Skip to content

fix: package.json to reduce vulnerabilities #190

fix: package.json to reduce vulnerabilities

fix: package.json to reduce vulnerabilities #190

on:
pull_request_target:
types: [opened]
push:
name: Pull request automation
jobs:
pull-request-automation:
runs-on: ubuntu-latest
if: ${{ github.repository == 'WordPress/gutenberg' }}
strategy:
matrix:
node: ['14']
steps:
# Checkout defaults to using the branch which triggered the event, which
# isn't necessarily `trunk` (e.g. in the case of a merge).
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
with:
ref: trunk
- name: Use desired version of Node.js
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: ${{ matrix.node }}
- name: Cache NPM packages
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.os }}-node-${{ matrix.node }}-npm-pr-automation-cache-${{ hashFiles('**/package-lock.json') }}
# Changing into the action's directory and running `npm install` is much
# faster than a full project-wide `npm ci`.
- name: Install NPM dependencies
run: npm install
working-directory: packages/project-management-automation
- uses: ./packages/project-management-automation
with:
github_token: ${{ secrets.GITHUB_TOKEN }}