chore: generate provenance statements for npm package (#10477)

* chore: generate provenance statements for npm package See also https://docs.npmjs.com/generating-provenance-statements#example-github-actions-workflow * also add --provenance for covector publishes --------- Co-authored-by: Lucas Nogueira <lucas@tauri.app>
2024-11-28 03:47:37 +03:00 · 2024-08-11 02:48:04 +08:00 · 2024-08-11 02:48:04 +08:00 · 008b9f7481
commit 008b9f7481
parent a975cd7976
2 changed files with 3 additions and 3 deletions
--- a/.changes/config.json
+++ b/.changes/config.json
@ -113,8 +113,8 @@
          "pipe": true
        },
        {
-          "command": "yarn publish --access public --loglevel silly --tag next",
-          "dryRunCommand": "npm publish --dry-run --access public",
+          "command": "yarn publish --access public --loglevel silly --tag next --provenance",
+          "dryRunCommand": "npm publish --dry-run --access public --provenance",
          "pipe": true
        },
        {
--- a/.github/workflows/publish-cli-js.yml
+++ b/.github/workflows/publish-cli-js.yml
@ -390,7 +390,7 @@ jobs:
      - name: Publish
        run: |
          echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
-          npm publish --tag next
+          npm publish --tag next --provenance
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.ORG_NPM_TOKEN }}