From 1d5a2a7a2df8a0eb0bd6aed28d5d9cd2a60ebada Mon Sep 17 00:00:00 2001 From: Morgan Dean Date: Mon, 30 Jun 2025 10:49:04 -0700 Subject: [PATCH] Enable provenance --- .github/workflows/npm-publish-computer.yml | 9 ++++++--- .github/workflows/npm-publish-core.yml | 9 ++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/workflows/npm-publish-computer.yml b/.github/workflows/npm-publish-computer.yml index 2f67439b..328378d7 100644 --- a/.github/workflows/npm-publish-computer.yml +++ b/.github/workflows/npm-publish-computer.yml @@ -7,14 +7,17 @@ on: jobs: publish: + permissions: + id-token: write + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Use Node.js LTS + - name: Use Node.js 24.x uses: actions/setup-node@v4 with: - node-version: lts/* + node-version: "24.x" registry-url: "https://registry.npmjs.org" - name: Install dependencies @@ -27,6 +30,6 @@ jobs: - name: Publish to npm working-directory: ./libs/typescript/computer - run: npm publish --access public + run: npm publish --provenance --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/npm-publish-core.yml b/.github/workflows/npm-publish-core.yml index e7bd996b..dc06628d 100644 --- a/.github/workflows/npm-publish-core.yml +++ b/.github/workflows/npm-publish-core.yml @@ -7,14 +7,17 @@ on: jobs: publish: + permissions: + id-token: write + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Use Node.js LTS + - name: Use Node.js 24.x uses: actions/setup-node@v4 with: - node-version: lts/* + node-version: "24.x" registry-url: "https://registry.npmjs.org" - name: Install dependencies @@ -27,6 +30,6 @@ jobs: - name: Publish to npm working-directory: ./libs/typescript/core - run: npm publish --access public + run: npm publish --provenance --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}