Skip to content

Commit a2730fc

Browse files
PowerKiKiPowerKiKi
committed
Generate npm package provenance
Following https://docs.npmjs.com/generating-provenance-statements
1 parent 1c5b9d1 commit a2730fc

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

.github/workflows/main.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,9 @@ jobs:
6868

6969
release:
7070
runs-on: ubuntu-latest
71+
permissions:
72+
contents: read
73+
id-token: write
7174
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
7275
needs:
7376
- build
@@ -86,15 +89,15 @@ jobs:
8689
- uses: actions/setup-node@v3
8790
with:
8891
registry-url: 'https://registry.npmjs.org'
89-
- run: npm publish --access public dist/fab-speed-dial/
92+
- run: npm publish --provenance --access public dist/fab-speed-dial/
9093
env:
9194
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
9295

9396
# Publish to GitHub Packages
9497
- uses: actions/setup-node@v3
9598
with:
9699
registry-url: 'https://npm.pkg.github.com'
97-
- run: npm publish --access public dist/fab-speed-dial/
100+
- run: npm publish --provenance --access public dist/fab-speed-dial/
98101
env:
99102
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
100103

0 commit comments

Comments
 (0)