From ae3a8bee443eeb0735f0c6df9651fceff007123c Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Fri, 28 Apr 2023 11:38:47 +0200
Subject: [PATCH] add npm-audit-fix

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/npm-audit-fix.yml | 55 +++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 .github/workflows/npm-audit-fix.yml

diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml
new file mode 100644
index 000000000..34ae58003
--- /dev/null
+++ b/.github/workflows/npm-audit-fix.yml
@@ -0,0 +1,55 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: npm audit fix and compile
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    name: node
+    steps:
+      - name: Checkout
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
+
+      - name: Read package.json node and npm engines version
+        uses: skjnldsv/read-package-engines-version-actions@1bdcee71fa343c46b18dc6aceffb4cd1e35209c6 # v1.2
+        id: versions
+        with:
+          fallbackNode: '^16'
+          fallbackNpm: '^7'
+
+      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3
+        with:
+          node-version: ${{ steps.versions.outputs.nodeVersion }}
+
+      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
+        run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"
+
+      - name: Fix npm audit, run npm ci and npm run build
+        run: |
+          npm audit fix
+          npm ci
+          npm run build --if-present
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@18f7dc018cc2cd597073088f7c7591b9d1c02672 # v3
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          commit-message: "chore(deps): fix npm audit"
+          committer: GitHub <noreply@github.com>
+          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
+          signoff: true
+          branch: automated/noid/${{ matrix.branches }}-fix-npm-audit
+          title: "[${{ matrix.branches }}] Fix npm audit"
+          body: |
+            Auto-generated fix of npm audit
+          labels: |
+            dependencies
+            3. to review