From e603c0a2acde0324ad8e48931ec9dc11209c1f5e Mon Sep 17 00:00:00 2001 From: Iwo Plaza Date: Wed, 18 Dec 2024 22:01:01 +0100 Subject: [PATCH] Updated provenance permissions in CI --- .github/workflows/publish-to-npm.yml | 5 ++++- scripts/publish-to-npm.mjs | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-to-npm.yml b/.github/workflows/publish-to-npm.yml index 163a8af..3cb62e1 100644 --- a/.github/workflows/publish-to-npm.yml +++ b/.github/workflows/publish-to-npm.yml @@ -8,6 +8,9 @@ on: jobs: publish: runs-on: ubuntu-latest + permissions: + contents: read + id-token: write steps: - uses: actions/checkout@v4 @@ -26,7 +29,7 @@ jobs: - name: Install dependencies run: pnpm install --recursive --frozen-lockfile - - run: pnpm publish-package + - run: pnpm publish-package -- --provenance --access public working-directory: ./packages/typed-binary env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/scripts/publish-to-npm.mjs b/scripts/publish-to-npm.mjs index 2bd406a..3fb63ef 100644 --- a/scripts/publish-to-npm.mjs +++ b/scripts/publish-to-npm.mjs @@ -70,7 +70,6 @@ Release channel: ${colors.Cyan}${channel ?? ''}${colors.Reset} try { await promiseSpawn('pnpm', [ 'publish', - '--provenance', ...(channel ? ['--tag', channel] : []), ...args._, ]);