feat(ci): add audit job for security

2021-04-05 16:32:01 -07:00
parent fbb5e6e6c6
commit 6f98e08bda
6 changed files with 198 additions and 4 deletions
--- a/ci/dev/audit.sh
+++ b/ci/dev/audit.sh
@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  # Prevents integration with moderate or higher vulnerabilities
+  # Docs: https://github.com/IBM/audit-ci#options
+  yarn audit-ci --moderate
+}
+
+main "$@"
--- a/ci/dev/ci.sh
+++ b/ci/dev/ci.sh
@ -6,6 +6,7 @@ main() {

  yarn fmt
  yarn lint
+  yarn _audit
  yarn test:unit
 }

--- a/ci/steps/audit.sh
+++ b/ci/steps/audit.sh
@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn --frozen-lockfile
+
+  yarn _audit
+}
+
+main "$@"