chore: Separate npm audit and test workflows (#378)

* remove posttest audit

* update CLI Unit Tests action

* Add npm audit workflow

* Nit

* Suppress sonar

* Add dependence on unit tests completion

* add githook

.github/workflows/cli-audit.yml

@@ -0,0 +1,47 @@
+name: NPM Audit Check
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [16.x, 14.x]
+    steps:
+      - name: Checkout cli repo
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - run: make install
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+      - name: Run audit check
+        run: npm audit --audit-level=moderate --production
+        # minimum vulnerability level that will cause the command to fail
+        # audit reports with low severity would pass the test
+  notify-complete-fail:
+    if: ${{ failure() && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}
+    needs: [ audit ]
+    name: Notify Npm Audit Failed
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Slack Notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.ALERT_SLACK_WEB_HOOK }}
+          SLACK_COLOR: 'danger'
+          SLACK_USERNAME: CLI Github Actions
+          SLACK_MSG_AUTHOR: twilio-dx
+          SLACK_ICON_EMOJI: ':github:'
+          SLACK_TITLE: "Twilio Cli"
+          SLACK_MESSAGE: 'Cli audit test failed'
+          MSG_MINIMAL: actions url
+          SLACK_FOOTER: Posted automatically using GitHub Actions

.github/workflows/cli-test.yml

@@ -1,4 +1,4 @@
-name: Cli Tests
+name: CLI Unit Tests
 on:
   push:
      branches: [ main ]
@@ -25,11 +25,11 @@ jobs:
           cache: 'npm'
       - name: Run tests
         run: npm test
-      - name: SonarCloud Scan
-        uses: sonarsource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+#      - name: SonarCloud Scan
+#        uses: sonarsource/sonarcloud-github-action@master
+#        env:
+#          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
   notify-complete-fail:
     if: ${{ failure() && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}
     needs: [ test ]

.github/workflows/release.yml

@@ -35,7 +35,7 @@ jobs:
         run: npm test
   update-api-definitions-changelog:
     runs-on: ubuntu-latest
-#     needs: [test]
+    needs: [test]
     steps:
       - name: Checkout cli
         uses: actions/checkout@v2
@@ -209,7 +209,7 @@ jobs:
   platform-executables-release:
     runs-on: ubuntu-latest
     needs: [ release ]
-    env: 
+    env:
         REPO_NAME: twilio/twilio-cli
         REPO_ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
     steps:
@@ -252,4 +252,4 @@ jobs:
           SLACK_USERNAME: CLI Release Bot
           SLACK_ICON_EMOJI: ":ship:"
           SLACK_TITLE: "Twilio Cli"
-          SLACK_MESSAGE: 'CLI Release workflow Failed'
+          SLACK_MESSAGE: 'CLI Release workflow Failed'

githooks/pre-commit

@@ -0,0 +1 @@
+make test

package.json

@@ -31,7 +31,7 @@
     "prepack": "oclif-dev manifest && oclif-dev readme && npm shrinkwrap && git checkout -- package-lock.json",
     "postpack": "rm -f oclif.manifest.json npm-shrinkwrap.json",
     "test": "nyc mocha --forbid-only \"test/**/*.test.js\"",
-    "posttest": "npm run lint && npm audit --production",
+    "posttest": "npm run lint",
     "version": "oclif-dev readme && git add README.md"
   },
   "dependencies": {