build(pkg): generate provenance statements

- https://docs.npmjs.com/generating-provenance-statements - https://github.blog/changelog/2023-09-26-npm-provenance-general-availability Signed-off-by: Lexus Drumgold <unicornware@flexdevelopment.llc>
flex-development · Feb 20, 2024 · 1c7c3ae · 1c7c3ae
1 parent 80307ec
commit 1c7c3ae
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -12,6 +12,7 @@
 # - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions
 # - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#release
 # - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch
+# - https://docs.npmjs.com/generating-provenance-statements
 # - https://github.com/actions/checkout
 # - https://github.com/actions/setup-node
 # - https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#yarn2-configuration
@@ -67,10 +68,12 @@ jobs:
         env:
           ARTIFACT: ${{ steps.artifact.outputs.result }}
           FLAGS: ${{ steps.dist-tag.outputs.flag }}
-        run: echo "result=npm publish $ARTIFACT $FLAGS" >>$GITHUB_OUTPUT
+        run: echo "result=npm publish --provenance $FLAGS $ARTIFACT" >>$GITHUB_OUTPUT
   gpr:
     needs: preflight
     permissions:
+      contents: read
+      id-token: write
       packages: write
     runs-on: ubuntu-latest
     environment:
@@ -108,6 +111,8 @@ jobs:
       - gpr
       - preflight
     permissions:
+      contents: read
+      id-token: write
       packages: write
     runs-on: ubuntu-latest
     environment:

diff --git a/package.json b/package.json
@@ -31,7 +31,8 @@
   },
   "publishConfig": {
     "access": "public",
-    "directory": "./"
+    "directory": "./",
+    "provenance": true
   },
   "type": "module",
   "files": [