From d6f084bd9b4f5be6084c78033ae7d864264a6a66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20De=20Boey?= <info@michaeldeboey.be>
Date: Tue, 5 Aug 2025 00:17:42 +0200
Subject: [PATCH 1/2] chore: generate provenance statements on release

---
 .github/workflows/release.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7bb42156f7..4f938435e4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,6 +21,8 @@ jobs:
     outputs:
       published_packages: ${{ steps.changesets.outputs.publishedPackages }}
       published: ${{ steps.changesets.outputs.published }}
+    permissions:
+      id-token: write # to enable use of OIDC for npm provenance
     steps:
       - name: ⬇️ Checkout repo
         uses: actions/checkout@v4
@@ -62,6 +64,7 @@ jobs:
           createGithubReleases: false
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
   find_package_version:

From 3a0b23a274191ccb39c76e0bb1dda1197f988c9e Mon Sep 17 00:00:00 2001
From: Matt Brophy <matt@brophy.org>
Date: Wed, 6 Aug 2025 16:42:07 -0400
Subject: [PATCH 2/2] Update .github/workflows/release.yml

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4f938435e4..e2ca37d2c8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,7 +22,7 @@ jobs:
       published_packages: ${{ steps.changesets.outputs.publishedPackages }}
       published: ${{ steps.changesets.outputs.published }}
     permissions:
-      id-token: write # to enable use of OIDC for npm provenance
+      id-token: write # enable generation of an ID token for publishing
     steps:
       - name: ⬇️ Checkout repo
         uses: actions/checkout@v4