From 01719e3a23d62a2e75a82537f9b9a32798c4042c Mon Sep 17 00:00:00 2001
From: Shelley Nason <shelley.nason@gsa.gov>
Date: Fri, 8 Nov 2024 11:37:31 -0600
Subject: [PATCH 1/2] Add 'npm audit signatures' to CI workflow.

---
 .github/workflows/ci.yml | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4bb129a..3ce9d69 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,8 +17,24 @@ jobs:
         run: npm ci
       - name: Lint javascript
         run: npm run lint
+  audit_dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Code checkout
+        uses: actions/checkout@v4
+      - name: Install node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+          cache: 'npm'
+      - name: Install node dependencies
+        run: npm ci
+      - name: Validate npm package signatures
+        run: npm audit signatures
   test:
-    needs: lint
+    needs:
+      - lint
+      - audit_dependencies
     runs-on: ubuntu-latest
     # Start Postgres as a service, wait until healthy. Uses latest Postgres version.
     services:

From dc7e3ec583d42a7bef2cd0f1b4f6c50323423410 Mon Sep 17 00:00:00 2001
From: Shelley Nason <shelley.nason@gsa.gov>
Date: Fri, 15 Nov 2024 14:34:26 -0600
Subject: [PATCH 2/2] PR fixes.

---
 .github/workflows/ci.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3ce9d69..9c91558 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -25,7 +25,7 @@ jobs:
       - name: Install node
         uses: actions/setup-node@v4
         with:
-          node-version: "lts/*"
+          node-version-file: ".nvmrc"
           cache: 'npm'
       - name: Install node dependencies
         run: npm ci
@@ -66,6 +66,7 @@ jobs:
   deploy_dev:
     needs:
       - lint
+      - audit_dependencies
       - test
     if: github.ref == 'refs/heads/develop'
     uses: 18F/analytics-reporter-api/.github/workflows/deploy.yml@develop
@@ -83,6 +84,7 @@ jobs:
   deploy_stg:
     needs:
       - lint
+      - audit_dependencies
       - test
     if: github.ref == 'refs/heads/staging'
     uses: 18F/analytics-reporter-api/.github/workflows/deploy.yml@develop
@@ -100,6 +102,7 @@ jobs:
   deploy_prd:
     needs:
       - lint
+      - audit_dependencies
       - test
     if: github.ref == 'refs/heads/master'
     uses: 18F/analytics-reporter-api/.github/workflows/deploy.yml@develop