Merge pull request #789 from edoardopirovano/secure-workflow
Improve workflow to update dependencies
This commit is contained in:
Edoardo Pirovano
GitHub
commit
0ebee75b04
1 changed files with 3 additions and 3 deletions
6
.github/workflows/update-dependencies.yml
vendored
6
.github/workflows/update-dependencies.yml
vendored
|
|
@ -7,7 +7,7 @@ jobs:
|
|||
update:
|
||||
name: Update dependencies
|
||||
runs-on: macos-latest
|
||||
if: contains(github.event.pull_request.labels.*.name, 'Update dependencies')
|
||||
if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && ${{ github.event.pull_request.head.repo.full_name == 'github/codeql-action' }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
|
|
@ -24,8 +24,8 @@ jobs:
|
|||
env:
|
||||
BRANCH: '${{ github.head_ref }}'
|
||||
run: |
|
||||
git fetch
|
||||
git checkout $BRANCH
|
||||
git fetch origin "$BRANCH" --depth=1
|
||||
git checkout "origin/$BRANCH"
|
||||
sudo npm install --force -g npm@latest
|
||||
npm install
|
||||
npm ci
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue