Skip to content

Commit 6b94203

Browse files
dgreifCopilotsmockle
authored
Supply chain improvements (#209)
* chore: Apply supply chain improvements Add the npm minimum release age policy, move CI and publish workflows to Node 26, pin third-party Actions to commit SHAs, switch npm publishing to OIDC provenance, and apply npm audit fixes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Update .github/workflows/accessibility-alt-text-bot.yml Co-authored-by: Clay Miller <clay@smockle.com> * Update .github/workflows/ci.yml * Update .github/workflows/publish.yml * Update .github/workflows/ci.yml * Update .github/workflows/publish.yml --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Clay Miller <clay@smockle.com>
1 parent f7f131c commit 6b94203

6 files changed

Lines changed: 26 additions & 24 deletions

File tree

.github/workflows/accessibility-alt-text-bot.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,4 +23,4 @@ jobs:
2323
if: ${{ github.event.issue || github.event.pull_request || github.event.discussion }}
2424
steps:
2525
- name: Get action 'github/accessibility-alt-text-bot'
26-
uses: github/accessibility-alt-text-bot@v1.7.3
26+
uses: github/accessibility-alt-text-bot@7e895d46677f15841def9acef1239ea7c12593a5 # v1.7.3

.github/workflows/ci.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,9 @@ jobs:
1111
lint:
1212
runs-on: ubuntu-latest
1313
steps:
14-
- uses: actions/checkout@v6
15-
- uses: actions/setup-node@v6
14+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
15+
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
1616
with:
17-
node-version: 22
17+
node-version: 26
1818
- run: npm ci
1919
- run: npm test

.github/workflows/publish.yml

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,10 @@ jobs:
1111
publish-npm:
1212
runs-on: ubuntu-latest
1313
steps:
14-
- uses: actions/checkout@v6
15-
- uses: actions/setup-node@v6
14+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
15+
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
1616
with:
17-
node-version: 22
17+
node-version: 26
1818
registry-url: https://registry.npmjs.org/
1919
cache: npm
2020
- run: npm ci
@@ -24,6 +24,4 @@ jobs:
2424
npm version ${TAG_NAME} --git-tag-version=false
2525
env:
2626
TAG_NAME: ${{github.event.release.tag_name}}
27-
- run: npm whoami; npm --ignore-scripts publish --provenance
28-
env:
29-
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
27+
- run: npm --ignore-scripts publish --provenance

.npmrc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
min-release-age=3

.nvmrc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
18
1+
26

package-lock.json

Lines changed: 16 additions & 13 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)