feat: add audit and strict audit actions

README.md

@@ -6,6 +6,7 @@ Repoistory to host all of Fuel's reusable workflows
 
 | Group                             | Description                                                      |
 | --------------------------------- | ---------------------------------------------------------------- |
+| [audit](./audits/)                | Reusable workflows for auditing npm packages                     |
 | [changeset](./changeset/)         | Reusable workflow for create changesets and release npm packages |
 | [gh-projects](./gh-projects/)     | Automating interactions between GH Projects and repositories     |
 | [setups/node](./setups/node/)     | Setup node and pnpm requirements on CI                           |

audits/lenient-audit/README.md

@@ -0,0 +1,27 @@
+### Audit
+
+A github action that runs audit and does not fails if the reported vulnerabilities have not yet been fixed.
+
+### How to use?
+
+```yml
+- uses: FuelLabs/github-actions/audits/lenient-audit
+  with:
+    node-version: 18.14.1
+    pnpm-version: latest
+```
+
+### Inputs
+
+| Name         | Description  |
+| ------------ | ------------ |
+| node-version | Node version |
+| pnpm-version | PNPM version |
+
+### Outputs
+
+No outputs defined
+
+## License
+
+The primary license for this repo is `Apache 2.0`, see [`LICENSE`](../../LICENSE.md).

audits/lenient-audit/action.yml

@@ -0,0 +1,41 @@
+name: Lenient Audit
+
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        required: true
+        type: string
+      pnpm-version:
+        required: true
+        type: string
+
+jobs:
+  audit:
+    name: Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./setups/node
+        with:
+          node-version: ${{ inputs.node-version }}
+          pnpm-version: ${{ inputs.pnpm-version }}
+      - name: Install jq
+        run: sudo apt-get install jq
+      - run: |
+          pnpm audit --prod --json | jq '
+            def has_fix: 
+              .advisories | to_entries | map(.value.patched_versions != "<0.0.0") | any;
+            if has_fix then
+              1
+            else
+              0
+            end
+          ' > audit_result.txt
+          if [ "$(cat audit_result.txt)" -eq "1" ]; then
+            echo "Actionable vulnerabilities found"
+            exit 1
+          else
+            echo "No actionable vulnerabilities"
+            exit 0
+          fi

audits/strict-audit/README.md

@@ -0,0 +1,27 @@
+### Strict Audit
+
+A github action that runs audit without ignoring vulnerabilities that have not been fixed.
+
+### How to use?
+
+```yml
+- uses: FuelLabs/github-actions/audits/strict-audit
+  with:
+    node-version: 18.14.1
+    pnpm-version: latest
+```
+
+### Inputs
+
+| Name         | Description  |
+| ------------ | ------------ |
+| node-version | Node version |
+| pnpm-version | PNPM version |
+
+### Outputs
+
+No outputs defined
+
+## License
+
+The primary license for this repo is `Apache 2.0`, see [`LICENSE`](../../LICENSE.md).

audits/strict-audit/action.yml

@@ -0,0 +1,23 @@
+name: Strict Audit
+
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        required: true
+        type: string
+      pnpm-version:
+        required: true
+        type: string
+
+jobs:
+  strict-audit:
+    name: Strict Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./setups/node
+        with:
+          node-version: ${{ inputs.node-version }}
+          pnpm-version: ${{ inputs.pnpm-version }}
+      - run: pnpm audit --prod