chore: setup npm provenance attestation

2025-03-10 07:52:07 +00:00 · 2023-10-22 12:11:28 +01:00 · 2023-10-22 12:11:28 +01:00 · dc50d4e2ac
commit dc50d4e2ac
parent 0f555075ae
1 changed files with 8 additions and 3 deletions
--- a/.github/workflows/experimental.yml
+++ b/.github/workflows/experimental.yml
@ -1,4 +1,7 @@
 name: Publish Experimental Package to npmjs
+
+env:
+  NPM_CONFIG_PROVENANCE: true
 on:
    workflow_dispatch:
        # release:
@ -6,11 +9,13 @@ on:
 jobs:
    build:
        runs-on: ubuntu-latest
+        permissions:
+          id-token: write
        steps:
            - uses: actions/checkout@v4
            - uses: actions/setup-node@v3
              with:
-                  node-version: '16.x'
+                  node-version: '18.x'
                  registry-url: 'https://registry.npmjs.org'

            - uses: actions/cache@v3
@ -23,12 +28,12 @@ jobs:
            - run: yarn
            - run: npm run set-experimental-versions
            - name: Publish dockview-core
-              run: npm publish --tag experimental
+              run: npm publish --provenance --tag experimental
              working-directory: packages/dockview-core
              env:
                  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
            - name: Publish dockview
-              run: npm publish --tag experimental
+              run: npm publish --provenance --tag experimental
              working-directory: packages/dockview
              env:
                  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}