Skip to content

Commit

Permalink
Update workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
myrotvorets-team committed Mar 27, 2024
1 parent 4284428 commit 918823c
Show file tree
Hide file tree
Showing 4 changed files with 59 additions and 3 deletions.
10 changes: 9 additions & 1 deletion .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,25 @@ jobs:
dependency-review:
runs-on: ubuntu-latest
name: Review Dependencies
permissions:
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.deps.dev:443
api.github.com:443
api.scorecards.dev:443
github.com:443
- name: Check out the source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Review dependencies
uses: actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b # v4.2.5
with:
comment-summary-in-pr: true
48 changes: 48 additions & 0 deletions .github/workflows/package-audit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,53 @@ jobs:
name: NPM Audit
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
allowed-endpoints:
api.github.com:443
github.com:443
registry.npmjs.org:443

- name: Audit with NPM
uses: myrotvorets/composite-actions/node-package-audit@master

provenance:
name: Verify signatures and provenance statements
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
allowed-endpoints:
api.github.com:443
github.com:443
registry.npmjs.org:443
tuf-repo-cdn.sigstore.dev:443

- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Setup Node.js environment
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: lts/*
cache: npm

- name: Install dependencies
run: npm ci --ignore-scripts
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Update npm
run: npm i -g npm

- name: Run audit
run: npm audit signatures
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2 changes: 1 addition & 1 deletion package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
"@myrotvorets/eslint-config-myrotvorets-ts": "^2.24.0",
"@types/chai": "^4.3.11",
"@types/mocha": "^10.0.6",
"@types/node": ">= 20.11.16",
"@types/node": "^20.11.16",
"c8": "^9.1.0",
"chai": "^5.0.3",
"eslint-formatter-gha": "^1.4.3",
Expand Down

0 comments on commit 918823c

Please sign in to comment.