build: Fix CI/CD audit setup

bloomreach · Aug 27, 2024 · f86bd8c · f86bd8c
1 parent 299c564
commit f86bd8c
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml
@@ -50,6 +50,9 @@ jobs:
       - name: Install dependencies
         run: pnpm install
 
+      - name: Audit production dependencies
+        run: pnpm audit --prod --audit-level high
+
       - name: Validate current commit (last commit) with commitlint
         if: github.event_name == 'push'
         run: pnpm commitlint --last --verbose
@@ -113,7 +116,8 @@ jobs:
       - name:
           Verify the integrity of provenance attestations and registry signatures for installed
           dependencies
-        run: pnpm audit signatures
+        # This is not a mistake, pnpm does not support auditing signatures yet
+        run: npm audit signatures
 
       - name: Install dependencies
         run: pnpm install