Merge pull request #8 from 88labs/feat/takumi-guard

feat: integrate Takumi Guard for npm supply chain protection

Author: yutafujita

.github/workflows/asset-size.yml

@@ -6,11 +6,18 @@ jobs:
   compare:
     timeout-minutes: 15
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
+      - uses: flatt-security/setup-takumi-guard-npm@8f53b50568e4466f2d92504f349c05b9ffcb8b59 # v1.0.0
+        with:
+          bot-id: "BT01KJW2C86AE4TDJRN1YH21K840" # 88labs
       - uses: chrysanthos/simple-asset-size-reporter@3c86a594c400b40a4ebe6418da605a5d2755ef52 # 1.0.2
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/tests.yml

@@ -10,6 +10,9 @@ jobs:
   test:
     timeout-minutes: 10
     name: Node v${{ matrix.node-version }} on ${{ matrix.os }}
+    permissions:
+      contents: read
+      id-token: write
     strategy:
       fail-fast: false
       matrix:
@@ -30,7 +33,13 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
           cache: 'npm'
-      - run: npm install
+      - uses: flatt-security/setup-takumi-guard-npm@8f53b50568e4466f2d92504f349c05b9ffcb8b59 # v1.0.0
+        with:
+          bot-id: "BT01KJW2C86AE4TDJRN1YH21K840" # 88labs
+      - name: Install dependencies
+        shell: bash
+        run: npm install || (sleep 30 && npm install) || (sleep 60 && npm install)
+      - run: git checkout -- .npmrc || true
       - run: npm test
         env:
           CI: true
@@ -39,14 +48,22 @@ jobs:
     timeout-minutes: 15
     name: Measure performance impact of changes
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
       - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
         with:
           node-version: 18
           cache: 'npm'
-      - run: npm install
+      - uses: flatt-security/setup-takumi-guard-npm@8f53b50568e4466f2d92504f349c05b9ffcb8b59 # v1.0.0
+        with:
+          bot-id: "BT01KJW2C86AE4TDJRN1YH21K840" # 88labs
+      - name: Install dependencies
+        run: npm install || (sleep 30 && npm install) || (sleep 60 && npm install)
+      - run: git checkout -- .npmrc || true
       - run: npm run benchmark
         env:
           CI: true
@@ -55,14 +72,22 @@ jobs:
     timeout-minutes: 15
     name: Ensure typescript compatibility
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
       - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
         with:
           node-version: 18
           cache: 'npm'
-      - run: npm install
+      - uses: flatt-security/setup-takumi-guard-npm@8f53b50568e4466f2d92504f349c05b9ffcb8b59 # v1.0.0
+        with:
+          bot-id: "BT01KJW2C86AE4TDJRN1YH21K840" # 88labs
+      - name: Install dependencies
+        run: npm install || (sleep 30 && npm install) || (sleep 60 && npm install)
+      - run: git checkout -- .npmrc || true
       - run: npm install typescript
       - run: tsc index.d.ts --ignoreConfig --types node
         env: