feat: adding yarn poisoning as a dep

anoma · Jan 11, 2025 · 5f221e8 · 5f221e8
1 parent 539431e
commit 5f221e8
Showing 1 changed file with 29 additions and 23 deletions.
diff --git a/.github/workflows/verify-pull-request.yml b/.github/workflows/verify-pull-request.yml
@@ -7,9 +7,34 @@ env:
   YARN_ENABLE_HARDENED_MODE: 0
 
 jobs:
+  # Running yarn install in hardened mode here makes it safe to run the other
+  # jobs without hardened mode, which is good because hardened mode is slow.
+  # https://yarnpkg.com/features/security#hardened-mode
+  check-yarn-lock-poisoning:
+    name: Check for yarn.lock poisoning
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Check if yarn.lock changed
+        uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            lockfile:
+              - "yarn.lock"
+
+      - name: Check yarn.lock for lockfile poisoning
+        if: steps.filter.outputs.lockfile == 'true'
+        uses: ./.github/actions/yarn-cache
+        env:
+          YARN_ENABLE_HARDENED_MODE: 1
+
   lint:
     name: Lint
     runs-on: ubuntu-latest
+    needs: [check-yarn-lock-poisoning]
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -22,6 +47,7 @@ jobs:
 
   unit-tests-js:
     name: JS unit tests
+    needs: [check-yarn-lock-poisoning]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -47,6 +73,7 @@ jobs:
 
   unit-tests-wasm:
     name: WASM unit tests
+    needs: [check-yarn-lock-poisoning]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -72,6 +99,7 @@ jobs:
 
   build-interface:
     name: Build Namadillo
+    needs: [check-yarn-lock-poisoning]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -90,6 +118,7 @@ jobs:
 
   build-extension:
     name: Build Extension
+    needs: [check-yarn-lock-poisoning]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -114,29 +143,6 @@ jobs:
         working-directory: ./apps/extension
         run: yarn build:chrome
 
-  # Running yarn install in hardened mode here makes it safe to run the other
-  # jobs without hardened mode, which is good because hardened mode is slow.
-  # https://yarnpkg.com/features/security#hardened-mode
-  check-yarn-lock-poisoning:
-    name: Check for yarn.lock poisoning
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Check if yarn.lock changed
-        uses: dorny/paths-filter@v3
-        id: filter
-        with:
-          filters: |
-            lockfile:
-              - "yarn.lock"
-
-      - name: Check yarn.lock for lockfile poisoning
-        if: steps.filter.outputs.lockfile == 'true'
-        uses: ./.github/actions/yarn-cache
-        env:
-          YARN_ENABLE_HARDENED_MODE: 1
   E2E-tests:
     if: false
     name: E2E tests