ci: harden pipeline #329

Workflow file for this run

	# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
	# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs
	name: Node.js lint
	on:
	push:
	branches: ['main']
	pull_request:
	branches: ['main']
	permissions:
	id-token: write
	attestations: write
	jobs:
	lint_typecheck:
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	attestations: write
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	fulcio.sigstore.dev:443
	github.com:443
	registry.yarnpkg.com:443
	rekor.sigstore.dev:443
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Setup nodejs
	uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
	with:
	node-version: lts/*
	- name: Cache node_modules
	id: node-modules
	uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
	with:
	path: \|
	node_modules
	example/node_modules
	.yarn/cache
	key: node-modules
	- run: yarn
	- run: yarn lint
	- run: yarn typecheck
	- run: yarn pack --out '%s_%v.tgz'
	- name: Upload Artifact
	uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
	with:
	name: package
	path: '${{ github.workspace }}/*.tgz'
	- name: Attest
	uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
	with:
	subject-path: '${{ github.workspace }}/*.tgz'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: harden pipeline #329

Workflow file

ci: harden pipeline #329

Jobs

Run details

Workflow file for this run