Skip to content

Commit 1c2bd25

Browse files
authored
feat(security): Add provenance (#671)
1 parent a259846 commit 1c2bd25

File tree

2 files changed

+10
-1
lines changed

2 files changed

+10
-1
lines changed

.github/workflows/release.yml

+8
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,14 @@ name: Release
66
- next
77
- beta
88
- "*.x"
9+
10+
# These are recommended by the semantic-release docs: https://github.com/semantic-release/npm#npm-provenance
11+
permissions:
12+
contents: write # to be able to publish a GitHub release
13+
issues: write # to be able to comment on released issues
14+
pull-requests: write # to be able to comment on released pull requests
15+
id-token: write # to enable use of OIDC for npm provenance
16+
917
jobs:
1018
release:
1119
name: release

package.json

+2-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,8 @@
22
"name": "@octokit/core",
33
"version": "0.0.0-development",
44
"publishConfig": {
5-
"access": "public"
5+
"access": "public",
6+
"provenance": true
67
},
78
"type": "module",
89
"description": "Extendable client for GitHub's REST & GraphQL APIs",

0 commit comments

Comments
 (0)