From 548c034f2f15a5b88bed46d0f427f8c692f7ce00 Mon Sep 17 00:00:00 2001
From: ST-DDT <ST-DDT@gmx.de>
Date: Tue, 17 Sep 2024 13:26:11 +0200
Subject: infra: publish releases with provenance (#3119)

---
 .github/workflows/publish-release.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to '.github')

diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index 1b6a8050..f581d0b6 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -4,7 +4,9 @@ on:
   release:
     types: [published]
 
-permissions: {} # we use a personal access token to push the release branch
+permissions:
+  # we use a personal access token to push the release branch
+  id-token: write # required for provenance/signed releases on npm
 
 jobs:
   publish:
@@ -56,6 +58,7 @@ jobs:
           pnpm publish --tag next --no-git-checks
         env:
           CYPRESS_INSTALL_BINARY: 0
+          NPM_CONFIG_PROVENANCE: true
 
       - name: Set latest/next dist-tag
         run: |
-- 
cgit v1.2.3