Publish to npm with provenance

2024-05-03 15:03:41 +02:00 · 2023-04-25 22:36:42 +02:00 · 2023-04-25 22:36:42 +02:00 · 9ee1cf13a8
parent ba1a4206a6 3cd0a75ac2
commit 9ee1cf13a8
2 changed files with 12 additions and 2 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,5 +1,8 @@
 name: Build

+permissions:
+  contents: read
+
 on: [push, pull_request]

 jobs:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -1,5 +1,9 @@
 name: Release

+permissions:
+  contents: read
+  id-token: write
+
 on:
  push:
    tags: v*
@ -29,15 +33,18 @@ jobs:
      - name: Test
        run: yarn test

+      - name: Update npm
+        run: npm install -g npm
+
      - name: Publish latest
        if: "!contains(github.ref, '-')"
-        run: npm publish --tag latest
+        run: npm publish --tag latest --provenance
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}

      - name: Publish next
        if: contains(github.ref, '-')
-        run: npm publish --tag next
+        run: npm publish --tag next --provenance
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}