Skip to content

Commit a620da3

Browse files
AaronDeweswolfy1339
authored andcommitted
feat(security): Add provenance (#244)
* Enable provenance in package.json * Add necessary permissions to the release workflow
1 parent af8e1fc commit a620da3

File tree

2 files changed

+9
-1
lines changed

2 files changed

+9
-1
lines changed

.github/workflows/release.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,13 @@ name: Release
66
- next
77
- beta
88
- "*.x"
9+
# These are recommended by the semantic-release docs: https://github.com/semantic-release/npm#npm-provenance
10+
permissions:
11+
contents: write # to be able to publish a GitHub release
12+
issues: write # to be able to comment on released issues
13+
pull-requests: write # to be able to comment on released pull requests
14+
id-token: write # to enable use of OIDC for npm provenance
15+
916
jobs:
1017
release:
1118
name: release

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,8 @@
9292
]
9393
},
9494
"publishConfig": {
95-
"access": "public"
95+
"access": "public",
96+
"provenance": true
9697
},
9798
"engines": {
9899
"node": ">= 18"

0 commit comments

Comments
 (0)