Merge pull request #303 from docker/sec-cli/npm-ci-20260612-184924

fix: replace npm install with npm ci (20260612-184924)
fix: use lockfile-aware install commands
2026-06-14 15:21:56 +00:00 · 2026-06-12 14:08:05 -05:00 · 2026-06-12 18:49:25 +00:00
3 changed files with 3 additions and 3 deletions
@@ -11,7 +11,7 @@ on:

 jobs:
  run:
-    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
    permissions:
      contents: read
      pull-requests: write
@@ -19,7 +19,7 @@ on:

 jobs:
  zizmor:
-    uses: crazy-max/.github/.github/workflows/zizmor.yml@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
+    uses: crazy-max/.github/.github/workflows/zizmor.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
    permissions:
      contents: read
      security-events: write
@@ -17,7 +17,7 @@ FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
-  yarn install && mkdir /vendor && cp yarn.lock /vendor
+  yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor

 FROM scratch AS vendor-update
 COPY --from=deps /vendor /
Author	SHA1	Message	Date
temenuzhka-thede	eaefd20f59	Merge pull request #303 from docker/sec-cli/npm-ci-20260612-184924 ci / default (push) Has been cancelled Details ci / main (tonistiigi/binfmt:latest, all) (push) Has been cancelled Details ci / main (tonistiigi/binfmt:latest, arm64,riscv64,arm) (push) Has been cancelled Details ci / main (tonistiigi/binfmt:master, all) (push) Has been cancelled Details ci / main (tonistiigi/binfmt:master, arm64,riscv64,arm) (push) Has been cancelled Details ci / error (push) Has been cancelled Details ci / cache-image (false) (push) Has been cancelled Details ci / cache-image (true) (push) Has been cancelled Details ci / version (tonistiigi/binfmt:latest) (push) Has been cancelled Details ci / version (tonistiigi/binfmt:master) (push) Has been cancelled Details ci / version (tonistiigi/binfmt:qemu-v7.0.0) (push) Has been cancelled Details ci / reset (push) Has been cancelled Details codeql / analyze (push) Has been cancelled Details test / test (push) Has been cancelled Details validate / prepare (push) Has been cancelled Details zizmor / zizmor (push) Has been cancelled Details validate / validate (push) Has been cancelled Details fix: replace npm install with npm ci (20260612-184924)	2026-06-12 14:08:05 -05:00
securityeng-bot[bot]	d1e45353ee	fix: use lockfile-aware install commands	2026-06-12 18:49:25 +00:00