From 13d0ead89c5e6a00cd9548bc9d4baf334e6bee0a Mon Sep 17 00:00:00 2001
From: Anuj Badhwar <abadhwar@twilio.com>
Date: Tue, 8 Feb 2022 10:54:07 +0530
Subject: [PATCH] chore: Separate npm audit and test workflows (#378)

* remove posttest audit

* update CLI Unit Tests action

* Add npm audit workflow

* Nit

* Suppress sonar

* Add dependence on unit tests completion

* add githook
---
 .github/workflows/cli-audit.yml | 47 +++++++++++++++++++++++++++++++++
 .github/workflows/cli-test.yml  | 12 ++++-----
 .github/workflows/release.yml   |  6 ++---
 githooks/pre-commit             |  1 +
 package.json                    |  2 +-
 5 files changed, 58 insertions(+), 10 deletions(-)
 create mode 100644 .github/workflows/cli-audit.yml

diff --git a/.github/workflows/cli-audit.yml b/.github/workflows/cli-audit.yml
new file mode 100644
index 000000000..fb3b86905
--- /dev/null
+++ b/.github/workflows/cli-audit.yml
@@ -0,0 +1,47 @@
+name: NPM Audit Check
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [16.x, 14.x]
+    steps:
+      - name: Checkout cli repo
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - run: make install
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+      - name: Run audit check
+        run: npm audit --audit-level=moderate --production
+        # minimum vulnerability level that will cause the command to fail
+        # audit reports with low severity would pass the test
+  notify-complete-fail:
+    if: ${{ failure() && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}
+    needs: [ audit ]
+    name: Notify Npm Audit Failed
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Slack Notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.ALERT_SLACK_WEB_HOOK }}
+          SLACK_COLOR: 'danger'
+          SLACK_USERNAME: CLI Github Actions
+          SLACK_MSG_AUTHOR: twilio-dx
+          SLACK_ICON_EMOJI: ':github:'
+          SLACK_TITLE: "Twilio Cli"
+          SLACK_MESSAGE: 'Cli audit test failed'
+          MSG_MINIMAL: actions url
+          SLACK_FOOTER: Posted automatically using GitHub Actions
diff --git a/.github/workflows/cli-test.yml b/.github/workflows/cli-test.yml
index 336d4ebf4..a1e4ba1e3 100644
--- a/.github/workflows/cli-test.yml
+++ b/.github/workflows/cli-test.yml
@@ -1,4 +1,4 @@
-name: Cli Tests
+name: CLI Unit Tests
 on:
   push:
      branches: [ main ]
@@ -25,11 +25,11 @@ jobs:
           cache: 'npm'
       - name: Run tests
         run: npm test
-      - name: SonarCloud Scan
-        uses: sonarsource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+#      - name: SonarCloud Scan
+#        uses: sonarsource/sonarcloud-github-action@master
+#        env:
+#          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
   notify-complete-fail:
     if: ${{ failure() && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}
     needs: [ test ]
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 635c47917..580c1ac90 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -35,7 +35,7 @@ jobs:
         run: npm test
   update-api-definitions-changelog:
     runs-on: ubuntu-latest
-#     needs: [test]
+    needs: [test]
     steps:
       - name: Checkout cli
         uses: actions/checkout@v2
@@ -209,7 +209,7 @@ jobs:
   platform-executables-release:
     runs-on: ubuntu-latest
     needs: [ release ]
-    env: 
+    env:
         REPO_NAME: twilio/twilio-cli
         REPO_ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
     steps:
@@ -252,4 +252,4 @@ jobs:
           SLACK_USERNAME: CLI Release Bot
           SLACK_ICON_EMOJI: ":ship:"
           SLACK_TITLE: "Twilio Cli"
-          SLACK_MESSAGE: 'CLI Release workflow Failed'
\ No newline at end of file
+          SLACK_MESSAGE: 'CLI Release workflow Failed'
diff --git a/githooks/pre-commit b/githooks/pre-commit
index e69de29bb..b1c070a55 100755
--- a/githooks/pre-commit
+++ b/githooks/pre-commit
@@ -0,0 +1 @@
+make test
diff --git a/package.json b/package.json
index 71648b71a..dd35605ac 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
     "prepack": "oclif-dev manifest && oclif-dev readme && npm shrinkwrap && git checkout -- package-lock.json",
     "postpack": "rm -f oclif.manifest.json npm-shrinkwrap.json",
     "test": "nyc mocha --forbid-only \"test/**/*.test.js\"",
-    "posttest": "npm run lint && npm audit --production",
+    "posttest": "npm run lint",
     "version": "oclif-dev readme && git add README.md"
   },
   "dependencies": {