Skip to content

Commit

Permalink
feat(security): Add provenance (#2653)
Browse files Browse the repository at this point in the history
* Enable provenance in package.json

* Add necessary permissions to the release workflow
  • Loading branch information
AaronDewes authored Apr 3, 2024
1 parent 353e0d5 commit a90799a
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
7 changes: 7 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ name: Release
- beta
- "*.x"
- debug
# These are recommended by the semantic-release docs: https://github.com/semantic-release/npm#npm-provenance
permissions:
contents: write # to be able to publish a GitHub release
issues: write # to be able to comment on released issues
pull-requests: write # to be able to comment on released pull requests
id-token: write # to enable use of OIDC for npm provenance

jobs:
release:
name: release
Expand Down
3 changes: 3 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -108,5 +108,8 @@
},
"engines": {
"node": ">= 18"
},
"publishConfig": {
"provenance": true
}
}

0 comments on commit a90799a

Please sign in to comment.