Skip to content

Commit 8505b25

Browse files
Missing ignore script updated (AST-160327) (#722)
* Ignore script related changes * Commented first line of npmrc * Check one lock file should be there * added --ignore-scripts
1 parent 593e9b0 commit 8505b25

4 files changed

Lines changed: 49 additions & 10 deletions

File tree

.github/workflows/ci.yml

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,18 @@ jobs:
1414
steps:
1515
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
1616

17+
- name: Verify single lockfile
18+
run: |
19+
if [ -f package-lock.json ] && [ -f yarn.lock ]; then
20+
echo "ERROR: Both lockfiles exist"
21+
exit 1
22+
fi
23+
24+
if [ ! -f yarn.lock ] && [ ! -f package-lock.json ]; then
25+
echo "ERROR: No lockfile found,Policy requires exactly ONE package manager lockfile"
26+
exit 1
27+
fi
28+
1729
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
1830
with:
1931
node-version: 20
@@ -26,9 +38,9 @@ jobs:
2638

2739
- name: npm install
2840
run: |
29-
npm install
41+
npm ci --ignore-scripts
3042
cd cxAstScan/
31-
npm install
43+
npm ci --ignore-scripts
3244
3345
- name: Code Linting
3446
run: npm run lint

.github/workflows/release.yml

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,18 @@ jobs:
4141
steps:
4242
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
4343

44+
- name: Verify single lockfile
45+
run: |
46+
if [ -f package-lock.json ] && [ -f yarn.lock ]; then
47+
echo "ERROR: Both lockfiles exist"
48+
exit 1
49+
fi
50+
51+
if [ ! -f yarn.lock ] && [ ! -f package-lock.json ]; then
52+
echo "ERROR: No lockfile found,Policy requires exactly ONE package manager lockfile"
53+
exit 1
54+
fi
55+
4456
- name: Set Extension and Publisher ID
4557
run: |
4658
if [ "${{ inputs.dev }}" == "true" ]; then
@@ -114,9 +126,9 @@ jobs:
114126

115127
- name: Build step
116128
run: |
117-
npm install
129+
npm ci --ignore-scripts
118130
cd cxAstScan/
119-
npm install
131+
npm ci --ignore-scripts
120132
121133
- run: npm run build
122134

.github/workflows/update-js-runtime-wrapper.yml

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,18 @@ jobs:
2222
- name: Checkout Repository
2323
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
2424

25+
- name: Verify single lockfile
26+
run: |
27+
if [ -f package-lock.json ] && [ -f yarn.lock ]; then
28+
echo "ERROR: Both lockfiles exist"
29+
exit 1
30+
fi
31+
32+
if [ ! -f yarn.lock ] && [ ! -f package-lock.json ]; then
33+
echo "ERROR: No lockfile found,Policy requires exactly ONE package manager lockfile"
34+
exit 1
35+
fi
36+
2537
- name: Determine Version
2638
id: get_version
2739
run: |
@@ -59,9 +71,9 @@ jobs:
5971

6072
- name: Build step
6173
run: |
62-
npm install
74+
npm ci --ignore-scripts
6375
cd cxAstScan/
64-
npm install
76+
npm ci --ignore-scripts
6577
6678
- name: Commit Changes
6779
run: |

.npmrc

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,11 @@
1-
Default registry for most packages
1+
# Default registry for most packages
22
registry=https://npm.echohq.com/
3-
3+
44
# GitHub Packages scope
55
@Checkmarx:registry=https://npm.pkg.github.com/
6-
6+
77
# GitHub Packages auth
8-
//npm.pkg.github.com/:_authToken=
8+
//npm.pkg.github.com/:_authToken=
9+
10+
# Supply Chain Security Policy: Block lifecycle scripts
11+
ignore-scripts=true

0 commit comments

Comments
 (0)