Skip to content

Commit

Permalink
Skip installing dependencies in audit
Browse files Browse the repository at this point in the history
It seems the tools only require the lock files.
  • Loading branch information
code-asher committed Sep 21, 2023
1 parent fcd9762 commit 1be7e65
Showing 1 changed file with 1 addition and 14 deletions.
15 changes: 1 addition & 14 deletions .github/workflows/security.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,21 +34,8 @@ jobs:
with:
node-version: "18"

- name: Fetch dependencies from cache
id: cache-yarn
uses: actions/cache@v3
with:
path: "**/node_modules"
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
yarn-build-
- name: Install dependencies
if: steps.cache-yarn.outputs.cache-hit != 'true'
run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile

- name: Audit yarn for vulnerabilities
run: yarn _audit
run: yarn audit
if: success()

- name: Audit npm for vulnerabilities
Expand Down

0 comments on commit 1be7e65

Please sign in to comment.