chore: enable pnpm trustPolicy no-downgrade for install-time provenance checks #295
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Nx Cloud Workflow Validations | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| validate: | |
| runs-on: ubuntu-latest | |
| env: | |
| NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 | |
| with: | |
| fetch-depth: 0 | |
| filter: 'tree:0' | |
| - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Audit dependencies | |
| run: pnpm audit --audit-level=critical | |
| - name: Verify bundled outputs match lockfile | |
| run: pnpm build-all | |
| - uses: nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1 # v4 | |
| - name: Run checks | |
| run: | | |
| pnpm nx-cloud conformance | |
| pnpm nx affected -t test |