mirrors/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-12-03 16:41:19 +01:00
Code Issues Projects Releases Wiki Activity

Protect CI against supply chain attack on nodejs

Browse Source
This commit is contained in:
Michel Loiseleur 2025-12-01 14:58:05 +01:00 committed by GitHub
parent 042feacf3e
commit e15c11961f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/template-webui.yaml vendored
View File

@ -1,6 +1,8 @@
name: Build Web UI name: Build Web UI
on: on:
workflow_call: {} workflow_call: {}
env:
SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: 360 # 15 days
jobs: jobs:
build-webui: build-webui:
@ -19,10 +21,16 @@ jobs:
cache: yarn cache: yarn
cache-dependency-path: webui/yarn.lock cache-dependency-path: webui/yarn.lock
- name: Setup safe-chain
working-directory: ./webui
run: |
npm i -g @aikidosec/safe-chain
safe-chain setup-ci
- name: Build webui - name: Build webui
working-directory: ./webui working-directory: ./webui
run: | run: |
yarn install yarn install --ignore-scripts
yarn build yarn build
- name: Package webui - name: Package webui

7
.github/workflows/test-unit.yaml vendored
View File

@ -80,7 +80,12 @@ jobs:
cache: 'yarn' cache: 'yarn'
cache-dependency-path: webui/yarn.lock cache-dependency-path: webui/yarn.lock
- name: Setup safe-chain
run: |
npm i -g @aikidosec/safe-chain
safe-chain setup-ci
- name: UI unit tests - name: UI unit tests
run: | run: |
yarn --cwd webui install yarn --cwd webui install --ignore-scripts
yarn --cwd webui test:unit:ci yarn --cwd webui test:unit:ci