From c11104134847e442024635985f2386e2a26c3bc3 Mon Sep 17 00:00:00 2001 From: chimurai <655241+chimurai@users.noreply.github.com> Date: Sun, 14 Apr 2024 19:25:20 +0000 Subject: [PATCH] ci: add npm provenance --- .github/workflows/publish.yml | 28 ++++++++++++++++++++++++++++ .npmrc | 1 + package.json | 5 ++++- 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..be9ad2d --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,28 @@ +name: Publish Package to npmjs +on: + release: + types: [published] +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: '20.x' + registry-url: 'https://registry.npmjs.org' + - name: Install Dependencies + run: yarn install + - name: Publish to NPM (beta) + if: "github.event.release.prerelease" + run: npm publish --provenance --access public --tag beta --dry + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - name: Publish to NPM (release) + if: "!github.event.release.prerelease" + run: npm publish --provenance --access public --dry + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.npmrc b/.npmrc index 8878d26..af74773 100644 --- a/.npmrc +++ b/.npmrc @@ -1 +1,2 @@ +provenance=true save-exact=false diff --git a/package.json b/package.json index 977b1d1..1fde6c0 100644 --- a/package.json +++ b/package.json @@ -1,12 +1,15 @@ { "name": "requirements", - "version": "1.4.1", + "version": "2.0.0-beta.0", "license": "MIT", "author": "chimurai", "homepage": "https://github.com/chimurai/requirements", "bugs": { "url": "https://github.com/chimurai/requirements/issues" }, + "publishConfig": { + "provenance": true + }, "repository": { "type": "git", "url": "git+https://github.com/chimurai/requirements.git"