Merge branch 'main' into lsep/fix-pseudotarget-filepath

This commit is contained in:
Lane Seppala
2022-06-28 11:34:24 -06:00
committed by GitHub
3 changed files with 23 additions and 2 deletions
+1
View File
@@ -0,0 +1 @@
dist/* linguist-generated=true
+8 -2
View File
@@ -24,8 +24,14 @@ jobs:
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
- run: npm ci --ignore-scripts
- name: Install NPM dependencies
run: npm ci --ignore-scripts
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
- run: npm rebuild && npm run all
- name: Build and run tests
run: npm rebuild && npm run all
- name: Verify no uncommitted files
run: '[ -z "$(git status --porcelain=v1 2>/dev/null)" ]'
shell: bash
+14
View File
@@ -3,6 +3,20 @@
This GitHub Action calculates dependencies for a Go build-target (a Go file with a
`main` function) and submits the list to the [Dependency submission API](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api). Dependencies then appear in your repository's dependency graph, and you'll receive Dependabot alerts and updates for vulnerable or out-of-date dependencies.
### Running locally
In order for NPM install to succeed (and not 401) you need to login to github's NPM feed:
```
npm login --scope=@github --registry=https://npm.pkg.github.com
```
Because we are checking in the Typescript output, you may see check failures if you don't generate the contents of `dist/` in a similar manner to our CI check. You can easily rectify this by regenerating in a codespace and using what we use in our workflow YAML:
```
npm ci --ignore-scripts
npm rebuild && npm run all
```
### Example
```yaml
name: Go Dependency Submission