From 3ada638774655810d44a96eb686c3f25ca70e7bb Mon Sep 17 00:00:00 2001
From: Myrotvorets <support@myrotvorets.center>
Date: Wed, 27 Mar 2024 00:34:41 +0200
Subject: [PATCH] Update audit workflow

---
 .github/workflows/package-audit.yml | 30 +++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/.github/workflows/package-audit.yml b/.github/workflows/package-audit.yml
index d69d0438..14dba7f6 100644
--- a/.github/workflows/package-audit.yml
+++ b/.github/workflows/package-audit.yml
@@ -28,3 +28,33 @@ jobs:
 
       - name: Run audit
         run: npm audit --omit=dev
+
+  provenance:
+    name: Verify signatures and provenance statements
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup Node.js environment
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          node-version: lts/*
+          registry-url: https://npm.pkg.github.com
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Update npm
+        run: npm i -g npm
+
+      - name: Run audit
+        run: npm audit signatures
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}