From b1bd574d425aedf000c2bdaa6f191e3d07bf1a24 Mon Sep 17 00:00:00 2001 From: Divlo Date: Sat, 13 May 2023 15:41:12 +0200 Subject: [PATCH] feat: add npm package provenance Ref: https://github.blog/2023-04-19-introducing-npm-package-provenance/ --- .github/workflows/lint.yml | 6 +++--- .github/workflows/release.yml | 14 +++++++++++--- .github/workflows/test.yml | 6 +++--- .npmrc | 1 + package-lock.json | 2 +- package.json | 6 +++++- 6 files changed, 24 insertions(+), 11 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ddc2d4e..e894a4c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,14 +12,14 @@ jobs: steps: - uses: 'actions/checkout@v3.5.2' - - name: 'Use Node.js' + - name: 'Setup Node.js' uses: 'actions/setup-node@v3.6.0' with: node-version: 'lts/*' cache: 'npm' - - name: 'Install' - run: 'npm install' + - name: 'Install dependencies' + run: 'npm clean-install' - run: 'npm run lint:commit -- --to "${{ github.sha }}"' - run: 'npm run lint:editorconfig' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8dbedf4..615ba7b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,20 +7,28 @@ on: jobs: release: runs-on: 'ubuntu-latest' + permissions: + contents: 'write' + issues: 'write' + pull-requests: 'write' + id-token: 'write' steps: - uses: 'actions/checkout@v3.5.2' with: fetch-depth: 0 persist-credentials: false - - name: 'Use Node.js' + - name: 'Setup Node.js' uses: 'actions/setup-node@v3.6.0' with: node-version: 'lts/*' cache: 'npm' - - name: 'Install' - run: 'npm install' + - name: 'Install dependencies' + run: 'npm clean-install' + + - name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies' + run: 'npm audit signatures' - name: 'Release' run: 'npm run release' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 54b36bf..d4dde34 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,14 +12,14 @@ jobs: steps: - uses: 'actions/checkout@v3.5.2' - - name: 'Use Node.js' + - name: 'Setup Node.js' uses: 'actions/setup-node@v3.6.0' with: node-version: 'lts/*' cache: 'npm' - - name: 'Install' - run: 'npm install' + - name: 'Install dependencies' + run: 'npm clean-install' - name: 'Test' run: 'npm run test' diff --git a/.npmrc b/.npmrc index cffe8cd..3da3cf4 100644 --- a/.npmrc +++ b/.npmrc @@ -1 +1,2 @@ save-exact=true +provenance=true diff --git a/package-lock.json b/package-lock.json index 4a60e3d..7f4301c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -34,7 +34,7 @@ }, "engines": { "node": ">=16.0.0", - "npm": ">=8.0.0" + "npm": ">=9.0.0" }, "peerDependencies": { "eslint": "^8.33.0", diff --git a/package.json b/package.json index d9e111b..bf45e33 100644 --- a/package.json +++ b/package.json @@ -27,9 +27,13 @@ "index.js", ".eslintrc.json" ], + "publishConfig": { + "access": "public", + "provenance": true + }, "engines": { "node": ">=16.0.0", - "npm": ">=8.0.0" + "npm": ">=9.0.0" }, "scripts": { "lint:commit": "commitlint",