simon/semantic-release
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ci(dependencies): audited signatures and provenance attestations of installed packages

Browse Source
This commit is contained in:
Matt Travi 2023-04-21 16:39:54 -05:00
parent 278d8e6bec
commit ef998acd4d
No known key found for this signature in database
GPG Key ID: 8C173646C24FED70
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/release.yml vendored
View File

@ -23,7 +23,8 @@ jobs:
with: with:
cache: npm cache: npm
node-version: lts/* node-version: lts/*
- run: npm ci - run: npm clean-install
- run: npm audit signatures
- run: npx semantic-release - run: npx semantic-release
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

1
.github/workflows/test.yml vendored
View File

@ -36,6 +36,7 @@ jobs:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
cache: npm cache: npm
- run: npm clean-install - run: npm clean-install
- run: npm audit signatures
- name: Ensure dependencies are compatible with the version of node - name: Ensure dependencies are compatible with the version of node
run: npx ls-engines run: npx ls-engines
- run: npm run test:ci - run: npm run test:ci