From 9966acefc813a16b1ebd6737cb8582168af659a2 Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Thu, 4 Apr 2024 15:02:09 +0100 Subject: [PATCH 1/2] ci(ci): audit package signatures and provenance attestations --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 244175b..871cb56 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,6 +60,9 @@ jobs: - name: Install run: npm i --ignore-scripts + - name: Audit NPM package signatures and provenance attestations + run: npm audit signatures + - name: Run ESLint run: npm run lint From 172b71da99ca3ced2d93fa0918373f61a1000f4f Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Thu, 4 Apr 2024 15:16:37 +0100 Subject: [PATCH 2/2] ci: use latest node lts version --- .github/workflows/cd.yml | 2 ++ .github/workflows/ci.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 7201ad4..e711807 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -47,6 +47,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4 with: + check-latest: true node-version: lts/* registry-url: https://registry.npmjs.org @@ -80,6 +81,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4 with: + check-latest: true node-version: lts/* registry-url: https://npm.pkg.github.com scope: "@fdawgs" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 871cb56..fa9585a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,6 +55,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4 with: + check-latest: true node-version: lts/* - name: Install