feat: add npm package provenance
Ref: https://github.blog/2023-04-19-introducing-npm-package-provenance/
This commit is contained in:
parent
882416cb49
commit
ef5635380c
8
.github/workflows/release.yml
vendored
8
.github/workflows/release.yml
vendored
@ -7,6 +7,11 @@ on:
|
|||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: 'ubuntu-latest'
|
runs-on: 'ubuntu-latest'
|
||||||
|
permissions:
|
||||||
|
contents: 'write'
|
||||||
|
issues: 'write'
|
||||||
|
pull-requests: 'write'
|
||||||
|
id-token: 'write'
|
||||||
steps:
|
steps:
|
||||||
- uses: 'actions/checkout@v3.5.2'
|
- uses: 'actions/checkout@v3.5.2'
|
||||||
|
|
||||||
@ -22,6 +27,9 @@ jobs:
|
|||||||
- name: 'Build Package'
|
- name: 'Build Package'
|
||||||
run: 'npm run build'
|
run: 'npm run build'
|
||||||
|
|
||||||
|
- name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies'
|
||||||
|
run: 'npm audit signatures'
|
||||||
|
|
||||||
- name: 'Release'
|
- name: 'Release'
|
||||||
run: 'npm run release'
|
run: 'npm run release'
|
||||||
env:
|
env:
|
||||||
|
@ -23,6 +23,10 @@
|
|||||||
"files": [
|
"files": [
|
||||||
"dist"
|
"dist"
|
||||||
],
|
],
|
||||||
|
"publishConfig": {
|
||||||
|
"access": "public",
|
||||||
|
"provenance": true
|
||||||
|
},
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"build": "tsup",
|
"build": "tsup",
|
||||||
"test": "jest",
|
"test": "jest",
|
||||||
|
Reference in New Issue
Block a user