Skip to content

Commit

Permalink
ITSEC-2280 Add Dependency Review job; Add SBOM signing.
Browse files Browse the repository at this point in the history
  • Loading branch information
@immutable-art
immutable-art committed Oct 10, 2024
1 parent 9e1d397 commit 5ef4219
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
7 changes: 7 additions & 0 deletions .github/workflows/publish.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ jobs:
publish:
name: Publish to NPM
runs-on: ubuntu-latest
permissions:
attestations: write
steps:
- name: Checkout
uses: actions/checkout@v2
Expand Down Expand Up @@ -58,6 +60,11 @@ jobs:
run: |
rm -rf dist && yarn build
- name: Generate SDK attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: './dist'

- name: Publish package
uses: JS-DevTools/npm-publish@v1
with:
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,16 @@ jobs:
uses: actions/checkout@v3
- name: Run check script
run: sh readmecheck.sh
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
# Possible values: "critical", "high", "moderate", "low"
fail-on-severity: critical
publish:
name: Publish to NPM (dry run)
runs-on: ubuntu-latest
Expand Down

0 comments on commit 5ef4219

Please sign in to comment.