diff --git a/.github/workflows/plugin-ci.yaml b/.github/workflows/plugin-ci.yaml index 07e8947..4a9d5fe 100644 --- a/.github/workflows/plugin-ci.yaml +++ b/.github/workflows/plugin-ci.yaml @@ -99,6 +99,7 @@ jobs: - name: Setup pnpm (via Corepack, reads version from packageManager field) if: steps.pkg-manager.outputs.manager == 'pnpm' && steps.pkg-manager.outputs.has_package_manager == 'true' run: | + npm install -g corepack corepack enable pnpm corepack install @@ -168,8 +169,6 @@ jobs: - name: Security audit run: | - if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then - pnpm audit --prod - else - npm audit --omit=dev - fi + # npm retired the audit endpoint pnpm uses. Use npm's audit for both + # package managers to avoid 410 errors. + npm audit --omit=dev diff --git a/.github/workflows/plugin-release.yaml b/.github/workflows/plugin-release.yaml index eba33be..f133766 100644 --- a/.github/workflows/plugin-release.yaml +++ b/.github/workflows/plugin-release.yaml @@ -118,6 +118,7 @@ jobs: - name: Setup pnpm (via Corepack, reads version from packageManager field) if: steps.pkg-manager.outputs.manager == 'pnpm' && steps.pkg-manager.outputs.has_package_manager == 'true' run: | + npm install -g corepack corepack enable pnpm corepack install @@ -205,6 +206,19 @@ jobs: tar -tzf "${{ env.TARBALL }}" | head -20 tar -tzf "${{ env.TARBALL }}" | grep -q "main.js" || { echo "Error: main.js not found in tarball"; exit 1; } + - name: Rebuild tarball + run: | + rm -f "${{ env.TARBALL }}" + npx @kinvolk/headlamp-plugin package + for f in *.tar.gz; do + [ "$f" != "${{ env.TARBALL }}" ] && mv "$f" "${{ env.TARBALL }}" + done + + - name: Validate rebuilt tarball + run: | + tar -tzf "${{ env.TARBALL }}" | grep -q "main.js" || \ + { echo "Error: main.js not found after rebuild"; exit 1; } + - name: Compute checksum run: | CHECKSUM=$(sha256sum "${{ env.TARBALL }}" | awk '{print $1}')