From 9834618c4278e3cce3c5ccb81f7bc26ba06ba55e Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Thu, 4 Apr 2024 15:05:15 +0100 Subject: [PATCH 1/2] ci(ci): audit package signatures and provenance attestations --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4d4a418..12174f8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,6 +60,9 @@ jobs: - name: Install run: npm i --ignore-scripts + - name: Audit NPM package signatures and provenance attestations + run: npm audit signatures + - name: Run ESLint run: npm run lint From b66b26f9ca32c2e4d3fec078fb7c2a61835ac741 Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Thu, 4 Apr 2024 15:17:27 +0100 Subject: [PATCH 2/2] ci: use latest node lts version --- .github/workflows/cd.yml | 2 ++ .github/workflows/ci.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 35e2854..9ef3ea6 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -47,6 +47,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4 with: + check-latest: true node-version: lts/* registry-url: https://registry.npmjs.org @@ -80,6 +81,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4 with: + check-latest: true node-version: lts/* registry-url: https://npm.pkg.github.com scope: "@fdawgs" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 12174f8..83781ce 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,6 +55,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v4 with: + check-latest: true node-version: lts/* - name: Install