name: daily scan

on:
  schedule:
    - cron: '0 20 * * *'

jobs:
  scan:
    name: npm audit
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v6
      - name: install dependencies
        run: npm ci
      - uses: oke-py/npm-audit-action@v3
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          issue_assignees: oke-py
          issue_labels: vulnerability
          dedupe_issues: true
          production_flag: true

  # scan-on-windows job disabled due to npm.cmd EINVAL error on Windows
  # scan-on-windows:
  #   name: npm audit
  #   runs-on: windows-latest
  #   steps:
  #     - uses: actions/checkout@v6
  #     # Set PowerShell execution policy for this process
  #     - name: Set PowerShell execution policy
  #       shell: powershell
  #       run: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
  #     # https://stackoverflow.com/questions/72401421/message-npm-warn-config-global-global-local-are-deprecated-use-loc
  #     - name: Upgrade npm
  #       shell: powershell
  #       run: |
  #         npm install npm-windows-upgrade --location=global
  #         npm-windows-upgrade --npm-version latest --no-prompt
  #     - name: install dependencies
  #       run: npm ci
  #     - uses: oke-py/npm-audit-action@v3
  #       with:
  #         github_token: ${{ secrets.GITHUB_TOKEN }}
  #         issue_assignees: oke-py
  #         issue_labels: vulnerability
  #         dedupe_issues: true
  #         production_flag: true