From c0c406359434aee759268ca6a7111f564d483848 Mon Sep 17 00:00:00 2001 From: timo <22354443+tnkuehne@users.noreply.github.com> Date: Mon, 1 Dec 2025 23:56:00 +0100 Subject: [PATCH] ci: generate provenance statement on release to increase security --- .github/workflows/release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f019e51..a72ca06 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,6 +12,9 @@ jobs: name: Build & Publish @latest Release if: github.repository == 'svecosystem/mode-watcher' runs-on: ubuntu-latest + permissions: + contents: read + id-token: write steps: - uses: actions/checkout@v4 with: @@ -33,5 +36,6 @@ jobs: title: "chore(release): version package" publish: pnpm ci:publish env: + NPM_CONFIG_PROVENANCE: true NPM_TOKEN: ${{ secrets.NPM_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}