ci: add dependency audit step and CODEOWNERS

- Add pnpm audit --audit-level=high to CI guardrails job so vulnerable packages are caught before merge, not just in nightly scans - Add CODEOWNERS for review routing on infra, schema, and auth changes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-11 08:31:45 +02:00
parent 85e1bcc06f
commit 9c537b027b
2 changed files with 17 additions and 0 deletions
@@ -0,0 +1,14 @@
+# Global fallback — all changes require review
+* @hartmut
+
+# Infrastructure
+.github/ @hartmut
+tooling/ @hartmut
+docker-compose*.yml @hartmut
+
+# Database schema
+packages/db/prisma/ @hartmut
+
+# Auth & security
+packages/api/src/router/auth.ts @hartmut
+packages/api/src/middleware/ @hartmut
@@ -46,6 +46,9 @@ jobs:
      - name: Check workspace imports
        run: pnpm check:imports

+      - name: Security audit (high+ severity)
+        run: pnpm audit --audit-level=high
+
  # ──────────────────────────────────────────────
  # Typecheck — ~40s, no services needed
  # ──────────────────────────────────────────────