From 684737f49c893605bbb8ceee0cb406d8a166e839 Mon Sep 17 00:00:00 2001 From: Shelley Nason Date: Thu, 14 Nov 2024 15:45:16 -0600 Subject: [PATCH 1/2] Add 'npm audit signatures' to CI workflow. --- .github/workflows/ci.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 071512a..badb284 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,8 +19,24 @@ jobs: run: npm ci - name: Lint javascript run: npm run lint + audit_dependencies: + runs-on: ubuntu-latest + steps: + - name: Code checkout + uses: actions/checkout@v4 + - name: Install node + uses: actions/setup-node@v4 + with: + node-version: "lts/*" + cache: 'npm' + - name: Install node dependencies + run: npm ci + - name: Validate npm package signatures + run: npm audit signatures test: - needs: lint + needs: + - lint + - audit_dependencies runs-on: ubuntu-latest # Start Postgres as a service, wait until healthy. Uses latest Postgres version. services: From 5faf2de56b556f27fe3cd6affd45e50aaa8689a7 Mon Sep 17 00:00:00 2001 From: Shelley Nason Date: Fri, 15 Nov 2024 15:42:53 -0600 Subject: [PATCH 2/2] PR fixes. --- .github/workflows/ci.yml | 9 ++++++--- .github/workflows/deploy.yml | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index badb284..e647089 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: - name: Install node uses: actions/setup-node@v4 with: - node-version: "lts/*" + node-version-file: ".nvmrc" cache: 'npm' - name: Install node dependencies run: npm ci @@ -27,7 +27,7 @@ jobs: - name: Install node uses: actions/setup-node@v4 with: - node-version: "lts/*" + node-version-file: ".nvmrc" cache: 'npm' - name: Install node dependencies run: npm ci @@ -59,7 +59,7 @@ jobs: - name: Install node uses: actions/setup-node@v4 with: - node-version: "lts/*" + node-version-file: ".nvmrc" cache: 'npm' - name: Install node dependencies run: npm ci @@ -68,6 +68,7 @@ jobs: deploy_dev: needs: - lint + - audit_dependencies - test if: github.ref == 'refs/heads/develop' uses: 18F/analytics-reporter/.github/workflows/deploy.yml@develop @@ -97,6 +98,7 @@ jobs: deploy_stg: needs: - lint + - audit_dependencies - test if: github.ref == 'refs/heads/staging' uses: 18F/analytics-reporter/.github/workflows/deploy.yml@develop @@ -126,6 +128,7 @@ jobs: deploy_prd: needs: - lint + - audit_dependencies - test if: github.ref == 'refs/heads/master' uses: 18F/analytics-reporter/.github/workflows/deploy.yml@develop diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index dbfe4fd..d9d5d0b 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -91,7 +91,7 @@ jobs: - name: Install node uses: actions/setup-node@v4 with: - node-version: "lts/*" + node-version-file: ".nvmrc" cache: 'npm' - name: Install node dependencies # This causes npm install to omit dev dependencies per NPM docs. @@ -133,7 +133,7 @@ jobs: - name: Install node uses: actions/setup-node@v4 with: - node-version: "lts/*" + node-version-file: ".nvmrc" cache: 'npm' - name: Install node dependencies # This causes npm install to omit dev dependencies per NPM docs.