name: Vulnerability CI

# Controls when the workflow will run
on:
  pull_request:
    types: [labeled, unlabeled, closed]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

  # Schedule the workflow to run weekly every Monday at 5:30 AM UTC

  schedule:
    - cron: "30 5 * * 1"

jobs:
  PeriodicVulnerability-CheckOn-frontend-code:
    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          ref: refs/heads/lts-3.16

      - name: Use Node.js 22.15.1
        uses: actions/setup-node@v3
        with:
          node-version: 22.15.1

      - name: Install dependencies
        run: npm --prefix frontend install

      - name: Running security audit
        run: npm --prefix frontend audit --json > Periodic-frontend-audit.json
        continue-on-error: true

      - name: Parse audit summary
        id: parse-audit
        run: |
          vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-frontend-audit.json)
          moderate=$(echo $vulnerabilities | jq '.moderate')
          high=$(echo $vulnerabilities | jq '.high')
          critical=$(echo $vulnerabilities | jq '.critical')
          echo "moderate=$moderate" >> $GITHUB_OUTPUT
          echo "high=$high" >> $GITHUB_OUTPUT
          echo "critical=$critical" >> $GITHUB_OUTPUT

      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: Periodic-frontend-audit-report
          path: Periodic-frontend-audit.json
          retention-days: 7

      - name: Determine notification color
        id: determine-color
        run: |
          critical=${{ steps.parse-audit.outputs.critical }}
          high=${{ steps.parse-audit.outputs.high }}
          moderate=${{ steps.parse-audit.outputs.moderate }}
          total=$((critical + high + moderate))

          if [ "$critical" -gt 0 ]; then
            echo "color=#FF0000" >> $GITHUB_OUTPUT
          elif [ "$high" -gt 0 ]; then
            echo "color=#FFA500" >> $GITHUB_OUTPUT
          else
            echo "color=#FFD700" >> $GITHUB_OUTPUT
          fi

          echo "total=$total" >> $GITHUB_OUTPUT

      - name: Send Slack Notification
        run: |
          payload=$(cat <<EOF
          {
            "attachments": [
              {
                "color": "${{ steps.determine-color.outputs.color }}",
                "blocks": [
                  {
                    "type": "header",
                    "text": {
                      "type": "plain_text",
                      "text": "🔒 Periodic Security Audit Report",
                      "emoji": true
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "*Repository:*\\n${{ github.repository }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Directory:*\\nFrontend"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Branch:*\\nlts-3.16"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Scan Time:*\\n$(date -u +"%Y-%m-%d %H:%M UTC")"
                      }
                    ]
                  },
                  {
                    "type": "divider"
                  },
                  {
                    "type": "section",
                    "text": {
                      "type": "mrkdwn",
                      "text": "*Node Module Vulnerabilities:*"
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "🔴 *Critical:*\\n${{ steps.parse-audit.outputs.critical }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "🟠 *High:*\\n${{ steps.parse-audit.outputs.high }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "🟡 *Moderate:*\\n${{ steps.parse-audit.outputs.moderate }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "📊 *Total:*\\n${{ steps.determine-color.outputs.total }}"
                      }
                    ]
                  },
                  {
                    "type": "divider"
                  },
                  {
                    "type": "actions",
                    "elements": [
                      {
                        "type": "button",
                        "text": {
                          "type": "plain_text",
                          "text": "📥 Download Full Report",
                          "emoji": true
                        },
                        "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
                        "style": "primary"
                      }
                    ]
                  }
                ]
              }
            ]
          }
          EOF
          )

          response=$(curl -s -w "%{http_code}" -X POST \
            -H 'Content-type: application/json' \
            --data "$payload" \
            "${{ secrets.SLACK_WEBHOOK_URL_VUR }}")

          http_code="${response: -3}"
          if [ "$http_code" != "200" ]; then
            echo "Slack notification failed with HTTP $http_code"
            exit 1
          fi

          echo "Slack notification sent successfully"

  PeriodicVulnerability-CheckOn-server-code:
    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          ref: refs/heads/lts-3.16

      - name: Use Node.js 22.15.1
        uses: actions/setup-node@v3
        with:
          node-version: 22.15.1

      - name: Install dependencies
        run: npm --prefix server install

      - name: Running security audit
        run: npm --prefix server audit --json >  Periodic-server-audit.json
        continue-on-error: true

