name: Nightly Security

on:
  schedule:
    - cron: "17 2 * * *"
  workflow_dispatch:

permissions:
  contents: read

env:
  NODE_VERSION: "20"
  PNPM_VERSION: "9.14.2"

jobs:
  dependency-audit:
    name: Dependency Audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install pnpm
        run: npm install -g pnpm@${{ env.PNPM_VERSION }}

      - uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Run dependency audit
        run: pnpm audit --audit-level=high