From 3cd0a75ac2a60ef218648be3c7879a779629dc7e Mon Sep 17 00:00:00 2001 From: Pavel Djundik Date: Sun, 23 Apr 2023 11:44:18 +0300 Subject: [PATCH] Publish to npm with provenance Ref: https://github.blog/changelog/2023-04-19-npm-provenance-public-beta/ --- .github/workflows/build.yml | 3 +++ .github/workflows/release.yml | 11 +++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a66edfd6..e5661bf1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,5 +1,8 @@ name: Build +permissions: + contents: read + on: [push, pull_request] jobs: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9d5e7283..a7ad45f9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,9 @@ name: Release +permissions: + contents: read + id-token: write + on: push: tags: v* @@ -29,15 +33,18 @@ jobs: - name: Test run: yarn test + - name: Update npm + run: npm install -g npm + - name: Publish latest if: "!contains(github.ref, '-')" - run: npm publish --tag latest + run: npm publish --tag latest --provenance env: NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }} - name: Publish next if: contains(github.ref, '-') - run: npm publish --tag next + run: npm publish --tag next --provenance env: NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}