chore: add the provenance flag when publishing to npm (#556)

* This also splits the GH release and npm publish workflows Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
2023-07-05 09:37:35 -04:00 · 2023-07-05 09:37:35 -04:00 · a0d8682613
parent 023171d9a0
commit a0d8682613
2 changed files with 22 additions and 17 deletions
--- a/.github/workflows/publish-to-npm.yml
+++ b/.github/workflows/publish-to-npm.yml
@ -0,0 +1,21 @@
+name: Publish to npmjs
+on:
+ release:
+   types: [created]
+jobs:
+ build:
+   runs-on: ubuntu-latest
+   permissions:
+     contents: read
+     id-token: write
+   steps:
+     - uses: actions/checkout@v3
+     - uses: actions/setup-node@v3
+       with:
+         node-version: '18.x'
+         registry-url: 'https://registry.npmjs.org'
+     - run: npm install -g npm
+     - run: npm ci
+     - run: npm publish --provenance --access public
+       env:
+         NODE_AUTH_TOKEN: ${{ secrets.CLOUDEVENTS_PUBLISH }}
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@ -10,23 +10,7 @@ jobs:
      - uses: GoogleCloudPlatform/release-please-action@v3
        id: release
        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.CLOUDEVENTS_RELEASES_TOKEN }}
          release-type: node
          package-name: cloudevents
          changelog-types: '[{"type":"feat","section":"Features","hidden":false},{"type":"fix","section":"Bug Fixes","hidden":false},{"type":"docs","section":"Documentation","hidden":false},{"type":"chore","section":"Miscellaneous","hidden":false},{"type":"src","section":"Miscellaneous","hidden":false},{"type":"style","section":"Miscellaneous","hidden":false},{"type":"refactor","section":"Miscellaneous","hidden":false},{"type":"perf","section":"Performance","hidden":false},{"type":"test","section":"Tests","hidden":false}]'
-
-      - uses: actions/checkout@v3
-        if: ${{ steps.release.outputs.release_created }}
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-          registry-url: 'https://registry.npmjs.org'
-        if: ${{ steps.release.outputs.release_created }}
-      - run: npm ci
-        if: ${{ steps.release.outputs.release_created }}
-      - run: npm test
-        if: ${{ steps.release.outputs.release_created }}
-      - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.CLOUDEVENTS_PUBLISH}}
-        if: ${{ steps.release.outputs.release_created }}