From 7acf9e52d3cad025195d6bc2d702aa53870164f0 Mon Sep 17 00:00:00 2001 From: Maximilian Franzke Date: Mon, 16 Sep 2024 08:24:28 +0200 Subject: [PATCH 1/2] feat: generating provenance statements --- .github/scripts/publish-npm.sh | 2 +- .github/workflows/03-publish-packages.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/scripts/publish-npm.sh b/.github/scripts/publish-npm.sh index b08b2a4a3..efe0c9e2d 100644 --- a/.github/scripts/publish-npm.sh +++ b/.github/scripts/publish-npm.sh @@ -41,5 +41,5 @@ do echo "Could not authenticate with $REGISTRY" exit 1 fi - npm publish --tag "$TAG" db-ui-base-"$VALID_SEMVER_VERSION".tgz + npm publish --tag "$TAG" db-ui-base-"$VALID_SEMVER_VERSION".tgz --provenance done diff --git a/.github/workflows/03-publish-packages.yml b/.github/workflows/03-publish-packages.yml index 12348b2a6..4152d0d12 100644 --- a/.github/workflows/03-publish-packages.yml +++ b/.github/workflows/03-publish-packages.yml @@ -20,6 +20,8 @@ jobs: publish: name: Publish latest package versions to GitHub Packages runs-on: ubuntu-latest + permissions: + id-token: write steps: - name: ⬇ Checkout repo uses: actions/checkout@v4 From 18a0792356317b5499d2e130cf57e2a6e6d820bc Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:32:06 +0200 Subject: [PATCH 2/2] Update publish-npm.sh --- .github/scripts/publish-npm.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/scripts/publish-npm.sh b/.github/scripts/publish-npm.sh index efe0c9e2d..3296c1f2c 100644 --- a/.github/scripts/publish-npm.sh +++ b/.github/scripts/publish-npm.sh @@ -41,5 +41,6 @@ do echo "Could not authenticate with $REGISTRY" exit 1 fi + # https://docs.npmjs.com/generating-provenance-statements#example-github-actions-workflow npm publish --tag "$TAG" db-ui-base-"$VALID_SEMVER_VERSION".tgz --provenance done