diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 046755f1d..0ddd6ed28 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -21,30 +21,33 @@ jobs: steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 + with: + version: 10 + run_install: false - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' - cache: npm + cache: pnpm scope: '@socketsecurity' - - run: npm install -g npm@latest - - run: npm ci - - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 npm run build:dist - - run: npm publish --provenance --access public + - run: pnpm install --frozen-lockfile + - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist + - run: pnpm publish --provenance --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} SOCKET_CLI_DEBUG: ${{ inputs.debug }} - - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_LEGACY_BUILD=1 npm run build:dist + - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_LEGACY_BUILD=1 pnpm run build:dist env: SOCKET_CLI_DEBUG: ${{ inputs.debug }} - - run: npm publish --provenance --access public + - run: pnpm publish --provenance --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} SOCKET_CLI_DEBUG: ${{ inputs.debug }} - - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_SENTRY_BUILD=1 npm run build:dist + - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_SENTRY_BUILD=1 pnpm run build:dist env: SOCKET_CLI_DEBUG: ${{ inputs.debug }} - - run: npm publish --provenance --access public + - run: pnpm publish --provenance --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} SOCKET_CLI_DEBUG: ${{ inputs.debug }}