      - name: Parse audit summary
        id: parse-audit
        run: |
          vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-server-audit.json)
          moderate=$(echo $vulnerabilities | jq '.moderate')
          high=$(echo $vulnerabilities | jq '.high')
          critical=$(echo $vulnerabilities | jq '.critical')
          echo "moderate=$moderate" >> $GITHUB_OUTPUT
          echo "high=$high" >> $GITHUB_OUTPUT
          echo "critical=$critical" >> $GITHUB_OUTPUT

      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: Periodic-server-audit-report
          path: Periodic-server-audit.json
          retention-days: 7

      - name: Determine notification color
        id: determine-color
        run: |
          critical=${{ steps.parse-audit.outputs.critical }}
          high=${{ steps.parse-audit.outputs.high }}
          moderate=${{ steps.parse-audit.outputs.moderate }}
          total=$((critical + high + moderate))

          if [ "$critical" -gt 0 ]; then
            echo "color=#FF0000" >> $GITHUB_OUTPUT
          elif [ "$high" -gt 0 ]; then
            echo "color=#FFA500" >> $GITHUB_OUTPUT
          else
            echo "color=#FFD700" >> $GITHUB_OUTPUT
          fi

          echo "total=$total" >> $GITHUB_OUTPUT

      - name: Send Slack Notification
        run: |
          payload=$(cat <<EOF
          {
            "attachments": [
              {
                "color": "${{ steps.determine-color.outputs.color }}",
                "blocks": [
                  {
                    "type": "header",
                    "text": {
                      "type": "plain_text",
                      "text": "🔒 Periodic Security Audit Report",
                      "emoji": true
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "*Repository:*\\n${{ github.repository }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Directory:*\\nServer"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Branch:*\\nlts-3.16"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Scan Time:*\\n$(date -u +"%Y-%m-%d %H:%M UTC")"
                      }
                    ]
                  },
                  {
                    "type": "divider"
                  },
                  {
                    "type": "section",
                    "text": {
                      "type": "mrkdwn",
                      "text": "*Node Module Vulnerabilities:*"
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "🔴 *Critical:*\\n${{ steps.parse-audit.outputs.critical }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "🟠 *High:*\\n${{ steps.parse-audit.outputs.high }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "🟡 *Moderate:*\\n${{ steps.parse-audit.outputs.moderate }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "📊 *Total:*\\n${{ steps.determine-color.outputs.total }}"
                      }
                    ]
                  },
                  {
                    "type": "divider"
                  },
                  {
                    "type": "actions",
                    "elements": [
                      {
                        "type": "button",
                        "text": {
                          "type": "plain_text",
                          "text": "📥 Download Full Report",
                          "emoji": true
                        },
                        "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
                        "style": "primary"
                      }
                    ]
                  }
                ]
              }
            ]
          }
          EOF
          )

          response=$(curl -s -w "%{http_code}" -X POST \
            -H 'Content-type: application/json' \
            --data "$payload" \
            "${{ secrets.SLACK_WEBHOOK_URL_VUR }}")

          http_code="${response: -3}"
          if [ "$http_code" != "200" ]; then
            echo "Slack notification failed with HTTP $http_code"
            exit 1
          fi

          echo "Slack notification sent successfully"

  PeriodicVulnerability-CheckOn-marketplace-code:
    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          ref: refs/heads/lts-3.16

      - name: Use Node.js 22.15.1
        uses: actions/setup-node@v3
        with:
          node-version: 22.15.1

      - name: Install dependencies
        run: npm --prefix marketplace install

      - name: Running security audit
        run: npm --prefix marketplace audit --json > Periodic-marketplace-audit.json
        continue-on-error: true

      - name: Parse audit summary
        id: parse-audit
        run: |
          vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-marketplace-audit.json)
          moderate=$(echo $vulnerabilities | jq '.moderate')
          high=$(echo $vulnerabilities | jq '.high')
          critical=$(echo $vulnerabilities | jq '.critical')
          echo "moderate=$moderate" >> $GITHUB_OUTPUT
          echo "high=$high" >> $GITHUB_OUTPUT
          echo "critical=$critical" >> $GITHUB_OUTPUT

      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: Periodic-marketplace-audit-report
          path: Periodic-marketplace-audit.json
          retention-days: 7

