Merge pull request #364 from ducktors/dependabot/docker/node-20.13.1-… #339

	name: Release

	on:
	push:
	branches:
	- main

	concurrency: ${{ github.workflow }}-${{ github.ref }}

	env:
	NPM_CONFIG_PROVENANCE: true

	permissions:
	contents: read

	jobs:
	release:
	runs-on: ubuntu-latest
	name: Release
	permissions:
	contents: write
	issues: write
	pull-requests: write
	id-token: write
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
	with:
	egress-policy: audit

	- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
	name: Checkout
	with:
	persist-credentials: false
	- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
	name: Install Node
	with:
	node-version: 20
	- uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
	name: Install pnpm
	with:
	version: 8
	- name: Install dependencies
	run: pnpm install
	- name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
	run: npm audit signatures
	- name: Release
	env:
	GH_TOKEN: ${{ secrets.DUCKTORS_PAT }}
	NPM_TOKEN: ${{ secrets.DUCKTORS_NPM_TOKEN }}
	run: pnpm dlx semantic-release

Provide feedback