This action runs npm audit fix
and creates a pull request.
For example, you can add this action by creating .github/workflows/npm-audit-fix.yml
:
name: npm audit fix
on:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
jobs:
npm-audit-fix:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v3
- uses: ybiquitous/npm-audit-fix-action@v4
See also action.yml
about the available options.
If you want to run your CI with pull requests created by this action, you may need to set your personal access token instead of the GitHub's default token:
For example:
with:
github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
The reason is that the default token does not have enough permissions to trigger CI. See also the GitHub document about the token permissions.
MIT ยฉ Masafumi Koba