fix: fixed npm package audit, added new run-npm-audit option

anolilab · May 21, 2024 · 6f06744 · 6f06744
1 parent ca35076
commit 6f06744
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/step/setup/action.yml b/step/setup/action.yml
@@ -30,6 +30,10 @@ inputs:
         description: "The npm version to use"
         required: false
         default: "true"
+    run-npm-audit:
+        description: "Run the audit-ci audit before we run pnpm install"
+        required: false
+        default: "true"
     npm-version:
         description: "The npm version to use"
         required: false
@@ -143,8 +147,9 @@ runs:
           run: "lz4 -d /tmp/nx_cache.tar.lz4 | tar -xf - ;" # decompress nx cache
 
         - name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies"
+          if: "inputs.run-npm-audit == 'true'"
           shell: "bash"
-          run: "pnpm run audit --report-type=summary"
+          run: "pnpm dlx audit-ci@^6 --config ./audit-ci.jsonc --report-type=summary"
 
         - name: "Install packages"
           shell: "bash"