name: toolkit-audit
on:
  push:
    branches:
      - main
    paths-ignore:
      - '**.md'
  pull_request:
    paths-ignore:
      - '**.md'

jobs:

  build:
    name: Audit

    runs-on: ubuntu-latest

    steps:
    - name: Checkout
      uses: actions/checkout@v2

    - name: Set Node.js 12.x
      uses: actions/setup-node@v1
      with:
        node-version: 12.x

    - name: npm install
      run: npm install

    - name: Bootstrap
      run: npm run bootstrap

    - name: audit tools
      # `|| npm audit` to pretty-print the output if vulnerabilies are found after filtering.
      run: npm audit --audit-level=moderate --json | scripts/audit-allow-list || npm audit --audit-level=moderate

    - name: audit packages
      run: npm run audit-all