name: NPM Audit

on:
  schedule:
    - cron: '0 0 1 * *'
  workflow_dispatch:

jobs:
  audit:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 18.12.1
      - uses: actions/cache@v2
        with:
          path: '**/node_modules'
          key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
          restore-keys: ${{ runner.os }}-
      - name: Install Dependencies
        run: npm install
      - name: Run a security audit
        run: npx audit-ci --critical --report-type summary