Skip to content

chore(ci): add npm-audit-fix workflow#3496

Open
AlexanderBarabanov wants to merge 3 commits intomainfrom
barabanov/npm-audit
Open

chore(ci): add npm-audit-fix workflow#3496
AlexanderBarabanov wants to merge 3 commits intomainfrom
barabanov/npm-audit

Conversation

@AlexanderBarabanov
Copy link
Copy Markdown
Contributor

@AlexanderBarabanov AlexanderBarabanov commented Apr 1, 2026

📝 Description

This PR adds a new scheduled workflow .github/workflows/npm-audit-fix.yml to automatically run npm audit fix on a schedule or on demand (with optional --force flag).

Also, vuln type scan has been disabled in trivy filesystem scan as Dependabot is able to detect similar issue (duplication).

✨ Changes

Select what type of change your PR is:

  • 🚧 CI/CD configuration

✅ Checklist

Before you submit your pull request, please make sure you have completed the following steps:

  • 📚 I have made the necessary updates to the documentation (if applicable).
  • 🧪 I have written tests that support my changes and prove that my fix is effective or my feature works (if applicable).
  • 🏷️ My PR title follows conventional commit format.

For more information about code review checklists, see the Code Review Checklist.

@AlexanderBarabanov
add npm audit
1fe5d9e 
Signed-off-by: Barabanov, Alexander <alexander.barabanov@intel.com>
@AlexanderBarabanov
remove vuln flag
b1d62aa 
Signed-off-by: Barabanov, Alexander <alexander.barabanov@intel.com>
@AlexanderBarabanov
add lfs
8d100e7 
Signed-off-by: Barabanov, Alexander <alexander.barabanov@intel.com>
Copilot AI review requested due to automatic review settings April 1, 2026 16:48
@AlexanderBarabanov AlexanderBarabanov requested a review from a team as a code owner April 1, 2026 16:48
Copilot AI reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces an automated dependency-remediation workflow for the UI’s NPM dependencies and adjusts the reusable security scan workflow to avoid duplicative Trivy vulnerability scanning.

Changes:

  • Add a scheduled + manually-triggerable npm audit fix GitHub Actions workflow that can open PRs when application/ui lockfiles change.
  • Disable the vuln scanner in the Trivy filesystem scan configuration (keeping secret and config).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
.github/workflows/npm-audit-fix.yml New workflow to run npm audit / npm audit fix in application/ui and open an automated PR when it changes lockfiles.
.github/workflows/_reusable-security-scan.yaml Update Trivy FS scan configuration to exclude vulnerability scanning.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 1, 2026

Docker Image Sizes

CPU

Image Size
anomalib-studio-cpu:pr-3496 1.01G
anomalib-studio-cpu:sha-7f05649 1.01G

CUDA

Image Size
anomalib-studio-cuda:pr-3496 4.49G
anomalib-studio-cuda:sha-7f05649 4.49G

XPU

Image Size
anomalib-studio-xpu:pr-3496 3.05G
anomalib-studio-xpu:sha-7f05649 3.05G

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 1, 2026

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AlexanderBarabanov @codecov-commenter