Add missing id-token: write permission in release pipeline (#5645)

pcaversaccio · web-flow · commit da32fb3bd89b · 2025-04-22T15:24:43.000-06:00
Signed-off-by: Pascal Marco Caversaccio &lt;pascal.caversaccio@hotmail.ch&gt;
diff --git a/.github/workflows/release-cycle.yml b/.github/workflows/release-cycle.yml
@@ -131,6 +131,7 @@ jobs:
     environment: npm
     permissions:
       contents: write
+      id-token: write
     if: needs.state.outputs.publish == 'true'
     runs-on: ubuntu-latest
     steps:
@@ -153,6 +154,7 @@ jobs:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           TARBALL: ${{ steps.pack.outputs.tarball }}
           TAG: ${{ steps.pack.outputs.tag }}
+          NPM_CONFIG_PROVENANCE: true
       - name: Create Github Release
         uses: actions/github-script@v7
         env:
diff --git a/scripts/release/workflow/publish.sh b/scripts/release/workflow/publish.sh
@@ -9,7 +9,7 @@ PACKAGE_JSON_VERSION="$(tar xfO "$TARBALL" package/package.json | jq -r .version
 echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc
 
 # Actual publish
-npm publish --provenance "$TARBALL" --tag "$TAG"
+npm publish "$TARBALL" --tag "$TAG"
 
 # Clean up tags
 delete_tag() {
