diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 47611b8..f3bd425 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,11 @@ on: jobs: release: runs-on: 'ubuntu-latest' + permissions: + contents: 'write' + issues: 'write' + pull-requests: 'write' + id-token: 'write' steps: - uses: 'actions/checkout@v3.5.2' with: @@ -27,6 +32,9 @@ jobs: - run: 'npm run build:typescript' + - name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies' + run: 'npm audit signatures' + - name: 'Release' run: 'npm run release' env: diff --git a/.npmrc b/.npmrc index cffe8cd..3da3cf4 100644 --- a/.npmrc +++ b/.npmrc @@ -1 +1,2 @@ save-exact=true +provenance=true diff --git a/package.json b/package.json index c324da9..49d27a6 100644 --- a/package.json +++ b/package.json @@ -22,13 +22,17 @@ ], "main": "build/index.js", "bin": "build/index.js", + "files": [ + "build" + ], + "publishConfig": { + "access": "public", + "provenance": true + }, "engines": { "node": ">=16.0.0", "npm": ">=9.0.0" }, - "files": [ - "build" - ], "scripts": { "build": "rimraf ./build && swc ./src --out-dir ./build", "build:typescript": "tsc",