      - name: Determine notification color
        id: determine-color
        run: |
          critical=${{ steps.parse-audit.outputs.critical }}
          high=${{ steps.parse-audit.outputs.high }}
          moderate=${{ steps.parse-audit.outputs.moderate }}
          total=$((critical + high + moderate))

          if [ "$critical" -gt 0 ]; then
            echo "color=#FF0000" >> $GITHUB_OUTPUT
          elif [ "$high" -gt 0 ]; then
            echo "color=#FFA500" >> $GITHUB_OUTPUT
          else
            echo "color=#FFD700" >> $GITHUB_OUTPUT
          fi

          echo "total=$total" >> $GITHUB_OUTPUT

      - name: Send Slack Notification
        run: |
          payload=$(cat <<EOF
          {
            "attachments": [
              {
                "color": "${{ steps.determine-color.outputs.color }}",
                "blocks": [
                  {
                    "type": "header",
                    "text": {
                      "type": "plain_text",
                      "text": "🔒 Periodic Security Audit Report",
                      "emoji": true
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "*Repository:*\\n${{ github.repository }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Directory:*\\nMarketplace"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Branch:*\\nlts-3.16"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Scan Time:*\\n$(date -u +"%Y-%m-%d %H:%M UTC")"
                      }
                    ]
                  },
                  {
                    "type": "divider"
                  },
                  {
                    "type": "section",
                    "text": {
                      "type": "mrkdwn",
                      "text": "*Node Module Vulnerabilities:*"
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "🔴 *Critical:*\\n${{ steps.parse-audit.outputs.critical }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "🟠 *High:*\\n${{ steps.parse-audit.outputs.high }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "🟡 *Moderate:*\\n${{ steps.parse-audit.outputs.moderate }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "📊 *Total:*\\n${{ steps.determine-color.outputs.total }}"
                      }
                    ]
                  },
                  {
                    "type": "divider"
                  },
                  {
                    "type": "actions",
                    "elements": [
                      {
                        "type": "button",
                        "text": {
                          "type": "plain_text",
                          "text": "📥 Download Full Report",
                          "emoji": true
                        },
                        "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
                        "style": "primary"
                      }
                    ]
                  }
                ]
              }
            ]
          }
          EOF
          )

          response=$(curl -s -w "%{http_code}" -X POST \
            -H 'Content-type: application/json' \
            --data "$payload" \
            "${{ secrets.SLACK_WEBHOOK_URL_VUR }}")

          http_code="${response: -3}"
          if [ "$http_code" != "200" ]; then
            echo "Slack notification failed with HTTP $http_code"
            exit 1
          fi

          echo "Slack notification sent successfully"

  PeriodicVulnerability-CheckOn-plugins-code:
    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          ref: refs/heads/main

      - name: Use Node.js 22.15.1
        uses: actions/setup-node@v3
        with:
          node-version: 22.15.1

      - name: Install dependencies
        run: npm --prefix plugins install

      - name: Running security audit
        run: npm --prefix plugins audit --json > Periodic-plugins-audit.json
        continue-on-error: true

      - name: Parse audit summary
        id: parse-audit
        run: |
          vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-plugins-audit.json)
          moderate=$(echo $vulnerabilities | jq '.moderate')
          high=$(echo $vulnerabilities | jq '.high')
          critical=$(echo $vulnerabilities | jq '.critical')
          echo "moderate=$moderate" >> $GITHUB_OUTPUT
          echo "high=$high" >> $GITHUB_OUTPUT
          echo "critical=$critical" >> $GITHUB_OUTPUT

      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: Periodic-plugins-audit-report
          path: Periodic-plugins-audit.json
          retention-days: 7

      - name: Determine notification color
        id: determine-color
        run: |
          critical=${{ steps.parse-audit.outputs.critical }}
          high=${{ steps.parse-audit.outputs.high }}
          moderate=${{ steps.parse-audit.outputs.moderate }}
          total=$((critical + high + moderate))

          if [ "$critical" -gt 0 ]; then
            echo "color=#FF0000" >> $GITHUB_OUTPUT
          elif [ "$high" -gt 0 ]; then
            echo "color=#FFA500" >> $GITHUB_OUTPUT
          else
            echo "color=#FFD700" >> $GITHUB_OUTPUT
          fi

