feat: detect npm publish security downgrade #2776
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: lunaria | |
| on: | |
| # Trigger the workflow every time a pull request is opened or synchronized at the target `main` branch | |
| pull_request_target: | |
| types: [opened, synchronize] | |
| # Automatically cancel in-progress actions on the same branch | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| # Allow this job to clone the repository and comment on the pull request | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| lunaria-overview: | |
| name: 🌝 Generate Lunaria Overview | |
| runs-on: ubuntu-24.04-arm | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| # Necessary for Lunaria to work properly | |
| # Makes the action clone the entire git history | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version: lts/* | |
| - uses: pnpm/action-setup@1e1c8eafbd745f64b1ef30a7d7ed7965034c486c # 1e1c8eafbd745f64b1ef30a7d7ed7965034c486c | |
| name: 🟧 Install pnpm | |
| with: | |
| cache: true | |
| - name: 📦 Install dependencies | |
| run: pnpm install | |
| - name: Generate Lunaria Overview | |
| uses: lunariajs/action@4911ad0736d1e3b20af4cb70f5079aea2327ed8e # v1-prerelease |