From f424cefc67c6f3430e81f285d7578e96486e39fa Mon Sep 17 00:00:00 2001 From: Steven Chim <655241+chimurai@users.noreply.github.com> Date: Sat, 20 Apr 2024 20:05:20 +0200 Subject: [PATCH] ci(package): npm package provenance (#991) --- .github/workflows/publish.yml | 33 +++++++++++++++++++++++++++++++++ .npmrc | 1 + CHANGELOG.md | 1 + package.json | 5 ++++- 4 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..5103d340 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,33 @@ +name: publish to npmjs +on: + release: + types: [prereleased, released] +jobs: + build-and-publish: + # prevents this action from running on forks + if: github.repository == 'chimurai/http-proxy-middleware' + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: '20.x' + registry-url: 'https://registry.npmjs.org' + + - name: Install Dependencies + run: yarn install + + - name: Publish to NPM (beta) + if: 'github.event.release.prerelease' + run: npm publish --provenance --access public --tag beta + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Publish to NPM (stable) + if: '!github.event.release.prerelease' + run: npm publish --provenance --access public + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.npmrc b/.npmrc index 43c97e71..33cc073d 100644 --- a/.npmrc +++ b/.npmrc @@ -1 +1,2 @@ package-lock=false +provenance=true diff --git a/CHANGELOG.md b/CHANGELOG.md index dcc44e7a..4ac70212 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - fix(type): fix RequestHandler return type - refactor(errors): improve pathFilter error message - fix(logger-plugin): fix missing target port +- ci(package): npm package provenance ## [v3.0.0](https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.0) diff --git a/package.json b/package.json index 6956965e..0cbbc101 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "http-proxy-middleware", - "version": "3.0.0", + "version": "3.0.1-beta.0", "description": "The one-liner node.js proxy middleware for connect, express, next.js and more", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -22,6 +22,9 @@ "prepack": "yarn clean && yarn test && yarn build", "spellcheck": "npx --yes cspell --show-context --show-suggestions '**/*.*'" }, + "publishConfig": { + "provenance": true + }, "repository": { "type": "git", "url": "https://github.com/chimurai/http-proxy-middleware.git"