jenstroeger · eduardo-getpassport · Nov 15, 2022 · Nov 15, 2022 · Nov 15, 2022 · Nov 15, 2022
@@ -74,7 +74,20 @@ jobs:
 
     # Audit all currently installed packages for security vulnerabilities.
     - name: Audit installed packages
-      run: make audit
+      id: audit-packages
+      continue-on-error: true
+      run: make --silent audit > vulnerabilities.txt
+
+    # Upload the vulnerabilities file output.
+    - name: Upload Artifact
+      id: upload-audit-artifact
+      uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb #v3.1.1
+      with:
+        name: vulnerabilities.txt
+        path: .
+        if-no-files-found: error
+        retention-days: 1
+      if: steps.audit-packages.outputs.exit_code == 1
 
     # Build the sdist and wheel distribution of the package and docs as a zip file.
     # We don't need to check and test the package separately because `make dist` runs

@@ -18,3 +18,23 @@ jobs:
     uses: ./.github/workflows/build.yaml
     permissions:
       contents: read
+
+  comment-audit:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    needs: build
+    steps:
+
+    - name: Download artifact from Build
+      uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 #v3
+      if: steps.audit-packages.outputs.exit_code == 1
+      with:
+        name: vulnerabilities.txt
+
+    - name: comment PR
+      id: comment-pr
+      run: gh pr comment ${{ github.event.number }} --body-file vulnerabilities.txt
+      if: steps.audit-packages.outputs.exit_code == 1
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}