chore: Add Npm Audit workflow (#196)

Anuj Badhwar · web-flow · commit 5dd1887f0346 · 2022-02-08T12:15:09.000+05:30
diff --git a/.github/workflows/cli-core-audit.yml b/.github/workflows/cli-core-audit.yml
@@ -0,0 +1,47 @@
+name: NPM Audit Check
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [16.x, 14.x]
+    steps:
+      - name: Checkout cli repo
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - run: make install
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+      - name: Run audit check
+        run: npm audit --audit-level=moderate --production
+        # minimum vulnerability level that will cause the command to fail
+        # audit reports with low severity would pass the test
+  notify-complete-fail:
+    if: ${{ failure() && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}
+    needs: [ audit ]
+    name: Notify Npm Audit Failed
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Slack Notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.ALERT_SLACK_WEB_HOOK }}
+          SLACK_COLOR: 'danger'
+          SLACK_USERNAME: CLI Github Actions
+          SLACK_MSG_AUTHOR: twilio-dx
+          SLACK_ICON_EMOJI: ':github:'
+          SLACK_TITLE: "Twilio Cli"
+          SLACK_MESSAGE: 'Cli audit test failed'
+          MSG_MINIMAL: actions url
+          SLACK_FOOTER: Posted automatically using GitHub Actions
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -15,7 +15,7 @@ jobs:
   token-validation:
     runs-on: ubuntu-latest
     steps:
-      - name: Validate REPO_ACCESS_TOKEN 
+      - name: Validate REPO_ACCESS_TOKEN
         uses: actions/checkout@v2
         with:
           repository: 'twilio/twilio-oai'
@@ -66,8 +66,7 @@ jobs:
         run: make test
   update-api-specs:
     runs-on: ubuntu-latest
-    needs: [ token-validation ]
-#     needs: [test]
+    needs: [ test ]
     outputs:
       change-log: ${{ steps.update-specs.outputs.change-log }}
       version-type: ${{ steps.update-specs.outputs.version-type }}
@@ -157,4 +156,4 @@ jobs:
           SLACK_ICON_EMOJI: ":ship:"
           SLACK_TITLE: "Twilio Cli-core"
           SLACK_MESSAGE: 'Release workflow Failed'
-          MSG_MINIMAL: actions url
+          MSG_MINIMAL: actions url
