From d2db90c2408011f14d45d0e43d712c8c5d209d81 Mon Sep 17 00:00:00 2001 From: barslev Date: Mon, 15 Sep 2025 12:45:25 +0200 Subject: [PATCH 1/6] Update publish npm package to use pnpm --- .github/workflows/provenance.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 046755f1d..a54266bf0 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -27,24 +27,24 @@ jobs: registry-url: 'https://registry.npmjs.org' cache: npm scope: '@socketsecurity' - - run: npm install -g npm@latest - - run: npm ci - - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 npm run build:dist - - run: npm publish --provenance --access public + - run: pnpm install -g pnpm@latest + - run: pnpm ci + - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist + - run: pnpm publish --provenance --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} SOCKET_CLI_DEBUG: ${{ inputs.debug }} - - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_LEGACY_BUILD=1 npm run build:dist + - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_LEGACY_BUILD=1 pnpm run build:dist env: SOCKET_CLI_DEBUG: ${{ inputs.debug }} - - run: npm publish --provenance --access public + - run: pnpm publish --provenance --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} SOCKET_CLI_DEBUG: ${{ inputs.debug }} - - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_SENTRY_BUILD=1 npm run build:dist + - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_SENTRY_BUILD=1 pnpm run build:dist env: SOCKET_CLI_DEBUG: ${{ inputs.debug }} - - run: npm publish --provenance --access public + - run: pnpm publish --provenance --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} SOCKET_CLI_DEBUG: ${{ inputs.debug }} From 193b9c00c06f2e4aecc70cbae033cfc568e4f8a7 Mon Sep 17 00:00:00 2001 From: barslev Date: Mon, 15 Sep 2025 12:53:15 +0200 Subject: [PATCH 2/6] Another attempt for fixing publishing npm package --- .github/workflows/provenance.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index a54266bf0..7c863ff5f 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -25,10 +25,10 @@ jobs: with: node-version: '22' registry-url: 'https://registry.npmjs.org' - cache: npm + cache: pnpm scope: '@socketsecurity' - - run: pnpm install -g pnpm@latest - - run: pnpm ci + - run: npm install -g pnpm@latest + - run: pnpm install - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist - run: pnpm publish --provenance --access public env: From df496c6546e33726687cce3c6b53f003a393d6c3 Mon Sep 17 00:00:00 2001 From: barslev Date: Mon, 15 Sep 2025 12:54:37 +0200 Subject: [PATCH 3/6] Use --ci option for pnpm install --- .github/workflows/provenance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 7c863ff5f..955db2a52 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -28,7 +28,7 @@ jobs: cache: pnpm scope: '@socketsecurity' - run: npm install -g pnpm@latest - - run: pnpm install + - run: pnpm install --ci - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist - run: pnpm publish --provenance --access public env: From 52f798a5b16dddd47d00bb997a8f001607ea4a90 Mon Sep 17 00:00:00 2001 From: barslev Date: Mon, 15 Sep 2025 13:02:44 +0200 Subject: [PATCH 4/6] Setup pnpm before setup-node --- .github/workflows/provenance.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 955db2a52..96c47ae76 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -21,13 +21,16 @@ jobs: steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + with: + version: 10 + run_install: false - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' cache: pnpm scope: '@socketsecurity' - - run: npm install -g pnpm@latest - run: pnpm install --ci - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist - run: pnpm publish --provenance --access public From 9649108649c08b827634a05665e353014f9f029f Mon Sep 17 00:00:00 2001 From: barslev Date: Mon, 15 Sep 2025 13:05:17 +0200 Subject: [PATCH 5/6] Use --frozen-lockfile in pnpm install command --- .github/workflows/provenance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 96c47ae76..c7ad15a69 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -31,7 +31,7 @@ jobs: registry-url: 'https://registry.npmjs.org' cache: pnpm scope: '@socketsecurity' - - run: pnpm install --ci + - run: pnpm install --frozen-lockfile - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist - run: pnpm publish --provenance --access public env: From 83077269e91268205aa9afb03c77b7528e5af039 Mon Sep 17 00:00:00 2001 From: barslev Date: Mon, 15 Sep 2025 13:07:58 +0200 Subject: [PATCH 6/6] Use v4 of pnpm/action-setup as that is used in another workflow --- .github/workflows/provenance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index c7ad15a69..0ddd6ed28 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -21,7 +21,7 @@ jobs: steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 with: version: 10 run_install: false