From aead2172c269846e994cc9e5be3a40b0439793d5 Mon Sep 17 00:00:00 2001 From: Willem Liu Date: Fri, 21 Apr 2023 07:18:11 +0200 Subject: [PATCH] NPM Provenance --- .github/workflows/publish.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 69ca032..e8046b3 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -7,6 +7,8 @@ env: CI: true jobs: build: + permissions: + id-token: write runs-on: ubuntu-latest strategy: matrix: @@ -54,13 +56,13 @@ jobs: run: npm run release:fdmg - name: Publish NPMJS @fdmg if: contains(github.ref, 'canary') == false - run: npm publish + run: npm publish --provenance env: NODE_AUTH_TOKEN: ${{secrets.NODE_AUTH_TOKEN}} continue-on-error: true - name: Publish NPMJS @fdmg (canary) if: contains(github.ref, 'canary') - run: npm publish --tag next + run: npm publish --provenance --tag next env: NODE_AUTH_TOKEN: ${{secrets.NODE_AUTH_TOKEN}} continue-on-error: true @@ -68,13 +70,13 @@ jobs: run: npm run release:fdmediagroep - name: Publish NPMJS @fdmediagroep if: contains(github.ref, 'canary') == false - run: npm publish + run: npm publish --provenance env: NODE_AUTH_TOKEN: ${{secrets.NODE_AUTH_TOKEN}} continue-on-error: true - name: Publish NPMJS @fdmediagroep (canary) if: contains(github.ref, 'canary') - run: npm publish --tag next + run: npm publish --provenance --tag next env: NODE_AUTH_TOKEN: ${{secrets.NODE_AUTH_TOKEN}} continue-on-error: true @@ -88,13 +90,13 @@ jobs: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Publish GPR if: contains(github.ref, 'canary') == false - run: npm publish + run: npm publish --provenance env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} continue-on-error: true - name: Publish GPR (canary) if: contains(github.ref, 'canary') - run: npm publish --tag next + run: npm publish --provenance --tag next env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} continue-on-error: true