Skip to content

Commit

Permalink
Update package audit workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
myrotvorets-team committed Mar 26, 2024
1 parent 81fd551 commit d4c43a5
Showing 1 changed file with 24 additions and 9 deletions.
33 changes: 24 additions & 9 deletions .github/workflows/package-audit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,19 @@ jobs:
name: NPM Audit
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Setup Node.js environment
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
node-version: lts/*
disable-sudo: true
allowed-endpoints:
api.github.com:443
github.com:443
npm.pkg.github.com:443
pkg-npm.githubusercontent.com:443
registry.npmjs.org:443

- name: Run audit
run: npm audit --omit=dev
- name: Audit with NPM
uses: myrotvorets/composite-actions/node-package-audit@master

provenance:
name: Verify signatures and provenance statements
Expand All @@ -36,6 +39,18 @@ jobs:
contents: read
packages: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
allowed-endpoints:
api.github.com:443
github.com:443
npm.pkg.github.com:443
pkg-npm.githubusercontent.com:443
registry.npmjs.org:443
tuf-repo-cdn.sigstore.dev:443

- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

Expand All @@ -44,7 +59,7 @@ jobs:
with:
node-version: lts/*
registry-url: https://npm.pkg.github.com
cache: npm
# cache: npm

- name: Install dependencies
run: npm ci --ignore-scripts
Expand Down

0 comments on commit d4c43a5

Please sign in to comment.