From 1c1f7da489b5cad79b0085dfe4bd0156e74cb1cf Mon Sep 17 00:00:00 2001 From: prisis Date: Thu, 2 Nov 2023 18:28:17 +0100 Subject: [PATCH] fix: fixed lint workflow --- .github/workflows/lint.yml | 22 +++++++++++++++------- package.json | 2 +- pnpm-lock.yaml | 8 ++++---- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ce4a46b..4b81d20 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,6 +26,11 @@ jobs: markdown_lintable: "${{ steps.changes.outputs.markdown_lintable }}" yaml_lintable: "${{ steps.changes.outputs.yaml_lintable }}" steps: + - name: "Harden Runner" + uses: "step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423" # v2.6.0 + with: + egress-policy: "audit" + - name: "Git checkout" uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 env: @@ -89,24 +94,22 @@ jobs: - uses: "pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598" # v2.4.0 with: - version: 8 run_install: false - - name: "Use Node.js 18.x" + - name: "Use Node.js 20.x" uses: "actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65" # v4.0.0 with: - node-version: "18.x" + node-version: "20.x" cache: "pnpm" + - name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies" + run: "pnpm dlx audit-ci@^6 --config ./audit-ci.jsonc --report-type=summary" + - name: "Install packages" run: "pnpm install --frozen-lockfile" env: - SKIP_BUILD: "true" SKIP_CHECK: "true" - - name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies" - run: "npm audit signatures" - - name: "lint" run: "pnpm run lint:text" continue-on-error: true @@ -126,6 +129,11 @@ jobs: steps: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure + - name: "Harden Runner" + uses: "step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423" # v2.6.0 + with: + egress-policy: "audit" + - name: "Check for failures" if: "contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')" run: | diff --git a/package.json b/package.json index d865302..3c0385c 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ }, "devDependencies": { "@anolilab/commitlint-config": "^5.0.1", - "@anolilab/lint-staged-config": "^2.1.3", + "@anolilab/lint-staged-config": "^2.1.4", "@anolilab/prettier-config": "^5.0.12", "@anolilab/semantic-release-preset": "^8.0.1", "@anolilab/textlint-config": "^8.0.14", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ff25f33..fcb4bc2 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,8 +9,8 @@ devDependencies: specifier: ^5.0.1 version: 5.0.1(@commitlint/cli@18.2.0)(typescript@5.2.2) '@anolilab/lint-staged-config': - specifier: ^2.1.3 - version: 2.1.3(husky@8.0.3)(lint-staged@15.0.2)(prettier@3.0.3)(secretlint@7.0.7) + specifier: ^2.1.4 + version: 2.1.4(husky@8.0.3)(lint-staged@15.0.2)(prettier@3.0.3)(secretlint@7.0.7) '@anolilab/prettier-config': specifier: ^5.0.12 version: 5.0.12(prettier@3.0.3) @@ -82,8 +82,8 @@ packages: - typescript dev: true - /@anolilab/lint-staged-config@2.1.3(husky@8.0.3)(lint-staged@15.0.2)(prettier@3.0.3)(secretlint@7.0.7): - resolution: {integrity: sha512-KAjUwYU2VDgN+wQiLR0K6aGI2UZiG4JyVVNK/Uextk5CYkVXeLVpL8dhjy9xjZfQqaCCSUyfYupdDTAL46+2xQ==} + /@anolilab/lint-staged-config@2.1.4(husky@8.0.3)(lint-staged@15.0.2)(prettier@3.0.3)(secretlint@7.0.7): + resolution: {integrity: sha512-g1ZuBd1sxx9+OMoVrv4f3aV9qU9t8f4O3UX4FEn7odnyAT/7lx3TxxK/Y1DIIbXxJYde5PlVFuZp3uWwJ7FIGw==} engines: {node: '>=18'} requiresBuild: true peerDependencies: