From 7552b806df9855d65cbad3759bc5d33afddafdee Mon Sep 17 00:00:00 2001
From: "Thomas.G" <gentilhomme.thomas@gmail.com>
Date: Tue, 19 Mar 2024 00:58:42 +0100
Subject: [PATCH] ci: setup npm provenance (#365)

---
 .github/workflows/npm-provenance.yml | 23 +++++++++++++++++++++++
 .npmrc                               |  1 +
 2 files changed, 24 insertions(+)
 create mode 100644 .github/workflows/npm-provenance.yml

diff --git a/.github/workflows/npm-provenance.yml b/.github/workflows/npm-provenance.yml
new file mode 100644
index 00000000..6c11536d
--- /dev/null
+++ b/.github/workflows/npm-provenance.yml
@@ -0,0 +1,23 @@
+# https://docs.npmjs.com/generating-provenance-statements
+
+name: Publish Package to npmjs
+on:
+  release:
+    types: [created]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm install -g npm
+      - run: npm ci
+      - run: npm publish --provenance public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.npmrc b/.npmrc
index 43c97e71..33cc073d 100644
--- a/.npmrc
+++ b/.npmrc
@@ -1 +1,2 @@
 package-lock=false
+provenance=true