chore: First Release

.github/workflows/cd.yml

@@ -0,0 +1,35 @@
+name: 'Continuous Deployment'
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v1
+        with:
+          node-version: 12
+      - name: Cache node modules
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-node-modules
+        with:
+          # npm cache files are stored in `~/.npm` on Linux/macOS
+          path: ~/.npm
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+      - name: Install dependencies
+        run: npm install
+      - name: Build
+        run: npm run all
+      - name: Release
+        run: npm run release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ci.yml

@@ -1,14 +1,11 @@
 name: 'Continuous Integration'
-# on:
-#   pull_request:
-#     types:
-#       - opened
-#       - edited
-#       - synchronize
+
 on:
-  push:
-    branches:
-      - main
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
 
 jobs:
   test:
@@ -37,7 +34,7 @@ jobs:
           slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      # - name: Install dependencies
-      #   run: npm install
-      # - name: Release (dry-run)
-      #   run: npm run release -- --dry-run
+      - name: Install dependencies
+        run: npm install
+      - name: Release (dry-run)
+        run: npm run release -- --dry-run

README.md

@@ -1 +1,30 @@
 ## @kunalnagarco/action-cve
+
+A [GitHub action](https://github.com/features/actions) that sends Dependabot Vulnerability Alerts to multiple sources, starting with Slack.
+
+### Usage
+
+```yaml
+name: 'Check for Vulnerabilities'
+
+on:
+  schedule:
+    - cron: '0 */6 * * *' # every 6 hours
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      # X.X.X - Latest version available at:
+      #         https://github.com/kunalnagarco/action-cve/releases
+      - uses: kunalnagarco/action-cve@vX.X.X
+        with:
+          # Create a Personal Access Token here:
+          #     https://github.com/settings/tokens
+          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          # Create a Slack Incoming Webhook URL:
+          #     https://slack.com/apps/A0F7XDUAZ-incoming-webhooks
+          slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+```

action.yml

@@ -3,13 +3,13 @@ description: 'Send GitHub vulnerability alerts to multiple platforms'
 author: '@kunalnagarco'
 inputs:
   token:
-    description: 'GitHub token'
+    description: 'GitHub Personal Access Token'
   slack_webhook:
     required: true
-    description: 'Blah'
+    description: 'Slack Webhook URL'
 branding:
-  icon: 'check-circle'
-  color: 'green'
+  icon: 'alert-octagon'
+  color: 'red'
 runs:
   using: 'node12'
   main: 'dist/index.js'