Merge pull request #102 from SocketDev/release-provenance

bmeck · web-flow · commit e89576027042 · 2023-06-05T15:28:53.000-05:00
npm provenance GH action
diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml
@@ -0,0 +1,26 @@
+name: Publish Package to npmjs
+
+on:
+ release:
+   types: [created]
+
+jobs:
+ build:
+   runs-on: ubuntu-latest
+
+   permissions:
+     contents: read
+     id-token: write
+
+   steps:
+     - uses: actions/checkout@v3
+     - uses: actions/setup-node@v3
+       with:
+         node-version: '18'
+         registry-url: 'https://registry.npmjs.org'
+         cache: npm
+     - run: npm install -g npm@latest
+     - run: npm install
+     - run: npm publish --provenance --access public
+       env:
+         NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,3 @@
+# Publishing a new version
+
+This repository uses `npm` provided provenance using GitHub Actions, please update the version in `package.json` using an appropriate tag and create a release using GitHub, the `.github/workflows/provenance.yml` action should publish it to `npm` from there.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# Publishing a new version`
	`2`	`+`
	`3`	+This repository uses `npm` provided provenance using GitHub Actions, please update the version in `package.json` using an appropriate tag and create a release using GitHub, the `.github/workflows/provenance.yml` action should publish it to `npm` from there.