refactor: simplify Playground component by removing unused state and … #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security Audit | |
| on: | |
| push: | |
| branches: [ master, main ] | |
| pull_request: | |
| branches: [ master, main ] | |
| schedule: | |
| # Run weekly on Sundays at 2 AM UTC | |
| - cron: '0 2 * * 0' | |
| workflow_dispatch: # Allow manual triggers | |
| jobs: | |
| security-audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'yarn' | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Run security audit | |
| run: | | |
| echo "🔍 Running yarn security audit..." | |
| yarn audit --level moderate | |
| - name: Check for outdated packages | |
| run: | | |
| echo "📦 Checking for outdated packages..." | |
| yarn outdated || true | |
| - name: Attempt to fix vulnerabilities | |
| if: failure() | |
| run: | | |
| echo "🔧 Attempting to fix vulnerabilities..." | |
| yarn audit --level moderate | |
| - name: Build project | |
| run: | | |
| echo "🏗️ Building project to verify integrity..." | |
| yarn build | |
| - name: Run tests | |
| run: | | |
| echo "🧪 Running tests..." | |
| yarn test --coverage --watchAll=false | |
| - name: Upload coverage reports | |
| uses: codecov/codecov-action@v3 | |
| if: success() | |
| with: | |
| file: ./coverage/lcov.info | |
| flags: unittests | |
| name: codecov-umbrella | |
| fail_ci_if_error: false | |
| dependency-review: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Dependency Review | |
| uses: actions/dependency-review-action@v3 | |
| with: | |
| fail-on-severity: high | |
| deny-licenses: GPL-2.0, GPL-3.0 | |
| notify-on-failure: | |
| runs-on: ubuntu-latest | |
| needs: [security-audit] | |
| if: failure() && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') | |
| steps: | |
| - name: Create Issue on Failure | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const title = `🚨 Security Audit Failed - ${new Date().toISOString().split('T')[0]}`; | |
| const body = ` | |
| ## Security Audit Failure Alert | |
| The scheduled security audit has failed. This could indicate: | |
| - New security vulnerabilities discovered | |
| - Build failures due to dependency updates | |
| - Test failures | |
| **Action Required:** | |
| 1. Review the failed workflow run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| 2. Address any security vulnerabilities | |
| 3. Fix any build or test issues | |
| 4. Update this issue once resolved | |
| **Workflow:** \`${{ github.workflow }}\` | |
| **Run ID:** \`${{ github.run_id }}\` | |
| **Triggered by:** \`${{ github.event_name }}\` | |
| `; | |
| github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: title, | |
| body: body, | |
| labels: ['security', 'bug', 'high-priority'] | |
| }); |