davidwindham.com
forked from
npmx.dev/npmx.dev
[READ-ONLY]
a fast, modern browser for the npm registry
1name: provenance
2
3on:
4 push:
5 branches:
6 - main
7 paths:
8 - pnpm-lock.yaml
9 pull_request:
10 branches:
11 - main
12 paths:
13 - pnpm-lock.yaml
14 merge_group:
15 branches:
16 - main
17
18permissions:
19 contents: read
20
21jobs:
22 check-provenance:
23 name: 🔒 Check provenance downgrades
24 runs-on: ubuntu-slim
25 steps:
26 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
27 with:
28 fetch-depth: 0
29
30 - name: Check provenance downgrades
31 uses: danielroe/provenance-action@41bcc969e579d9e29af08ba44fcbfdf95cee6e6c # v0.1.1
32 with:
33 fail-on-provenance-change: true