Compare commits

...

2 Commits

Author SHA1 Message Date
CrazyMax
ff26911fd3
Merge pull request #1562 from docker/sec-cli/npm-ci-20260612-145940
Some checks failed
ci / multi-output (push) Has been cancelled
ci / load-and-push (push) Has been cancelled
ci / summary-disable (push) Has been cancelled
ci / summary-not-supported (push) Has been cancelled
ci / record-upload-disable (push) Has been cancelled
ci / record-retention-days (0) (push) Has been cancelled
ci / record-retention-days (2) (push) Has been cancelled
ci / checks (edge) (push) Has been cancelled
ci / checks (latest) (push) Has been cancelled
ci / checks (v0.14.1) (push) Has been cancelled
ci / annotations-disabled (push) Has been cancelled
ci / call-check (push) Has been cancelled
ci / no-default-attestations (push) Has been cancelled
codeql / analyze (push) Has been cancelled
e2e / build (AWS ECR Public, aws, public.ecr.aws, public.ecr.aws/q3b5f1u4/test-docker-action, remote) (push) Has been cancelled
e2e / build (AWS ECR, aws, 175142243308.dkr.ecr.us-east-2.amazonaws.com, 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action, remote) (push) Has been cancelled
e2e / build (Artifactory, artifactory, infradock.jfrog.io, infradock.jfrog.io/test-ghaction/build-push-action, remote) (push) Has been cancelled
e2e / build (Azure Container Registry, acr, officialgithubactions.azurecr.io, officialgithubactions.azurecr.io/test-docker-action, remote) (push) Has been cancelled
e2e / build (Docker Hub, dockerhub, , dockereng/build-push-action-test, remote) (push) Has been cancelled
e2e / build (GitHub, ghcr, ghcr.io, ghcr.io/docker/build-push-action-test, remote) (push) Has been cancelled
e2e / build (GitLab, gitlab, registry.gitlab.com, registry.gitlab.com/test1716/test, remote) (push) Has been cancelled
e2e / build (Google Artifact Registry, gar, us-east4-docker.pkg.dev, us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action, remote) (push) Has been cancelled
e2e / build (Quay, quay, quay.io, quay.io/docker_build_team/ghactiontest, remote) (push) Has been cancelled
e2e / build (distribution, Distribution, none, local) (push) Has been cancelled
e2e / build (harbor, Harbor, none, local) (push) Has been cancelled
e2e / build (nexus, Nexus, none, local) (push) Has been cancelled
test / test (push) Has been cancelled
validate / prepare (push) Has been cancelled
zizmor / zizmor (push) Has been cancelled
validate / validate (push) Has been cancelled
fix: replace npm install with npm ci (20260612-145940)
2026-06-12 17:16:13 +02:00
securityeng-bot[bot]
c2245a368f
fix: use lockfile-aware install commands 2026-06-12 14:59:41 +00:00

View File

@ -17,7 +17,7 @@ FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor
yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
FROM scratch AS vendor-update
COPY --from=deps /vendor /