From 66e8d713db6ef8bbebb2b1304270a155cd41c9eb Mon Sep 17 00:00:00 2001 From: Natalie Weizenbaum Date: Thu, 20 Nov 2025 14:18:29 -0800 Subject: [PATCH 1/2] Pass --provenance to npm publish --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8fb2d1cc..f132175a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,6 +28,6 @@ jobs: - name: Publish optional dependencies run: | - find ./npm -mindepth 1 -maxdepth 1 -print0 | xargs -0 -n 1 -- sh -xc 'npx ts-node ./tool/prepare-optional-release.ts --package=$(basename $1) && npm publish $1' -- + find ./npm -mindepth 1 -maxdepth 1 -print0 | xargs -0 -n 1 -- sh -xc 'npx ts-node ./tool/prepare-optional-release.ts --package=$(basename $1) && npm publish --provenance $1' -- - - run: npm publish + - run: npm publish --provenance From d2b8b993e685c916d62e9e3a43428bc4af4a0e9e Mon Sep 17 00:00:00 2001 From: Natalie Weizenbaum Date: Fri, 21 Nov 2025 15:05:28 -0800 Subject: [PATCH 2/2] Remove needs and runs-on from the release trigger workflow --- .github/workflows/ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9db4deef..b823239c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -124,10 +124,8 @@ jobs: working-directory: sass-spec deploy_npm: - name: Deploy npm - runs-on: ubuntu-latest - if: "github.ref_type == 'tag' && github.event.repository.fork == false" needs: [static_analysis, tests, sass_spec] + if: "github.ref_type == 'tag' && github.event.repository.fork == false" permissions: attestations: write contents: write