From 504fe065d772dc587d74e1375c44bbfc00f5fe76 Mon Sep 17 00:00:00 2001 From: Test User Date: Tue, 7 Apr 2026 15:13:02 -0400 Subject: [PATCH 1/2] chore(ci): bump socket-registry action refs + remove close/reopen workaround --- .github/workflows/ci.yml | 4 ++-- .github/workflows/provenance.yml | 2 +- .github/workflows/weekly-update.yml | 23 ++++------------------- 3 files changed, 7 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 32fd09d..8932306 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ permissions: jobs: ci: name: Run CI Pipeline - uses: SocketDev/socket-registry/.github/workflows/ci.yml@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main + uses: SocketDev/socket-registry/.github/workflows/ci.yml@d425cd0501e354096f35043e1badecc370a2fecf # main with: test-setup-script: 'pnpm run build' lint-script: 'pnpm run lint --all' @@ -46,7 +46,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@d425cd0501e354096f35043e1badecc370a2fecf # main with: node-version: '24' diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 0bfb231..29024fd 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -21,7 +21,7 @@ permissions: jobs: publish: - uses: SocketDev/socket-registry/.github/workflows/provenance.yml@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main + uses: SocketDev/socket-registry/.github/workflows/provenance.yml@d425cd0501e354096f35043e1badecc370a2fecf # main with: debug: ${{ inputs.debug }} package-name: '@socketsecurity/lib' diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml index 1e567ba..dc29502 100644 --- a/.github/workflows/weekly-update.yml +++ b/.github/workflows/weekly-update.yml @@ -24,7 +24,7 @@ jobs: outputs: has-updates: ${{ steps.check.outputs.has-updates }} steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@d425cd0501e354096f35043e1badecc370a2fecf # main - name: Check for npm updates id: check @@ -48,7 +48,7 @@ jobs: contents: write pull-requests: write steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@d425cd0501e354096f35043e1badecc370a2fecf # main - name: Create update branch id: branch @@ -60,7 +60,7 @@ jobs: git checkout -b "$BRANCH_NAME" echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT - - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main + - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@d425cd0501e354096f35043e1badecc370a2fecf # main with: gpg-private-key: ${{ secrets.BOT_GPG_PRIVATE_KEY }} @@ -273,21 +273,6 @@ jobs: --head "$BRANCH_NAME" \ --base main - # Pushes made with GITHUB_TOKEN don't trigger other workflows. - # Close/reopen the PR to generate a pull_request.reopened event, - # which triggers required CI and enterprise audit workflows. - - name: Trigger CI checks - if: steps.final.outputs.success == 'true' && steps.validate.outputs.valid == 'true' && steps.changes.outputs.has-changes == 'true' - env: - GH_TOKEN: ${{ github.token }} - BRANCH_NAME: ${{ steps.branch.outputs.branch }} - run: | - pr_number=$(gh pr list --head "$BRANCH_NAME" --json number --jq '.[0].number') - if [ -n "$pr_number" ]; then - gh pr close "$pr_number" - gh pr reopen "$pr_number" - fi - - name: Add job summary if: steps.final.outputs.success == 'true' && steps.validate.outputs.valid == 'true' && steps.changes.outputs.has-changes == 'true' env: @@ -310,7 +295,7 @@ jobs: test-output.log retention-days: 7 - - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main + - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@d425cd0501e354096f35043e1badecc370a2fecf # main if: always() notify: From 9c4bd9415effa222e3216f2669354cb3bb415639 Mon Sep 17 00:00:00 2001 From: Test User Date: Tue, 7 Apr 2026 21:50:46 -0400 Subject: [PATCH 2/2] Fix flaky getSocketCliApiProxy test on CI runners The test expected undefined when SOCKET_CLI_API_PROXY is unset, but getSocketCliApiProxy falls back to standard proxy env vars (HTTPS_PROXY, HTTP_PROXY, etc.) which CI runners set. Clear all fallback vars in the test to ensure isolation. --- test/unit/env/socket-cli.test.mts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/test/unit/env/socket-cli.test.mts b/test/unit/env/socket-cli.test.mts index 03f153f..fa293b8 100644 --- a/test/unit/env/socket-cli.test.mts +++ b/test/unit/env/socket-cli.test.mts @@ -65,7 +65,14 @@ describe('socket-cli env', () => { }) it('should return undefined when not set', () => { + // Clear all proxy env vars that getSocketCliApiProxy falls back to, + // including standard proxy vars that CI runners may have set. setEnv('SOCKET_CLI_API_PROXY', undefined) + setEnv('SOCKET_SECURITY_API_PROXY', undefined) + setEnv('HTTPS_PROXY', undefined) + setEnv('https_proxy', undefined) + setEnv('HTTP_PROXY', undefined) + setEnv('http_proxy', undefined) expect(getSocketCliApiProxy()).toBeUndefined() }) })