microsoft · weswigham · Jun 14, 2023 · Jun 14, 2023 · Jun 14, 2023 · Jun 14, 2023
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -18,6 +18,9 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
 
+      - name: Update npm
+        run: npm i -g [email protected]
+
       - name: Run tests
         run: node ./test/runTests.js
 

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -5,16 +5,33 @@ on:
     types: [created]
 
 jobs:
-  publish-npm:
+  build:
+    permissions:
+      id-token: write # For signing
+      contents: read # For repo checkout.
+      actions: read # For getting workflow run info.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
-    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.7.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.8.0
-    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.7.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.8.0
+    with:
+      run-scripts: "i, test"
+  publish:
+    needs: [build]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      - name: Set up Node registry authentication
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
-          node-version: 14
-          registry-url: https://registry.npmjs.org/
-      - run: npm i
-      - run: node test/validateModuleExportsMatchCommonJS/index.js
-      - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.npm_token}}
+          node-version: 18
+          registry-url: "https://registry.npmjs.org"
+
+      - name: publish
+        id: publish
+        uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@4314fec3d06bb217f163b89466dcd34be65b9bf1 # v1.6.0
+        with:
+          access: public
+          node-auth-token: ${{ secrets.npm_token }}
+          package-name: ${{ needs.build.outputs.package-name }}
+          package-download-name: ${{ needs.build.outputs.package-download-name }}
+          package-download-sha256: ${{ needs.build.outputs.package-download-sha256 }}
+          provenance-name: ${{ needs.build.outputs.provenance-name }}
+          provenance-download-name: ${{ needs.build.outputs.provenance-download-name }}
+          provenance-download-sha256: ${{ needs.build.outputs.provenance-download-sha256 }}
diff --git a/package.json b/package.json
@@ -43,5 +43,8 @@
         },
         "./*": "./*",
         "./": "./"
+    },
+    "scripts": {
+        "test": "node ./test/runTests.js && node test/validateModuleExportsMatchCommonJS/index.js"
     }
 }
diff --git a/test/rollup-modules/package.json b/test/rollup-modules/package.json
@@ -1,5 +1,5 @@
 {
   "scripts": {
-    "test": "../node_modules/.bin/rollup -c rollup.config.js && node build/index.js"
+    "test": "rollup -c rollup.config.js && node build/index.js"
   }
 }
diff --git a/test/runTests.js b/test/runTests.js
@@ -14,7 +14,14 @@ const tests = filesInTest
 // Support setting up the test node modules
 if (!filesInTest.includes("node_modules")) {
   console.log("Installing Deps...");
-  spawnSync("npm", ["install"], { cwd: __dirname });
+  const res = spawnSync("npm", ["install"], { cwd: __dirname, shell: true });
+  if (res.error) {
+    console.error(res.error);
+    process.exit(res.error.errno || -1);
+  }
+  if (res.output) {
+    console.log(res.output.toString());
+  }
   console.log("Installed");
 }
 
@@ -37,13 +44,13 @@ for (const test of tests) {
   if (pgkJSON.dependencies || pgkJSON.devDependencies) {
     const nodeModsInstalled = fs.existsSync(path.join(__dirname, test, "node_modules"));
     if (!nodeModsInstalled) {
-      spawnSync("npm", ["install"], { cwd: path.join(__dirname, test) });
+      spawnSync("npm", ["install"], { cwd: path.join(__dirname, test), shell: true });
     }
   }
 
   // Run the test command
-  const results = spawnSync("npm", ["test"], { cwd: path.join(__dirname, test) });
-  console.log(results.stdout.toString())
+  const results = spawnSync("npm", ["test"], { cwd: path.join(__dirname, test), shell: true });
+  console.log((results.stdout || "").toString())
   if (results.status) {
     console.log(chalk.bold.red("Error running test: ") + chalk.bold(test))
     console.log(results.stderr.toString())

diff --git a/test/snowpack-modules/package.json b/test/snowpack-modules/package.json
@@ -2,7 +2,7 @@
   "type": "module",
 
   "scripts": {
-    "test": "../node_modules/.bin/snowpack build; node build/index.js"
+    "test": "snowpack build && node build/index.js"
   },
   "engines": {
     "node": "14"

diff --git a/test/vite/package.json b/test/vite/package.json
@@ -1,5 +1,5 @@
 {
   "scripts": {
-    "test": "../node_modules/.bin/vite build && node build/index.js"
+    "test": "vite build && node build/index.js"
   }
 }
diff --git a/test/webpack-4-modules/package.json b/test/webpack-4-modules/package.json
@@ -1,5 +1,5 @@
 {
   "scripts": {
-    "test": "../node_modules/.bin/webpack && node build/main.js"
+    "test": "webpack && node build/main.js"
   }
 }