geckon01/local-deep-research
1
0
Fork 0
mirror of https://github.com/LearningCircuit/local-deep-research.git synced 2026-06-16 03:51:07 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
local-deep-research/.github/workflows
History
..
advanced-search-reminder.yml
ai-code-reviewer.yml
backwards-compatibility.yml
bearer.yml
check-config-docs.yml
check-env-vars.yml
check-workflow-status.yml
checkov.yml
ci-gate.yml
claude-code-review.yml
codeql.yml
compose-integration-test.yml
compose-published-smoke.yml
container-security.yml
danger-zone-alert.yml
dependency-review.yml
devskim.yml
docker-multiarch-test.yml
docker-publish.yml
docker-tests.yml
dockle.yml
e2e-research-test.yml
file-whitelist-check.yml
fuzz.yml
gitleaks-main.yml
gitleaks.yml
grype.yml
hadolint.yml
issue-research.yml
journal-data-integration.yml
label-fixed-in-dev.yml
labels-sync.yml
ldr-research-reusable.yml
mcp-tests.yml
mypy-type-check.yml
npm-audit.yml
nuclei.yml
ossf-scorecard.yml
osv-scanner-scheduled.yml
osv-scanner.yml
owasp-zap-scan.yml
playwright-webkit-tests.yml
pr-triage.yml
pre-commit.yml
prerelease-docker.yml
publish.yml
puppeteer-e2e-tests.yml
README.md
release-gate.yml
release.yml
responsive-ui-tests-enhanced.yml
retirejs.yml
sbom.yml
security-file-write-check.yml
security-headers-validation.yml
security-tests.yml
semgrep.yml
sync-main-to-dev.yml
ui-full-shards.yml
update-dependencies.yml
update-npm-dependencies.yml
update-precommit-hooks.yml
validate-image-pinning.yml
version_check.yml
vulture-dead-code.yml
welcome-first-time.yml
zizmor-security.yml

README.md

GitHub Actions Workflows

This directory contains GitHub Actions workflows for automated development tasks.

Update NPM Dependencies Workflow

File: update-npm-dependencies.yml

Purpose

Automatically updates NPM dependencies across all package.json files in the project and fixes security vulnerabilities.

Triggers

  • Scheduled: Every Thursday at 08:00 UTC (day after PDM updates)
  • Manual: Can be triggered manually via GitHub Actions UI
  • Workflow Call: Can be called by other workflows

What it does

  1. Security Audit: Runs npm audit to identify security vulnerabilities
  2. Security Fixes: Automatically fixes moderate+ severity vulnerabilities with npm audit fix
  3. Dependency Updates: Updates all dependencies to latest compatible versions with npm update
  4. Testing: Runs relevant tests to ensure updates don't break functionality
  5. Pull Request: Creates automated PR with all changes

Directories Managed

  • / - Main web dependencies (Vite, Bootstrap, etc.)
  • /tests/ui_tests - UI test dependencies (Puppeteer)

Branch Strategy

  • Creates branch: update-npm-dependencies-{run_number}
  • Targets: dev branch
  • Labels: maintenance
  • Reviewers: djpetti,HashedViking,LearningCircuit

Security Focus

  • Only auto-fixes moderate+ severity vulnerabilities
  • Preserves compatible version updates (no major version bumps)
  • Runs security audit before and after updates
  • Requires tests to pass before creating PR

Manual Usage

You can manually trigger this workflow:

  1. Go to Actions tab in GitHub
  2. Select "Update NPM dependencies"
  3. Click "Run workflow"
  4. Optionally specify custom npm arguments

Troubleshooting

  • If tests fail, the PR won't be created
  • Check the workflow logs for specific error messages
  • Security issues that can't be auto-fixed will need manual intervention
Reference in New Issue View Git Blame Copy Permalink