adding cosign signatures in github action release workflow to increase supply chain security #411
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will do a clean install of node dependencies, | |
| # cache/restore them, build the source code and run tests. | |
| name: Node.js CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| build-and-test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [16.x] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'yarn' | |
| - run: yarn install --pure-lockfile | |
| - run: yarn run build | |
| - run: yarn run test --passWithNoTests | |
| env: | |
| CI: true | |
| - run: yarn run check-format | |
| env: | |
| CI: true |