diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 39bb705..ac27704 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,12 +35,6 @@ jobs: with: node-version: 22.11.0 registry-url: https://npm.echohq.com/ - - name: Configure echohq auth (both hosts) - env: - ECHO_LIBRARIES_ACCESS_KEY: ${{ secrets.ECHO_LIBRARIES_ACCESS_KEY }} - run: | - npm config set //npm.echohq.com/:_authToken "${ECHO_LIBRARIES_ACCESS_KEY}" - npm config set //packages.echohq.com/:_authToken "${ECHO_LIBRARIES_ACCESS_KEY}" - run: npm ci env: ECHO_LIBRARIES_ACCESS_KEY: ${{ secrets.ECHO_LIBRARIES_ACCESS_KEY }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7792f44..0914663 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -101,14 +101,6 @@ jobs: node-version: 22.11.0 registry-url: https://npm.echohq.com/ - # CONFIGURE ECHOHQ AUTH - - name: Configure echohq auth (both hosts) - env: - ECHO_LIBRARIES_ACCESS_KEY: ${{ secrets.ECHO_LIBRARIES_ACCESS_KEY }} - run: | - npm config set //npm.echohq.com/:_authToken "${ECHO_LIBRARIES_ACCESS_KEY}" - npm config set //packages.echohq.com/:_authToken "${ECHO_LIBRARIES_ACCESS_KEY}" - # CONFIGURE GITHUB PACKAGES AUTH FOR PUBLISH - name: Configure GitHub Packages auth env: diff --git a/.github/workflows/scan-github-action.yml b/.github/workflows/scan-github-action.yml new file mode 100644 index 0000000..e41d5bb --- /dev/null +++ b/.github/workflows/scan-github-action.yml @@ -0,0 +1,30 @@ +name: Scan for GitHub Actions issues + +on: + pull_request: + +concurrency: + group: ${{ github.workflow }}-${{ github.repository }}-${{ github.ref }} + +permissions: {} + +jobs: + zizmor: + name: Scan repository contents + runs-on: cx-private-ubuntu-x64 + permissions: + contents: read + steps: + - name: Check out repository + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + with: + persist-credentials: false + + - name: Run Zizmor linter + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 + with: + advanced-security: false + annotations: false + persona: pedantic + fail-on-no-inputs: false + online-audits: false \ No newline at end of file diff --git a/.npmrc b/.npmrc index 3280741..7799f5c 100644 --- a/.npmrc +++ b/.npmrc @@ -1,6 +1,6 @@ # Default registry for most packages registry=https://npm.echohq.com/ -//npm.echohq.com/:_authToken= -//packages.echohq.com/:_authToken= +//npm.echohq.com/:_authToken=${ECHO_LIBRARIES_ACCESS_KEY} +//packages.echohq.com/:_authToken=${ECHO_LIBRARIES_ACCESS_KEY} always-auth=true ignore-scripts=true \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index e847573..aaa1770 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@Checkmarx/ast-cli-javascript-wrapper", - "version": "0.0.158", + "version": "0.0.159", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@Checkmarx/ast-cli-javascript-wrapper", - "version": "0.0.158", + "version": "0.0.159", "license": "ISC", "dependencies": { "log4js": "^6.9.1" diff --git a/package.json b/package.json index 3e95b18..027d1e0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@Checkmarx/ast-cli-javascript-wrapper", - "version": "0.0.158", + "version": "0.0.159", "description": "AST CLI Javascript wrapper", "main": "dist/main/wrapper/CxWrapper.js", "typings": "dist/main/wrapper/CxWrapper.d.ts",