name: Security Audit

on:
  pull_request:
    branches:
      - '*'
  push:
    branches:
      - main
      - master
  schedule:
    # Run weekly on Mondays at 9 AM UTC
    - cron: '0 9 * * 1'

jobs:
  audit:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup project
        uses: ./.github/actions/setup-project
        with:
          check-lockfile: 'true'

      - name: Run npm audit
        run: npm audit --audit-level=moderate
        continue-on-error: false