chore(ci): update socket-registry install action SHA pin (#1147)

Update SocketDev/socket-registry install action from 715b14fe to 24323cbd
across ci, provenance, and weekly-update workflows.

Author: jdalton

.github/workflows/ci.yml

@@ -119,10 +119,13 @@ jobs:
           export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init }
           CODE
 
-      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+      - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main
 
       - name: Run lint
-        run: pnpm --filter @socketsecurity/cli run check
+        shell: bash
+        run: |
+          alias pnpm="$SFW_BIN pnpm"
+          pnpm --filter @socketsecurity/cli run check
 
   type-check:
     name: 🔍 Type Check
@@ -184,10 +187,13 @@ jobs:
           export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init }
           CODE
 
-      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+      - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main
 
       - name: Run type check
-        run: pnpm --filter @socketsecurity/cli run type
+        shell: bash
+        run: |
+          alias pnpm="$SFW_BIN pnpm"
+          pnpm --filter @socketsecurity/cli run type
 
   # Sharded unit tests for faster CI.
   test-sharded:
@@ -256,17 +262,23 @@ jobs:
           export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init }
           CODE
 
-      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+      - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main
 
       - name: Build CLI
         working-directory: packages/cli
-        run: pnpm run build
+        shell: bash
+        run: |
+          alias pnpm="$SFW_BIN pnpm"
+          pnpm run build
 
       - name: Run unit tests (shard ${{ matrix.shard }})
         working-directory: packages/cli
+        shell: bash
         env:
           SHARD: ${{ matrix.shard }}
-        run: pnpm test:unit --shard="$SHARD"/3
+        run: |
+          alias pnpm="$SFW_BIN pnpm"
+          pnpm test:unit --shard="$SHARD"/3
 
   # E2E tests
   e2e:
@@ -335,15 +347,21 @@ jobs:
           export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init }
           CODE
 
-      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+      - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main
 
       - name: Build CLI
         working-directory: packages/cli
-        run: pnpm run build
+        shell: bash
+        run: |
+          alias pnpm="$SFW_BIN pnpm"
+          pnpm run build
 
       - name: Run e2e tests (shard ${{ matrix.shard }})
         working-directory: packages/cli
+        shell: bash
         env:
           SOCKET_CLI_API_TOKEN: ${{ secrets.SOCKET_CLI_API_TOKEN }}
           SHARD: ${{ matrix.shard }}
-        run: pnpm run e2e-tests --shard="$SHARD"/2
+        run: |
+          alias pnpm="$SFW_BIN pnpm"
+          pnpm run e2e-tests --shard="$SHARD"/2

.github/workflows/provenance.yml

@@ -59,10 +59,13 @@ jobs:
 
       - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
 
-      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+      - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main
 
       - name: Build CLI
-        run: pnpm --filter @socketsecurity/cli run build
+        shell: bash
+        run: |
+          alias pnpm="$SFW_BIN pnpm"
+          pnpm --filter @socketsecurity/cli run build
 
       - name: Generate platform matrix
         id: matrix
@@ -104,7 +107,7 @@ jobs:
 
       - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
 
-      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+      - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main
 
       - name: Download CLI bundle
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@@ -119,6 +122,7 @@ jobs:
           MATRIX_PLATFORM: ${{ matrix.platform }}
           MATRIX_ARCH: ${{ matrix.arch }}
         run: |
+          alias pnpm="$SFW_BIN pnpm"
           LIBC_FLAG=""
           if [ "$MATRIX_LIBC" = "musl" ]; then
             LIBC_FLAG="--libc=musl"
@@ -160,9 +164,9 @@ jobs:
 
       - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
 
-      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+      - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main
 
-      - run: npm install -g npm@latest
+      - run: npm install -g npm@11.12.1
 
       # Get versions for lock-stepped and independent packages.
       - name: Get versions
@@ -260,7 +264,10 @@ jobs:
       # Build and publish JS packages.
       # Order: cli/cli-with-sentry first (independent), then socket (depends on @socketbin/*).
       - name: Build CLI
-        run: INLINED_PUBLISHED_BUILD=1 pnpm run build
+        shell: bash
+        run: |
+          alias pnpm="$SFW_BIN pnpm"
+          INLINED_PUBLISHED_BUILD=1 pnpm run build
 
       - name: Publish @socketsecurity/cli
         if: ${{ inputs.cli && !inputs.dry-run }}

.github/workflows/weekly-update.yml

@@ -38,11 +38,13 @@ jobs:
           node-version-file: .node-version
           cache: 'pnpm'
 
-      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+      - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main
 
       - name: Check for npm updates
         id: check
+        shell: bash
         run: |
+          alias pnpm="$SFW_BIN pnpm"
           echo "Checking for npm package updates..."
           HAS_UPDATES=false
           NPM_UPDATES=$(pnpm outdated 2>/dev/null || true)
@@ -76,10 +78,7 @@ jobs:
           node-version-file: .node-version
           cache: 'pnpm'
 
-      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
-
-      - name: Install Claude Code
-        run: npm install -g @anthropic-ai/claude-code
+      - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main
 
       - name: Create update branch
         id: branch
@@ -107,7 +106,7 @@ jobs:
           fi
 
           set +e
-          claude --print --dangerously-skip-permissions \
+          pnpm exec claude --print --dangerously-skip-permissions \
             --model sonnet \
             "/updating - Run the updating skill to update all dependencies. Create atomic commits for each update. You are running in CI mode - skip builds and tests. Do not push or create a PR." \
             2>&1 | tee claude-output.log