Merge pull request #51 from step-security/fix_Audit-Package-Workflow

Raj-StepSecurity · web-flow · commit f91c09230ac5 · 2025-02-24T14:55:23.000+05:30
integrated with updated audit fix to handle provided build script
diff --git a/.github/workflows/actions_release.yml b/.github/workflows/actions_release.yml
@@ -1,15 +1,18 @@
 name: Release GitHub Actions
-
 on:
   workflow_dispatch:
     inputs:
       tag:
         description: "Tag for the release"
         required: true
+      script:
+        description: "Specify the build script to run"
+        required: false
+        type: string
+        default: "npm run test"
 
 permissions:
   contents: read
-
 jobs:
   release:
     permissions:
@@ -18,4 +21,5 @@ jobs:
       contents: write
     uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1
     with:
-      tag: "${{ github.event.inputs.tag }}"
+      tag: "${{ github.event.inputs.tag }}"
+      script: "${{ github.event.inputs.script }}"
diff --git a/.github/workflows/audit-package.yml b/.github/workflows/audit-package.yml
@@ -1,24 +1,37 @@
-name: NPM Audit Fix Run
+name: Dependency Audit Fix Run
 
 on:
   workflow_dispatch:
     inputs:
+      package_manager:
+        required: false
+        default: "npm"
       force:
         description: "Use --force flag for npm audit fix?"
-        required: true
+        required: false
         type: boolean
       base_branch:
-        description: "Specify a base branch"
         required: false
         default: "main"
+      use_private_packages:
+        description: "Use private packages (default: false)"
+        required: false
+        type: boolean
+      script:
+        required: false
+        default: "npm run test"
+
+permissions:
+  contents: write
+  pull-requests: write
+  packages: read
 
 jobs:
   audit-fix:
-    uses: step-security/reusable-workflows/.github/workflows/npm_audit_fix.yml@v1
+    uses: step-security/reusable-workflows/.github/workflows/audit_fix.yml@v1
     with:
+      package_manager: ${{ inputs.package_manager }}
       force: ${{ inputs.force }}
       base_branch: ${{ inputs.base_branch }}
-
-permissions:
-  contents: write
-  pull-requests: write
+      use_private_packages: ${{ inputs.use_private_packages }}
+      script: ${{ inputs.script }}
