From 6d4e25c4d98f80455f55fa28f2453b2d5d4441c6 Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Wed, 3 Apr 2024 19:44:55 +0100 Subject: [PATCH 1/2] ci(ci): audit package signatures and provenance attestations --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 29e1303f..81e9d6bf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,6 +60,9 @@ jobs: - name: Install run: npm i --ignore-scripts + - name: Audit NPM package signatures and provenance attestations + run: npm audit signatures + - name: Run ESLint run: npm run lint From dc9d91d753caefdb9ada3462960b4d3a4fe66368 Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Wed, 3 Apr 2024 19:50:22 +0100 Subject: [PATCH 2/2] ci: use latest node lts version --- .github/workflows/cd.yml | 2 ++ .github/workflows/ci.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index a8bb9982..5a9e9ef7 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -47,6 +47,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4 with: + check-latest: true node-version: lts/* registry-url: https://registry.npmjs.org @@ -80,6 +81,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4 with: + check-latest: true node-version: lts/* registry-url: https://npm.pkg.github.com scope: "@fdawgs" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 81e9d6bf..6674dfb7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,6 +55,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4 with: + check-latest: true node-version: lts/* - name: Install @@ -110,6 +111,7 @@ jobs: - name: Setup Node ${{ matrix.node-version }} uses: actions/setup-node@v4 with: + check-latest: true node-version: ${{ matrix.node-version }} - name: Install