# GitHub Actions Workflows This directory contains GitHub Actions workflows for automated development tasks. ## Update NPM Dependencies Workflow **File**: `update-npm-dependencies.yml` ### Purpose Automatically updates NPM dependencies across all package.json files in the project and fixes security vulnerabilities. ### Triggers - **Scheduled**: Every Thursday at 08:00 UTC (day after PDM updates) - **Manual**: Can be triggered manually via GitHub Actions UI - **Workflow Call**: Can be called by other workflows ### What it does 1. **Security Audit**: Runs `npm audit` to identify security vulnerabilities 2. **Security Fixes**: Automatically fixes moderate+ severity vulnerabilities with `npm audit fix` 3. **Dependency Updates**: Updates all dependencies to latest compatible versions with `npm update` 4. **Testing**: Runs relevant tests to ensure updates don't break functionality 5. **Pull Request**: Creates automated PR with all changes ### Directories Managed - `/` - Main web dependencies (Vite, Bootstrap, etc.) - `/tests/ui_tests` - UI test dependencies (Puppeteer) ### Branch Strategy - Creates branch: `update-npm-dependencies-{run_number}` - Targets: `main` branch - Labels: `maintenance` - Reviewers: `djpetti,HashedViking,LearningCircuit` ### Security Focus - Only auto-fixes moderate+ severity vulnerabilities - Preserves compatible version updates (no major version bumps) - Runs security audit before and after updates - Requires tests to pass before creating PR ### Manual Usage You can manually trigger this workflow: 1. Go to Actions tab in GitHub 2. Select "Update NPM dependencies" 3. Click "Run workflow" 4. Optionally specify custom npm arguments ### Troubleshooting - If tests fail, the PR won't be created - Check the workflow logs for specific error messages - Security issues that can't be auto-fixed will need manual intervention