Skip to content

Commit

Permalink
ci(dependencies): audited signatures and provenance attestations of i…
Browse files Browse the repository at this point in the history 
…nstalled packages
  • Loading branch information
@travi
travi committed Apr 21, 2023
1 parent 278d8e6 commit ef998ac
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
3 changes: 2 additions & 1 deletion .github/workflows/release.yml
View file
Expand Up @@ -23,7 +23,8 @@ jobs:
with:
cache: npm
node-version: lts/*
- run: npm ci
- run: npm clean-install
- run: npm audit signatures
- run: npx semantic-release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/test.yml
View file
Expand Up @@ -36,6 +36,7 @@ jobs:
node-version: ${{ matrix.node-version }}
cache: npm
- run: npm clean-install
- run: npm audit signatures
- name: Ensure dependencies are compatible with the version of node
run: npx ls-engines
- run: npm run test:ci
Expand Down

0 comments on commit ef998ac

Please sign in to comment.