From 75b7ebfb4877756794f87bc7219bc4517f6f2fe9 Mon Sep 17 00:00:00 2001 From: jdalton Date: Wed, 1 Apr 2026 19:20:30 -0400 Subject: [PATCH] chore(ci): update socket-registry install action SHA pin Update SocketDev/socket-registry install action from 715b14fe to 24323cbd across ci, provenance, and weekly-update workflows. --- .github/workflows/ci.yml | 38 +++++++++++++++++++++-------- .github/workflows/provenance.yml | 19 ++++++++++----- .github/workflows/weekly-update.yml | 11 ++++----- 3 files changed, 46 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e73e81b6..4a0ae144f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -119,10 +119,13 @@ jobs: export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init } CODE - - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main + - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - name: Run lint - run: pnpm --filter @socketsecurity/cli run check + shell: bash + run: | + alias pnpm="$SFW_BIN pnpm" + pnpm --filter @socketsecurity/cli run check type-check: name: 🔍 Type Check @@ -184,10 +187,13 @@ jobs: export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init } CODE - - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main + - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - name: Run type check - run: pnpm --filter @socketsecurity/cli run type + shell: bash + run: | + alias pnpm="$SFW_BIN pnpm" + pnpm --filter @socketsecurity/cli run type # Sharded unit tests for faster CI. test-sharded: @@ -256,17 +262,23 @@ jobs: export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init } CODE - - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main + - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - name: Build CLI working-directory: packages/cli - run: pnpm run build + shell: bash + run: | + alias pnpm="$SFW_BIN pnpm" + pnpm run build - name: Run unit tests (shard ${{ matrix.shard }}) working-directory: packages/cli + shell: bash env: SHARD: ${{ matrix.shard }} - run: pnpm test:unit --shard="$SHARD"/3 + run: | + alias pnpm="$SFW_BIN pnpm" + pnpm test:unit --shard="$SHARD"/3 # E2E tests e2e: @@ -335,15 +347,21 @@ jobs: export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init } CODE - - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main + - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - name: Build CLI working-directory: packages/cli - run: pnpm run build + shell: bash + run: | + alias pnpm="$SFW_BIN pnpm" + pnpm run build - name: Run e2e tests (shard ${{ matrix.shard }}) working-directory: packages/cli + shell: bash env: SOCKET_CLI_API_TOKEN: ${{ secrets.SOCKET_CLI_API_TOKEN }} SHARD: ${{ matrix.shard }} - run: pnpm run e2e-tests --shard="$SHARD"/2 + run: | + alias pnpm="$SFW_BIN pnpm" + pnpm run e2e-tests --shard="$SHARD"/2 diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index fdb6f08f7..35828c2db 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -59,10 +59,13 @@ jobs: - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main + - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - name: Build CLI - run: pnpm --filter @socketsecurity/cli run build + shell: bash + run: | + alias pnpm="$SFW_BIN pnpm" + pnpm --filter @socketsecurity/cli run build - name: Generate platform matrix id: matrix @@ -104,7 +107,7 @@ jobs: - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main + - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - name: Download CLI bundle uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -119,6 +122,7 @@ jobs: MATRIX_PLATFORM: ${{ matrix.platform }} MATRIX_ARCH: ${{ matrix.arch }} run: | + alias pnpm="$SFW_BIN pnpm" LIBC_FLAG="" if [ "$MATRIX_LIBC" = "musl" ]; then LIBC_FLAG="--libc=musl" @@ -160,9 +164,9 @@ jobs: - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main + - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - - run: npm install -g npm@latest + - run: npm install -g npm@11.12.1 # Get versions for lock-stepped and independent packages. - name: Get versions @@ -260,7 +264,10 @@ jobs: # Build and publish JS packages. # Order: cli/cli-with-sentry first (independent), then socket (depends on @socketbin/*). - name: Build CLI - run: INLINED_PUBLISHED_BUILD=1 pnpm run build + shell: bash + run: | + alias pnpm="$SFW_BIN pnpm" + INLINED_PUBLISHED_BUILD=1 pnpm run build - name: Publish @socketsecurity/cli if: ${{ inputs.cli && !inputs.dry-run }} diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml index 743b5c3ee..eb4a65e21 100644 --- a/.github/workflows/weekly-update.yml +++ b/.github/workflows/weekly-update.yml @@ -38,11 +38,13 @@ jobs: node-version-file: .node-version cache: 'pnpm' - - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main + - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - name: Check for npm updates id: check + shell: bash run: | + alias pnpm="$SFW_BIN pnpm" echo "Checking for npm package updates..." HAS_UPDATES=false NPM_UPDATES=$(pnpm outdated 2>/dev/null || true) @@ -76,10 +78,7 @@ jobs: node-version-file: .node-version cache: 'pnpm' - - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main - - - name: Install Claude Code - run: npm install -g @anthropic-ai/claude-code + - uses: SocketDev/socket-registry/.github/actions/install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - name: Create update branch id: branch @@ -107,7 +106,7 @@ jobs: fi set +e - claude --print --dangerously-skip-permissions \ + pnpm exec claude --print --dangerously-skip-permissions \ --model sonnet \ "/updating - Run the updating skill to update all dependencies. Create atomic commits for each update. You are running in CI mode - skip builds and tests. Do not push or create a PR." \ 2>&1 | tee claude-output.log