From 2b01c264b2951f89650c3bdbcf5a055c0689fbda Mon Sep 17 00:00:00 2001 From: Daniel Perez Alvarez Date: Wed, 7 Aug 2024 23:16:53 -0400 Subject: [PATCH] ci: npm generate provenance --- .github/workflows/publish.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 24e271aa..8aeae97a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,6 +5,9 @@ on: tags: - v*.*.* +permissions: + id-token: write + jobs: publish: runs-on: ubuntu-latest @@ -31,7 +34,7 @@ jobs: run: npx extract-changelog-release > RELEASE_BODY.md - name: Publish to NPM - run: yarn npm publish + run: npm publish --provenance env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} YARN_NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}