ci: setup npm provenance (#365)

fraxken · web-flow · commit 7552b806df98 · 2024-03-19T00:58:42.000+01:00
diff --git a/.github/workflows/npm-provenance.yml b/.github/workflows/npm-provenance.yml
@@ -0,0 +1,23 @@
+# https://docs.npmjs.com/generating-provenance-statements
+
+name: Publish Package to npmjs
+on:
+  release:
+    types: [created]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm install -g npm
+      - run: npm ci
+      - run: npm publish --provenance public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.npmrc b/.npmrc
@@ -1 +1,2 @@
 package-lock=false
+provenance=true
