Merge pull request #383 from yowainwright/update-license #102
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pastoralist Security Check | |
| on: | |
| pull_request: | |
| branches: [main, master] | |
| push: | |
| branches: [main, master] | |
| schedule: | |
| - cron: "0 0 * * 0" | |
| jobs: | |
| security-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: 1.3.1 | |
| - name: Install dependencies | |
| run: bun install | |
| - name: Build pastoralist | |
| run: bun run build | |
| - name: Run Pastoralist security check | |
| run: node dist/index.js --checkSecurity | |
| - name: Check for uncommitted changes | |
| run: | | |
| if [ -n "$(git status --porcelain)" ]; then | |
| echo "Error: Pastoralist made changes to package.json" | |
| echo "Please run 'bun run build && node dist/index.js' locally and commit the changes" | |
| git diff | |
| exit 1 | |
| fi | |
| - name: Comment on PR | |
| if: failure() && github.event_name == 'pull_request' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: '⚠️ Pastoralist detected changes needed in package.json. Please run `bun run build && node dist/index.js` locally and commit the changes.' | |
| }) |