.github/workflows/audit.yaml

name: Audit dependencies

on:
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

jobs:
  validate-prod-core-dependencies:
    name: Validate Core production dependencies
    runs-on: ubuntu-latest
    continue-on-error: true
    timeout-minutes: 15
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Use Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: ".node-version"
      - uses: ./.github/actions/setup-meteor
      - name: restore node_modules
        uses: actions/cache@v4
        with:
          path: |
            meteor/node_modules
          key: ${{ runner.os }}-${{ hashFiles('meteor/yarn.lock') }}-${{ hashFiles('meteor/.meteor/release') }}
      - name: Validate production dependencies for vulnerabilities and compatible licenses
        run: |
          yarn
          cd meteor
          meteor yarn validate:prod-dependencies
        env:
          CI: true

  validate-all-core-dependencies:
    name: Validate all Core dependencies
    runs-on: ubuntu-latest
    continue-on-error: true
    timeout-minutes: 15
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Use Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: ".node-version"
      - uses: ./.github/actions/setup-meteor
      - name: restore node_modules
        uses: actions/cache@v4
        with:
          path: |
            meteor/node_modules
          key: ${{ runner.os }}-${{ hashFiles('meteor/yarn.lock') }}-${{ hashFiles('meteor/.meteor/release') }}
      - name: Validate production dependencies for vulnerabilities and compatible licenses
        run: |
          yarn
          cd meteor
          meteor yarn run validate:all-dependencies
        env:
          CI: true

  validate-prod-packages-dependencies:
    name: Validate Package production dependencies
    runs-on: ubuntu-latest
    continue-on-error: true
    timeout-minutes: 15

    strategy:
      fail-fast: false
      matrix:
        package-name:
          - blueprints-integration
          - server-core-integration
          - shared-lib
          - playout-gateway
          - mos-gateway
          - live-status-gateway

    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Use Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: ".node-version"
      - name: Prepare Environment
        run: |
          cd packages
          yarn install
        env:
          CI: true
      - name: Validate production dependencies
        run: |
          cd packages/${{ matrix.package-name }}
          if ! git log --format=oneline -n 1 | grep -q "\[ignore-audit\]"; then
            yarn validate:dependencies
          else
            echo "Skipping audit"
          fi
        env:
          CI: true

  validate-all-package-dependencies:
    name: Validate all Package dependencies
    runs-on: ubuntu-latest
    continue-on-error: true
    timeout-minutes: 15

    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Use Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: ".node-version"
      - name: Prepare Environment
        run: |
          cd packages
          yarn install
        env:
          CI: true
      - name: Validate production dependencies
        run: |
          cd packages
          yarn validate:dependencies
        env:
          CI: true