action runs npm audit fix and creates a pull request.
For example, you can add this action by creating .github/workflows/npm-audit-fix.yml:
name: npm audit fix
on:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
jobs:
npm-audit-fix:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: ybiquitous/npm-audit-fix-action@v7| Name | Description | Default |
|---|---|---|
github_token |
GitHub token. | ${{ github.token }} |
github_user |
GitHub user name for commit changes. | ${{ github.actor }} |
github_email |
GitHub user email for commit changes. | ${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com |
branch |
Created branch. | npm-audit-fix-action/fix |
default_branch |
Default branch. | Auto-detected. |
commit_title |
Commit message and pull request title. | build(deps): npm audit fix |
labels |
Labels for pull request (comma-separated). | dependencies, javascript, security |
assignees |
Assignees for pull request (comma-separated). | n/a |
npm_args |
Arguments for the npm command. |
n/a |
path |
Path to the project root directory. | . |
See action.yml.
| Name | Description |
|---|---|
pull_request_url |
URL of the created pull request. |
branch_name |
Name of the created branch. |
See action.yml.
If you want to run your CI with pull requests created by this action, you may need to set your personal access token instead of the GitHub's default token:
For example:
with:
github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}The reason is that the default token does not have enough permissions to trigger CI. See also the GitHub document about the token permissions.
MIT © Masafumi Koba