audit.yml

name: Audit

on:
  pull_request:
    branches:
      - master
      - zowe-v1-lts
      - next
  schedule:
    - cron: '0 10 * * *'

jobs:
  audit:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Use Node.js LTS
      uses: actions/setup-node@v4
      with:
        node-version: lts/*

    - name: Install Rust toolchain
      uses: dtolnay/rust-toolchain@stable

    - name: Check Node Vulnerabilities
      run: |
        npm install --package-lock-only --ignore-scripts --no-audit --save-prod --workspace=packages/imperative ./packages/imperative/web-help
        npm audit --production --audit-level=moderate

    # TODO Consider using actions-rs/audit-check after https://github.com/actions-rs/audit-check/issues/116 is fixed
    - name: Check Daemon Vulnerabilities
      working-directory: zowex
      run: cargo audit --deny warnings

    - name: Check Secrets SDK Vulnerabilities
      working-directory: packages/secrets/src/keyring
      run: cargo audit --deny warnings --ignore RUSTSEC-2024-0370