Mastodawn

Hey, devopses / linux-users / pipelines-developers! I need to develop my bitbucket pipeline with NPM auditing steps: one regular with stopping pipeline if error, and second that do not stop pipeline event with error from "npm audit". For now I did smth like this but doesn't try it yet and I'm thinking if this audit-step-prod could event work (don't know exactly if it work on my local arch-linux machine):

```yaml
- step: &audit-step-dev
name: 'Pull request - audit'
caches:
- node
script:
- npm install
- npm audit

- step: &audit-step-prod
name: 'Pull request - soft audit'
caches:
- node
script:
- npm install
- |
set +e
npm audit
if [[ $? -gt 0 ]]; then echo "NPM Audit failed, fix dependencies before next merge!"; else echo "NPM Audit OK"; fi
set -e
```

#bash #linux #pipeline #bitbucket #npm

Show thread

Jasper Corydon 2d ago

@bartonemo That should work.

If you don't care about the echoed string, you could simplify as `npm audit || true`

Maybe the best option would be to leave it, but configure the step with `on-fail: strategy: ignore`. This way, it'll show a warning icon, but it won't fail the pipeline.

Show thread

Barto Nemo Kopeć | ♿ MS+ | 🏳️‍⚧️2d ago

@JasperCorydon hmm, i tried "on-fail: strategy: ignore" recently, as I read on some blog, but didn't worked. Maybe I wrote it in wrong place. Will search this againg, thanks!