Skip to content

Commit 3d829e3

Browse files
sapphi-redsapphi-red
committed
ci: disallow installation scripts before publish
1 parent 3e3af0c commit 3d829e3

File tree

2 files changed

+6
-0
lines changed

2 files changed

+6
-0
lines changed

.github/workflows/publish.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ jobs:
2727
# disable cache, to avoid cache poisoning (https://docs.zizmor.sh/audits/#cache-poisoning)
2828
package-manager-cache: false
2929

30+
- name: Disallow installation scripts
31+
run: yq '.onlyBuiltDependencies = []' -i pnpm-workspace.yaml
32+
3033
- name: Install deps
3134
run: pnpm install
3235
env:

.github/workflows/release-continuous.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,9 @@ jobs:
2929
# disable cache, to avoid cache poisoning (https://docs.zizmor.sh/audits/#cache-poisoning)
3030
package-manager-cache: false
3131

32+
- name: Disallow installation scripts
33+
run: yq '.onlyBuiltDependencies = []' -i pnpm-workspace.yaml
34+
3235
- name: Install dependencies
3336
run: pnpm install
3437

0 commit comments

Comments
 (0)