          echo "total=$total" >> $GITHUB_OUTPUT

      - name: Send Slack Notification
        run: |
          payload=$(cat <<EOF
          {
            "attachments": [
              {
                "color": "${{ steps.determine-color.outputs.color }}",
                "blocks": [
                  {
                    "type": "header",
                    "text": {
                      "type": "plain_text",
                      "text": "🔒 Periodic Security Audit Report",
                      "emoji": true
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "*Repository:*\\n${{ github.repository }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Directory:*\\nPlugins"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Branch:*\\nmain"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Scan Time:*\\n$(date -u +"%Y-%m-%d %H:%M UTC")"
                      }
                    ]
                  },
                  {
                    "type": "divider"
                  },
                  {
                    "type": "section",
                    "text": {
                      "type": "mrkdwn",
                      "text": "*Node Module Vulnerabilities:*"
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "🔴 *Critical:*\\n${{ steps.parse-audit.outputs.critical }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "🟠 *High:*\\n${{ steps.parse-audit.outputs.high }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "🟡 *Moderate:*\\n${{ steps.parse-audit.outputs.moderate }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "📊 *Total:*\\n${{ steps.determine-color.outputs.total }}"
                      }
                    ]
                  },
                  {
                    "type": "divider"
                  },
                  {
                    "type": "actions",
                    "elements": [
                      {
                        "type": "button",
                        "text": {
                          "type": "plain_text",
                          "text": "📥 Download Full Report",
                          "emoji": true
                        },
                        "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
                        "style": "primary"
                      }
                    ]
                  }
                ]
              }
            ]
          }
          EOF
          )

          response=$(curl -s -w "%{http_code}" -X POST \
            -H 'Content-type: application/json' \
            --data "$payload" \
            "${{ secrets.SLACK_WEBHOOK_URL_VUR }}")

          http_code="${response: -3}"
          if [ "$http_code" != "200" ]; then
            echo "Slack notification failed with HTTP $http_code"
            exit 1
          fi

          echo "Slack notification sent successfully"

  PeriodicVulnerability-CheckOn-root-code:
    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          ref: refs/heads/lts-3.16

      - name: Use Node.js 22.15.1
        uses: actions/setup-node@v3
        with:
          node-version: 22.15.1

      - name: Install dependencies
        run: npm install

      - name: Running security audit
        run: npm audit --json > Periodic-root-audit.json
        continue-on-error: true

      - name: Parse audit summary
        id: parse-audit
        run: |
          vulnerabilities=$(jq '.metadata.vulnerabilities' Periodic-root-audit.json)
          moderate=$(echo $vulnerabilities | jq '.moderate')
          high=$(echo $vulnerabilities | jq '.high')
          critical=$(echo $vulnerabilities | jq '.critical')
          echo "moderate=$moderate" >> $GITHUB_OUTPUT
          echo "high=$high" >> $GITHUB_OUTPUT
          echo "critical=$critical" >> $GITHUB_OUTPUT

      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: Periodic-root-audit-report
          path: Periodic-root-audit.json
          retention-days: 7

      - name: Determine notification color
        id: determine-color
        run: |
          critical=${{ steps.parse-audit.outputs.critical }}
          high=${{ steps.parse-audit.outputs.high }}
          moderate=${{ steps.parse-audit.outputs.moderate }}
          total=$((critical + high + moderate))

          if [ "$critical" -gt 0 ]; then
            echo "color=#FF0000" >> $GITHUB_OUTPUT
          elif [ "$high" -gt 0 ]; then
            echo "color=#FFA500" >> $GITHUB_OUTPUT
          else
            echo "color=#FFD700" >> $GITHUB_OUTPUT
          fi

          echo "total=$total" >> $GITHUB_OUTPUT

      - name: Send Slack Notification
        run: |
          payload=$(cat <<EOF
          {
            "attachments": [
              {
                "color": "${{ steps.determine-color.outputs.color }}",
                "blocks": [
                  {
                    "type": "header",
                    "text": {
                      "type": "plain_text",
                      "text": "🔒 Periodic Security Audit Report",
                      "emoji": true
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "*Repository:*\\n${{ github.repository }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Directory:*\\nRoot"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Branch:*\\nlts-3.16"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "*Scan Time:*\\n$(date -u +"%Y-%m-%d %H:%M UTC")"
                      }
                    ]
                  },
                  {
                    "type": "divider"
                  },
                  {
                    "type": "section",
                    "text": {
                      "type": "mrkdwn",
                      "text": "*Node Module Vulnerabilities:*"
                    }
                  },
                  {
                    "type": "section",
                    "fields": [
                      {
                        "type": "mrkdwn",
                        "text": "🔴 *Critical:*\\n${{ steps.parse-audit.outputs.critical }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "🟠 *High:*\\n${{ steps.parse-audit.outputs.high }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "🟡 *Moderate:*\\n${{ steps.parse-audit.outputs.moderate }}"
                      },
                      {
                        "type": "mrkdwn",
                        "text": "📊 *Total:*\\n${{ steps.determine-color.outputs.total }}"
                      }
                    ]
                  },
                  {
                    "type": "divider"
                  },
                  {
                    "type": "actions",
                    "elements": [
                      {
                        "type": "button",
                        "text": {
                          "type": "plain_text",
                          "text": "📥 Download Full Report",
                          "emoji": true
                        },
                        "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
                        "style": "primary"
                      }
                    ]
                  }
                ]
              }
            ]
          }
          EOF
          )

