Merge pull request #282 from 18F/test-audit-signatures-workflow

levinmr · web-flow · commit 215e1c71986a · 2024-11-15T15:41:27.000-05:00
Add 'npm audit signatures' to workflow.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,8 +17,24 @@ jobs:
         run: npm ci
       - name: Lint javascript
         run: npm run lint
+  audit_dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Code checkout
+        uses: actions/checkout@v4
+      - name: Install node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: 'npm'
+      - name: Install node dependencies
+        run: npm ci
+      - name: Validate npm package signatures
+        run: npm audit signatures
   test:
-    needs: lint
+    needs:
+      - lint
+      - audit_dependencies
     runs-on: ubuntu-latest
     # Start Postgres as a service, wait until healthy. Uses latest Postgres version.
     services:
@@ -50,6 +66,7 @@ jobs:
   deploy_dev:
     needs:
       - lint
+      - audit_dependencies
       - test
     if: github.ref == 'refs/heads/develop'
     uses: 18F/analytics-reporter-api/.github/workflows/deploy.yml@develop
@@ -67,6 +84,7 @@ jobs:
   deploy_stg:
     needs:
       - lint
+      - audit_dependencies
       - test
     if: github.ref == 'refs/heads/staging'
     uses: 18F/analytics-reporter-api/.github/workflows/deploy.yml@develop
@@ -84,6 +102,7 @@ jobs:
   deploy_prd:
     needs:
       - lint
+      - audit_dependencies
       - test
     if: github.ref == 'refs/heads/master'
     uses: 18F/analytics-reporter-api/.github/workflows/deploy.yml@develop
