ci: audit signatures on releases (#356)

* ci: audit signatures on releases * pretty yml
tigrisdata-archive · May 9, 2023 · 0a038be · 0a038be
1 parent 9a9c5ef
commit 0a038be
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 14 deletions.
diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml
@@ -20,12 +20,8 @@ jobs:
           node-version: 18
       - name: Install dependencies
         run: npm ci
-      - name: Install semantic-release
-        run: |
-          npm install --no-package-lock --no-save \
-              @semantic-release/commit-analyzer \
-              @semantic-release/release-notes-generator \
-              @semantic-release/github
+      - name: Verify the signatures for installed dependencies
+        run: npm audit signatures
       - name: Release dry run
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -37,12 +37,8 @@ jobs:
           node-version: 18
       - name: Build package
         run: npm ci
-      - name: Install semantic-release
-        run: |
-          npm install --no-package-lock --no-save \
-              @semantic-release/commit-analyzer \
-              @semantic-release/release-notes-generator \
-              @semantic-release/github
+      - name: Verify the signatures for installed dependencies
+        run: npm audit signatures
       - name: Release
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

diff --git a/package.json b/package.json
@@ -69,13 +69,13 @@
 		"lint": "node ./node_modules/eslint/bin/eslint src/ --ext .ts",
 		"lint-fix": "npx eslint --ext .ts --fix src/",
 		"tsc": "tsc && npm run copy_api",
-		"build": "npm install && npm run protoc && npm run tsc",
+		"build": "npm install && npm audit signatures && npm run protoc && npm run tsc",
 		"test": "jest --runInBand --coverage --silent --detectOpenHandles",
 		"prettier-check": "npx prettier --check .",
 		"prettify": "npx prettier --write .",
 		"preversion": "npm run lint && npm run prettier-check",
 		"prepare": "npm run init_api && npm run protoc && npm run tsc",
-		"prepublishOnly": "npm test && npm run lint && npm run prettier-check"
+		"prepublishOnly": "npm audit signatures && npm test && npm run lint && npm run prettier-check"
 	},
 	"engines": {
 		"node": ">= 12.0.0"