          response=$(curl -s -w "%{http_code}" -X POST \
            -H 'Content-type: application/json' \
            --data "$payload" \
            "${{ secrets.SLACK_WEBHOOK_URL_VUR }}")

          http_code="${response: -3}"
          if [ "$http_code" != "200" ]; then
            echo "Slack notification failed with HTTP $http_code"
            exit 1
          fi

          echo "Slack notification sent successfully"

  ManualVulnerability-CheckOn-frontend-code:
    if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'frontend-vulnerability' || github.event.label.name == 'check-vulnerability') }}
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.ref }}

      - name: Use Node.js 22.15.1
        uses: actions/setup-node@v3
        with:
          node-version: 22.15.1

      - name: Install dependencies
        run: npm --prefix frontend install

      - name: Running security audit
        run: npm --prefix frontend audit --json > frontend-audit.json
        continue-on-error: true

      - name: Parse audit summary
        id: parse-audit
        run: |
          vulnerabilities=$(jq '.metadata.vulnerabilities' frontend-audit.json)
          moderate=$(echo $vulnerabilities | jq '.moderate')
          high=$(echo $vulnerabilities | jq '.high')
          critical=$(echo $vulnerabilities | jq '.critical')
          echo "moderate=$moderate" >> $GITHUB_OUTPUT
          echo "high=$high" >> $GITHUB_OUTPUT
          echo "critical=$critical" >> $GITHUB_OUTPUT

      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: frontend-audit-report
          path: frontend-audit.json
          retention-days: 7

      - name: Create or update PR comment
        uses: peter-evans/create-or-update-comment@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          repository: ${{ github.repository }}
          issue-number: ${{ github.event.pull_request.number }}
          body: |
            ### Security Audit Report Of Frontend directory
            **Node module vulnerabilities summary:**
             🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
             🟠 High: ${{ steps.parse-audit.outputs.high }}
             🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}

            Please find the JSON file in the [summary page](${{ github.frontend_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).

  ManualVulnerability-CheckOn-server-code:
    if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'server-vulnerability' || github.event.label.name == 'check-vulnerability') }}
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.ref }}

      - name: Use Node.js 22.15.1
        uses: actions/setup-node@v3
        with:
          node-version: 22.15.1

      - name: Install dependencies
        run: npm --prefix server install

      - name: Running security audit
        run: npm --prefix server audit --json > server-audit.json
        continue-on-error: true

      - name: Parse audit summary
        id: parse-audit
        run: |
          vulnerabilities=$(jq '.metadata.vulnerabilities' server-audit.json)
          moderate=$(echo $vulnerabilities | jq '.moderate')
          high=$(echo $vulnerabilities | jq '.high')
          critical=$(echo $vulnerabilities | jq '.critical')
          echo "moderate=$moderate" >> $GITHUB_OUTPUT
          echo "high=$high" >> $GITHUB_OUTPUT
          echo "critical=$critical" >> $GITHUB_OUTPUT

      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: server-audit-report
          path: server-audit.json
          retention-days: 7

      - name: Create or update PR comment
        uses: peter-evans/create-or-update-comment@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          repository: ${{ github.repository }}
          issue-number: ${{ github.event.pull_request.number }}
          body: |
            ### Security Audit Report Of Server directory
            **Node module vulnerabilities summary:**
             🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
             🟠 High: ${{ steps.parse-audit.outputs.high }}
             🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}

            Please find the JSON file in the [summary page](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).

