name: scheduled pnpm audit
permissions:
  contents: read

on:
  schedule:
     - cron: '0 10 * * *'
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

jobs:
  scan:
    name: pnpm audit
    runs-on: ubuntu-latest

    strategy:
      matrix:
        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
        node-version: [20.x]

    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      # https://github.com/pnpm/action-setup
      - name: Install pnpm
        uses: pnpm/action-setup@v4.2.0
        with:
          run_install: false

      - name: Install Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v6
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'pnpm'
          cache-dependency-path: pnpm-lock.yaml

      - name: Install dependencies
        run: |
          echo "Installing dependencies..."
          pnpm install --frozen-lockfile

      - name: Check for outdated dependencies (non-blocking warning)
        run: |
          echo "🔍 Checking for outdated dependencies..."
          if pnpm outdated; then
            echo "✅ Dependencies are up to date 🎉"
          else
            echo "::warning title=Outdated Dependencies::Some dependencies are outdated. Please consider updating them."
          fi

      - name: Run pnpm audit
        run: pnpm audit --json # --audit-level moderate