Skip to content

Commit 2618125

Browse files
committed
fix(ci): satisfy zizmor on publish workflow
- Disable setup-node package-manager cache in release workflow (cache-poisoning) - Replace archived create-release/upload-release-asset with gh release create (archived-uses, superfluous-actions)
1 parent 2d7859e commit 2618125

File tree

1 file changed

+9
-20
lines changed

1 file changed

+9
-20
lines changed

.github/workflows/provenance.yml

Lines changed: 9 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ jobs:
3030
node-version: '22'
3131
registry-url: 'https://registry.npmjs.org'
3232
scope: '@socketregistry'
33+
package-manager-cache: false
3334
- run: npm install -g npm@latest
3435
- run: npm ci
3536
- name: Build package
@@ -42,25 +43,13 @@ jobs:
4243
env:
4344
SOCKET_CLI_DEBUG: ${{ inputs.debug }}
4445
- name: Create GitHub Release
45-
id: create_release
46-
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1
4746
env:
4847
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
49-
with:
50-
tag_name: v${{ steps.package-version.outputs.version }}
51-
release_name: Release v${{ steps.package-version.outputs.version }}
52-
body: |
53-
Release of @socketsecurity/mcp v${{ steps.package-version.outputs.version }}
54-
55-
This release has been published to npm with provenance.
56-
draft: false
57-
prerelease: false
58-
- name: Upload Package to Release
59-
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1
60-
env:
61-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
62-
with:
63-
upload_url: ${{ steps.create_release.outputs.upload_url }}
64-
asset_path: ./socketsecurity-mcp-${{ steps.package-version.outputs.version }}.tgz
65-
asset_name: socketsecurity-mcp-${{ steps.package-version.outputs.version }}.tgz
66-
asset_content_type: application/gzip
48+
VERSION: ${{ steps.package-version.outputs.version }}
49+
run: |
50+
notes=$(printf '%s\n\n%s' \
51+
"Release of @socketsecurity/mcp v${VERSION}" \
52+
"This release has been published to npm with provenance.")
53+
gh release create "v${VERSION}" "socketsecurity-mcp-${VERSION}.tgz" \
54+
--title "Release v${VERSION}" \
55+
--notes "$notes"

0 commit comments

Comments
 (0)