  ManualVulnerability-CheckOn-marketplace-code:
    if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'marketplace-vulnerability' || github.event.label.name == 'check-vulnerability') }}
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.ref }}

      - name: Use Node.js 22.15.1
        uses: actions/setup-node@v3
        with:
          node-version: 22.15.1

      - name: Install dependencies
        run: npm --prefix marketplace install

      - name: Running security audit
        run: npm --prefix marketplace audit --json > marketplace-audit.json
        continue-on-error: true

      - name: Parse audit summary
        id: parse-audit
        run: |
          vulnerabilities=$(jq '.metadata.vulnerabilities' marketplace-audit.json)
          moderate=$(echo $vulnerabilities | jq '.moderate')
          high=$(echo $vulnerabilities | jq '.high')
          critical=$(echo $vulnerabilities | jq '.critical')
          echo "moderate=$moderate" >> $GITHUB_OUTPUT
          echo "high=$high" >> $GITHUB_OUTPUT
          echo "critical=$critical" >> $GITHUB_OUTPUT

      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: marketplace-audit-report
          path: marketplace-audit.json
          retention-days: 7

      - name: Create or update PR comment
        uses: peter-evans/create-or-update-comment@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          repository: ${{ github.repository }}
          issue-number: ${{ github.event.pull_request.number }}
          body: |
            ### Security Audit Report Of Marketplace directory
            **Node module vulnerabilities summary:**
             🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
             🟠 High: ${{ steps.parse-audit.outputs.high }}
             🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}

            Please find the JSON file in the [summary page](${{ github.marketplace_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).

  ManualVulnerability-CheckOn-plugins-code:
    if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'plugins-vulnerability' || github.event.label.name == 'check-vulnerability') }}
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.ref }}

      - name: Use Node.js 22.15.1
        uses: actions/setup-node@v3
        with:
          node-version: 22.15.1

      - name: Install dependencies
        run: npm --prefix plugins install

      - name: Running security audit
        run: npm --prefix plugins audit --json > plugins-audit.json
        continue-on-error: true

      - name: Parse audit summary
        id: parse-audit
        run: |
          vulnerabilities=$(jq '.metadata.vulnerabilities' plugins-audit.json)
          moderate=$(echo $vulnerabilities | jq '.moderate')
          high=$(echo $vulnerabilities | jq '.high')
          critical=$(echo $vulnerabilities | jq '.critical')
          echo "moderate=$moderate" >> $GITHUB_OUTPUT
          echo "high=$high" >> $GITHUB_OUTPUT
          echo "critical=$critical" >> $GITHUB_OUTPUT

      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: plugins-audit-report
          path: plugins-audit.json
          retention-days: 7

      - name: Create or update PR comment
        uses: peter-evans/create-or-update-comment@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          repository: ${{ github.repository }}
          issue-number: ${{ github.event.pull_request.number }}
          body: |
            ### Security Audit Report Of Plugins directory
            **Node module vulnerabilities summary:**
             🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
             🟠 High: ${{ steps.parse-audit.outputs.high }}
             🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}

            Please find the JSON file in the [summary page](${{ github.plugins_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).

  ManualVulnerability-CheckOn-root-code:
    if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'root-vulnerability' || github.event.label.name == 'check-vulnerability') }}
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.ref }}

      - name: Use Node.js 22.15.1
        uses: actions/setup-node@v3
        with:
          node-version: 22.15.1

      - name: Install dependencies
        run: npm install

      - name: Running security audit
        run: npm audit --json > root-audit.json
        continue-on-error: true

      - name: Parse audit summary
        id: parse-audit
        run: |
          vulnerabilities=$(jq '.metadata.vulnerabilities' root-audit.json)
          moderate=$(echo $vulnerabilities | jq '.moderate')
          high=$(echo $vulnerabilities | jq '.high')
          critical=$(echo $vulnerabilities | jq '.critical')
          echo "moderate=$moderate" >> $GITHUB_OUTPUT
          echo "high=$high" >> $GITHUB_OUTPUT
          echo "critical=$critical" >> $GITHUB_OUTPUT

      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: root-audit-report
          path: root-audit.json
          retention-days: 7

      - name: Create or update PR comment
        uses: peter-evans/create-or-update-comment@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          repository: ${{ github.repository }}
          issue-number: ${{ github.event.pull_request.number }}
          body: |
            ### Security Audit Report Of Root directory
            **Node module vulnerabilities summary:**
             🔴 Critical: ${{ steps.parse-audit.outputs.critical }}
             🟠 High: ${{ steps.parse-audit.outputs.high }}
             🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}

            Please find the JSON file in the [summary page](${{ github.root_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).