Enable provenance in GitHub Actions workflow for NPM package publishing #596

	name: Voucher Smart Contract CI

	on:
	push:
	branches:
	- feature/*
	- bugfix/*
	- release/*
	- hotfix/*
	- develop
	- main

	concurrency:
	group: ci-${{ github.head_ref }}
	cancel-in-progress: true

	jobs:
	coverage:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version: 20
	cache: 'npm'
	- name: Install Dependencies
	run: npm ci
	- name: Check Format
	run: npm run check-format
	- name: Check Lint
	run: npm run check-lint
	- name: Build
	run: npm run build
	- name: Check Types
	run: npm run check-types
	- name: Generate UML
	run: npm run uml
	- name: Run partial upgrade tests on fork
	env:
	IS_LOCAL_FORK: true
	run: npm run test test/NextVersionUpgrade.test.ts
	- name: Simulate upgrade on fork
	env:
	USE_FACTORY: false
	IS_LOCAL_FORK: true
	run: npm run upgrade
	- name: Run Tests
	run: npm run test -- --bail
	- name: Run Coverage
	run: npm run coverage #coverage only works on a non-fork hardhat node
	- name: Upload coverage reports to Codecov
	uses: codecov/codecov-action@v4.0.1
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	slug: iExecBlockchainComputing/iexec-voucher-contracts
	- name: Run static analysis with slither
	uses: crytic/slither-action@v0.4.0
	with:
	target: "contracts/"
	slither-args: --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
	fail-on: none # TODO set this to high or other
	sarif: results.sarif
	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: results.sarif

Provide feedback