Update package-lock.json #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Step 2, Dependabot alerts | |
| # This step triggers after push to main. | |
| # This workflow updates from step 2 to step 3. | |
| # This will run every time we push to main. | |
| # Reference: https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| # Reference: https://docs.github.com/en/actions/security-guides/automatic-token-authentication | |
| permissions: | |
| # Need `contents: read` to checkout the repository. | |
| # Need `contents: write` to update the step metadata. | |
| contents: write | |
| jobs: | |
| # Get the current step to only run the main job when the learner is on the same step. | |
| get_current_step: | |
| name: Check current step number | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - id: get_step | |
| run: | | |
| echo "current_step=$(cat ./.github/steps/-step.txt)" >> $GITHUB_OUTPUT | |
| outputs: | |
| current_step: ${{ steps.get_step.outputs.current_step }} | |
| on_DependabotPrCreated: | |
| name: On Creation of a PR | |
| needs: get_current_step | |
| # We will only run this action when: | |
| # 1. This repository isn't the template repository. | |
| # 2. The step is currently 2. | |
| # Reference: https://docs.github.com/en/actions/learn-github-actions/contexts | |
| # Reference: https://docs.github.com/en/actions/learn-github-actions/expressions | |
| if: >- | |
| ${{ !github.event.repository.is_template | |
| && needs.get_current_step.outputs.current_step == 2 }} | |
| # We'll run Ubuntu for performance instead of Mac or Windows. | |
| runs-on: ubuntu-latest | |
| steps: | |
| # We'll need to check out the repository so that we can edit the README. | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Let's get all the branches. | |
| # Verify the PR updated package.json. | |
| - name: Check package.json for minimist version other than 1.2.5 | |
| uses: skills/action-check-file@v1 | |
| with: | |
| file: "code/src/AttendeeSite/package.json" | |
| search: "\"minimist\":[\ \\n\\r\\t]*\"\\^(?!1\\.2\\.[0-5])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?\"" | |
| # Verify the PR updated package-lock.json. | |
| - name: Check package-lock.json for minimist version other than 1.2.5 | |
| uses: skills/action-check-file@v1 | |
| with: | |
| file: "code/src/AttendeeSite/package-lock.json" | |
| search: "minimist-(?!1\\.2\\.[0-5])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?" | |
| # In README.md, switch step 2 for step 3. | |
| - name: Update to step 3 | |
| uses: skills/action-update-step@v2 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| from_step: 2 | |
| to_step: 3 |