Skip to content
This repository was archived by the owner on Jan 8, 2025. It is now read-only.

Commit e9c6d16

Browse files
authored
Add provenance attestation when publishing to NPM (#15)
### Changelog None ### Description This adds a provenance attestation to the published package so consumers can verify that the package was built on GitHub Actions: - https://github.blog/2023-04-19-introducing-npm-package-provenance/ - https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions The package will appear like this on npm: <img src="https://github.blog/wp-content/uploads/2023/04/npm-package-provenance-3.png?w=488&resize=488%2C394" width="250">
1 parent f95d67b commit e9c6d16

File tree

2 files changed

+13
-2
lines changed

2 files changed

+13
-2
lines changed

.github/workflows/ci.yml

+12-1
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,10 @@ jobs:
1212
name: push
1313
runs-on: ubuntu-latest
1414

15+
permissions:
16+
# https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions
17+
id-token: write
18+
1519
steps:
1620
- uses: actions/checkout@v3
1721
- uses: actions/setup-node@v3
@@ -23,8 +27,15 @@ jobs:
2327
- run: yarn install --frozen-lockfile
2428
- run: yarn run lint:ci
2529

30+
- run: yarn pack
31+
- name: Publish to NPM (dry run)
32+
# `yarn publish` does not support --provenance
33+
run: npm publish foxglove-rosmsg-msgs-common-*.tgz --provenance --access public --dry-run
34+
env:
35+
NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
2636
- name: Publish to NPM
2737
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
28-
run: yarn publish --access public
38+
# `yarn publish` does not support --provenance
39+
run: npm publish foxglove-rosmsg-msgs-common-*.tgz --provenance --access public
2940
env:
3041
NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}

.vscode/settings.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
// -*- jsonc -*-
22
{
33
"editor.codeActionsOnSave": {
4-
"source.fixAll.eslint": true
4+
"source.fixAll.eslint": "explicit"
55
},
66
"editor.defaultFormatter": "esbenp.prettier-vscode",
77
"editor.formatOnSave": true,

0 commit comments

Comments
 (0)