diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..b7df520 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,14 @@ +{ + "name": "Node.js 24 & pnpm", + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "ghcr.io/devcontainers/features/node:1": { + "nodeGypDependencies": true, + "installYarnUsingApt": true, + "version": "lts", + "pnpmVersion": "latest", + "nvmVersion": "latest" + }, + "ghcr.io/devcontainers/features/git-lfs:1": {} + } +} \ No newline at end of file diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000..52c5c8a --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,47 @@ +name: Security Audit + +on: + push: + branches: [main, dev] + pull_request: + branches: + - '**' + schedule: + - cron: '0 8 * * *' + workflow_dispatch: + +jobs: + audit: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: latest + + - name: Install dependencies + run: pnpm install + + - name: Run security audit + id: audit + run: pnpm audit --audit-level moderate + continue-on-error: true + + - name: Create issue on failure + if: steps.audit.outcome == 'failure' + uses: actions/github-script@v7 + with: + script: | + github.rest.issues.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: 'Security Audit Failed', + body: 'The daily security audit has failed. Please check the workflow run for details: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}', + labels: ['security', 'audit'] + }); \ No newline at end of file