Scheduled Maintenance #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Scheduled Maintenance | |
| on: | |
| schedule: | |
| - cron: '0 9 * * 1' # Weekly Monday 9am UTC | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| dependency-check: | |
| name: Check Dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| - name: Check for outdated packages | |
| run: npm outdated || true | |
| security-audit: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| - name: Run security audit | |
| run: | | |
| if [ -f package-lock.json ]; then | |
| npm ci | |
| npm audit --audit-level=high | |
| else | |
| echo "No package-lock.json found; skipping npm audit" | |
| fi | |
| stale: | |
| name: Stale Issues/PRs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/stale@v9 | |
| with: | |
| stale-issue-message: 'This issue is stale due to inactivity.' | |
| stale-pr-message: 'This PR is stale due to inactivity.' | |
| days-before-stale: 30 | |
| days-before-close: 7 |