From 694151638d72efc8a5555bb47a78269d9b587620 Mon Sep 17 00:00:00 2001 From: Axel Bocciarelli Date: Mon, 30 Oct 2023 11:28:09 +0100 Subject: [PATCH] Publish packages to NPM with provenance --- .github/workflows/publish-packages.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index 31d5688ca..0cb050b5e 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -8,6 +8,9 @@ on: jobs: publish: runs-on: ubuntu-latest + permissions: + id-token: write # https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions + steps: - name: Checkout 🏷️ uses: actions/checkout@v3 @@ -64,19 +67,19 @@ jobs: package: 'packages/h5wasm' - name: Publish @h5web/lib 🥳 - run: cd packages/lib && pnpm publish --access public --no-git-checks --tag $NPM_TAG + run: cd packages/lib && pnpm publish --access public --provenance --no-git-checks --tag $NPM_TAG env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TAG: "${{ contains(steps.packageVersion.outputs.PACKAGE_VERSION, 'beta') && 'next' || 'latest' }}" - name: Publish @h5web/app 🥳 - run: cd packages/app && pnpm publish --access public --no-git-checks --tag $NPM_TAG + run: cd packages/app && pnpm publish --access public --provenance --no-git-checks --tag $NPM_TAG env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TAG: "${{ contains(steps.packageVersion.outputs.PACKAGE_VERSION, 'beta') && 'next' || 'latest' }}" - name: Publish @h5web/h5wasm 🥳 - run: cd packages/h5wasm && pnpm publish --access public --no-git-checks --tag $NPM_TAG + run: cd packages/h5wasm && pnpm publish --access public --provenance --no-git-checks --tag $NPM_TAG env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TAG: "${{ contains(steps.packageVersion.outputs.PACKAGE_VERSION, 'beta') && 'next' || 'latest' }}"