johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: add provenance attestation to npm publish

Browse Source
This commit is contained in:
Steve Yegge
2025-11-25 18:31:40 -08:00
parent 611d1e6e80
commit 03d62d0f8e
1 changed files with 6 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.github/workflows/release.yml vendored
View File

@@ -72,6 +72,9 @@ jobs:
publish-npm: publish-npm:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: goreleaser needs: goreleaser
permissions:
contents: read
id-token: write # Required for npm provenance/trusted publishing
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@v6
@@ -83,19 +86,11 @@ jobs:
registry-url: 'https://registry.npmjs.org' registry-url: 'https://registry.npmjs.org'
- name: Publish to npm - name: Publish to npm
run: |
cd npm-package
npm publish --access public --provenance
env: env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
if [ -z "$NODE_AUTH_TOKEN" ]; then
echo "::warning::NPM_TOKEN not set - skipping npm publish"
echo "To enable automatic npm publishing:"
echo "1. Create an npm access token with publish permissions"
echo "2. Add it as NPM_TOKEN in repository secrets"
exit 0
fi
cd npm-package
npm publish --access public
update-homebrew: update-homebrew:
runs-on: ubuntu-latest runs-on: ubuntu-latest