Add workflow to autorun npm audit fix (#24)

ElizabethSamuel-MSFT · web-flow · commit 24dc69462b9c · 2025-08-20T07:51:28.000-07:00
diff --git a/.github/workflows/autorun-npm-audit-fix.yml b/.github/workflows/autorun-npm-audit-fix.yml
@@ -0,0 +1,62 @@
+name: autorun-npm-audit-fix
+run-name: Automatically run npm audit fix
+on:
+  schedule:
+    - cron: '45 08 1 * *' # Run at 1:45 AM PDT on the 1st of every month
+jobs:
+  autorun-npm-audit-fix:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Set up node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+      - name: Get whether autorun-npm-audit-fix branch exists
+        run: |
+          echo "Getting whether autorun-npm-audit-fix branch exists"
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+          {
+            echo 'git_ls_remote_origin_autorun_npm_audit_fix<<EOF'
+            git ls-remote origin autorun-npm-audit-fix
+            echo EOF
+          } >> "$GITHUB_OUTPUT"
+        id: run_git_ls_remote_origin_autorun_npm_audit_fix
+      - name: Delete autorun-npm-audit-fix if it exists
+        if: ${{ contains(steps.run_git_ls_remote_origin_autorun_npm_audit_fix.outputs.git_ls_remote_origin_autorun_npm_audit_fix, '/autorun-npm-audit-fix') }}
+        run: |
+          echo "Deleting remote autorun-npm-audit-fix branch"
+          git push origin --delete autorun-npm-audit-fix
+      - name: Run npm audit fix
+        run: |
+          echo "Running npm audit fix (breaking changes will need to be addressed manually)"
+          npm audit fix || true
+      - name: Add any changes
+        run: |
+          echo "Determining if there are any changes"
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+          git checkout -b autorun-npm-audit-fix
+          git add .
+      - name: Run git status
+        run: |
+          {
+            echo 'git_status<<EOF'
+            git status
+            echo EOF
+          } >> "$GITHUB_OUTPUT"
+        id: run_git_status
+      - name: Commit and push changes if any
+        if: ${{ !contains(steps.run_git_status.outputs.git_status, 'nothing to commit, working tree clean') }}
+        run: |
+          echo "Committing and pushing changes to autorun-npm-audit-fix branch"
+          git commit -m "Automatically run npm audit fix"
+          git push --set-upstream origin autorun-npm-audit-fix
