chore(ci): bump socket-registry action refs (#157)

jdalton · web-flow · commit e88606680745 · 2026-04-07T21:54:40.000-04:00
* chore(ci): bump socket-registry action refs + remove close/reopen workaround

* Fix flaky getSocketCliApiProxy test on CI runners

The test expected undefined when SOCKET_CLI_API_PROXY is unset, but
getSocketCliApiProxy falls back to standard proxy env vars (HTTPS_PROXY,
HTTP_PROXY, etc.) which CI runners set. Clear all fallback vars in the
test to ensure isolation.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -27,7 +27,7 @@ permissions:
 jobs:
   ci:
     name: Run CI Pipeline
-    uses: SocketDev/socket-registry/.github/workflows/ci.yml@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main
+    uses: SocketDev/socket-registry/.github/workflows/ci.yml@d425cd0501e354096f35043e1badecc370a2fecf # main
     with:
       test-setup-script: 'pnpm run build'
       lint-script: 'pnpm run lint --all'
@@ -46,7 +46,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
-      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main
+      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@d425cd0501e354096f35043e1badecc370a2fecf # main
         with:
           node-version: '24'
 
diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml
@@ -21,7 +21,7 @@ permissions:
 
 jobs:
   publish:
-    uses: SocketDev/socket-registry/.github/workflows/provenance.yml@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main
+    uses: SocketDev/socket-registry/.github/workflows/provenance.yml@d425cd0501e354096f35043e1badecc370a2fecf # main
     with:
       debug: ${{ inputs.debug }}
       package-name: '@socketsecurity/lib'
diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml
@@ -24,7 +24,7 @@ jobs:
     outputs:
       has-updates: ${{ steps.check.outputs.has-updates }}
     steps:
-      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main
+      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@d425cd0501e354096f35043e1badecc370a2fecf # main
 
       - name: Check for npm updates
         id: check
@@ -48,7 +48,7 @@ jobs:
       contents: write
       pull-requests: write
     steps:
-      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main
+      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@d425cd0501e354096f35043e1badecc370a2fecf # main
 
       - name: Create update branch
         id: branch
@@ -60,7 +60,7 @@ jobs:
           git checkout -b "$BRANCH_NAME"
           echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT
 
-      - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main
+      - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@d425cd0501e354096f35043e1badecc370a2fecf # main
         with:
           gpg-private-key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
 
@@ -273,21 +273,6 @@ jobs:
             --head "$BRANCH_NAME" \
             --base main
 
-      # Pushes made with GITHUB_TOKEN don't trigger other workflows.
-      # Close/reopen the PR to generate a pull_request.reopened event,
-      # which triggers required CI and enterprise audit workflows.
-      - name: Trigger CI checks
-        if: steps.final.outputs.success == 'true' && steps.validate.outputs.valid == 'true' && steps.changes.outputs.has-changes == 'true'
-        env:
-          GH_TOKEN: ${{ github.token }}
-          BRANCH_NAME: ${{ steps.branch.outputs.branch }}
-        run: |
-          pr_number=$(gh pr list --head "$BRANCH_NAME" --json number --jq '.[0].number')
-          if [ -n "$pr_number" ]; then
-            gh pr close "$pr_number"
-            gh pr reopen "$pr_number"
-          fi
-
       - name: Add job summary
         if: steps.final.outputs.success == 'true' && steps.validate.outputs.valid == 'true' && steps.changes.outputs.has-changes == 'true'
         env:
@@ -310,7 +295,7 @@ jobs:
             test-output.log
           retention-days: 7
 
-      - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@6147a08ccc20fcb1f690dcc4650ec745776b3345 # main
+      - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@d425cd0501e354096f35043e1badecc370a2fecf # main
         if: always()
 
   notify:
diff --git a/test/unit/env/socket-cli.test.mts b/test/unit/env/socket-cli.test.mts
@@ -65,7 +65,14 @@ describe('socket-cli env', () => {
     })
 
     it('should return undefined when not set', () => {
+      // Clear all proxy env vars that getSocketCliApiProxy falls back to,
+      // including standard proxy vars that CI runners may have set.
       setEnv('SOCKET_CLI_API_PROXY', undefined)
+      setEnv('SOCKET_SECURITY_API_PROXY', undefined)
+      setEnv('HTTPS_PROXY', undefined)
+      setEnv('https_proxy', undefined)
+      setEnv('HTTP_PROXY', undefined)
+      setEnv('http_proxy', undefined)
       expect(getSocketCliApiProxy()).toBeUndefined()
     })
   })
