From e2831630bfd38e226df52030aa8b2454f9aaee52 Mon Sep 17 00:00:00 2001
From: Percy Ma <kecrily@gmail.com>
Date: Sat, 15 Jul 2023 00:12:47 +0800
Subject: [PATCH] ci: generate provenance statements when release

---
 .github/workflows/release-please.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index 932cad12..dc0b6f57 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -9,6 +9,7 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
+      id-token: write
     steps:
       - uses: google-github-actions/release-please-action@v3
         id: release
@@ -35,7 +36,7 @@ jobs:
           node-version: lts/*
           registry-url: https://registry.npmjs.org
         if: ${{ steps.release.outputs.release_created }}
-      - run: npm publish
+      - run: npm publish --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         if: ${{ steps.release.outputs.release_created }}