From b77bc564f5213c6dad26dbb62757bbbdb54dbd2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=A9=AC=E6=96=AF=E5=85=8B?= <qiang88550@gmail.com>
Date: Fri, 15 Nov 2024 19:23:20 +0800
Subject: [PATCH] Update npm-grunt.yml

---
 .github/workflows/npm-grunt.yml | 23 ++++++-----------------
 1 file changed, 6 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/npm-grunt.yml b/.github/workflows/npm-grunt.yml
index 55dce6c..2243953 100644
--- a/.github/workflows/npm-grunt.yml
+++ b/.github/workflows/npm-grunt.yml
@@ -15,37 +15,27 @@ jobs:
         node-version: [18.x, 20.x, 22.x]
 
     steps:
-    # Step 1: 检出代码
     - name: Checkout code
       uses: actions/checkout@v4
 
-    # Step 2: 设置 Node.js 环境
     - name: Setup Node.js ${{ matrix.node-version }}
       uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
-        cache: "npm"  # 启用 npm 缓存
+        cache: "npm"
         cache-dependency-path: "package-lock.json"
 
-    # Step 3: 安装依赖
-    - name: Install dependencies
+    - name: Install dependencies and fix vulnerabilities
       run: |
-        npm ci  # 更快的安装方式，保证依赖与 lock 文件一致
-        npm install -g grunt-cli  # 全局安装 Grunt CLI
+        npm ci
+        npm install uuid@latest @npmcli/fs@latest --save
+        npm audit fix --force || true
 
-    # Step 4: 安全检查并修复
-    - name: Audit and fix vulnerabilities
-      run: |
-        npm audit --production || true  # 显示潜在漏洞，但不中断构建
-        npm audit fix --force || true   # 自动修复大部分安全漏洞
-
-    # Step 5: 运行 Grunt 任务
     - name: Run Grunt tasks
       run: |
         grunt
 
-    # Step 6: 发送构建通知（可选）
-    - name: Send Telegram notification
+    - name: Send Telegram notification (optional)
       if: failure() || success()
       run: |
         status="${{ job.status }}"
@@ -53,4 +43,3 @@ jobs:
         curl -X POST "https://api.telegram.org/bot<YOUR_BOT_TOKEN>/sendMessage" \
           -d chat_id=<YOUR_CHAT_ID> \
           -d text="$message"
-