authentik

eliott/authentik

Fork 0

mirror of https://github.com/goauthentik/authentik synced 2026-05-14 19:06:39 +02:00

Commit Graph

Author	SHA1	Message	Date
Teffen Ellis	9543b3c9f6	ci: Consistent NPM versions via Corepack (#20400 ) * core: add .npmrc baseline to block dependency lifecycle scripts Set ignore-scripts=true at the repo root, plus engine-strict, save-exact, audit, and prefer-offline. This neutralizes the dominant npm supply-chain attack vector — postinstall scripts in transitive dependencies — at the cost of requiring an explicit rebuild for the handful of packages that legitimately need install scripts (esbuild, chromedriver, tree-sitter, tree-sitter-json). The next commit wires that rebuild into the Makefile. Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> * core: route node installs through make to retire website preinstall hook Make docs-install depend on a new root-node-install so the root deps are guaranteed before the website install runs, removing the need for the website/preinstall lifecycle script. Rebuild the small audited list of trusted packages (esbuild, chromedriver, tree-sitter, tree-sitter-json) after the web install so ignore-scripts=true remains the only path that needs maintenance. web/README documents the new workflow. Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> * Clean up install scripts. * Track .npmrc in CODEOWNERS * Fix formatter config. Reformat. * Fix mounted references. * Flesh out node scripts. * Bump engines. * Prep containers. * Update makefile. * Flesh out github actions. * Clean up docs container. * lint. Bump. Lint. Bump NPM version. * Add limits. * collapse the composite's three setup-node calls to one cache restore * Add SHA. * Bump NPM range. * Run formatter. * Bump NPM. * Remove extra install. * Fix website deps. * Use local prettier. Fix drift in CI. * ci: build frontend in CI with node_env production Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Install docusaurus config. * Fix linter warning, order. * Add linter commands. * Add timeout. * Remove pre install check. --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-05-13 22:05:07 +00:00

Author

SHA1

Message

Date

Teffen Ellis

9543b3c9f6

ci: Consistent NPM versions via Corepack (#20400 )

* core: add .npmrc baseline to block dependency lifecycle scripts

Set ignore-scripts=true at the repo root, plus engine-strict, save-exact,
audit, and prefer-offline. This neutralizes the dominant npm supply-chain
attack vector — postinstall scripts in transitive dependencies — at the
cost of requiring an explicit rebuild for the handful of packages that
legitimately need install scripts (esbuild, chromedriver, tree-sitter,
tree-sitter-json). The next commit wires that rebuild into the Makefile.

Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com>

* core: route node installs through make to retire website preinstall hook

Make docs-install depend on a new root-node-install so the root deps
are guaranteed before the website install runs, removing the need for
the website/preinstall lifecycle script. Rebuild the small audited list
of trusted packages (esbuild, chromedriver, tree-sitter, tree-sitter-json)
after the web install so ignore-scripts=true remains the only path that
needs maintenance. web/README documents the new workflow.

Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com>

* Clean up install scripts.

* Track .npmrc in CODEOWNERS

* Fix formatter config. Reformat.

* Fix mounted references.

* Flesh out node scripts.

* Bump engines.

* Prep containers.

* Update makefile.

* Flesh out github actions.

* Clean up docs container.

* lint.

Bump.

Lint.

Bump NPM version.

* Add limits.

* collapse the composite's three setup-node calls to one cache restore

* Add SHA.

* Bump NPM range.

* Run formatter.

* Bump NPM.

* Remove extra install.

* Fix website deps.

* Use local prettier. Fix drift in CI.

* ci: build frontend in CI with node_env production

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Install docusaurus config.

* Fix linter warning, order.

* Add linter commands.

* Add timeout.

* Remove pre install check.

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>

2026-05-13 22:05:07 +00:00

1 Commits