From ce267b111fc6ff2c5669f540c95cf896f928bebb Mon Sep 17 00:00:00 2001
From: Elysia <elysia.hwang@gmail.com>
Date: Thu, 7 Dec 2023 16:48:22 -0500
Subject: [PATCH] chore: publish packages with provenance (#3952)

---
 .github/workflows/release-v1.yml                 | 4 ++++
 .github/workflows/release.yml                    | 4 ++++
 config/storybook-addon-carbon-theme/package.json | 3 ++-
 packages/ibm-products-styles/package.json        | 3 ++-
 packages/ibm-products/package.json               | 3 ++-
 5 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release-v1.yml b/.github/workflows/release-v1.yml
index 88c3c7d8f9..0f7e105ff5 100644
--- a/.github/workflows/release-v1.yml
+++ b/.github/workflows/release-v1.yml
@@ -8,6 +8,10 @@ on:
 jobs:
   Release_v1:
     runs-on: ubuntu-latest
+    # Recommended by npm for publishing with provenance https://docs.npmjs.com/generating-provenance-statements
+    permissions:
+      id-token: write
+      contents: write
 
     steps:
       - name: Checkout
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 264ce2e7dd..31f9d2dc7a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,6 +10,10 @@ on:
 jobs:
   Release:
     runs-on: ubuntu-latest
+    # Recommended by npm for publishing with provenance https://docs.npmjs.com/generating-provenance-statements
+    permissions:
+      id-token: write
+      contents: write
 
     steps:
       - name: Checkout
diff --git a/config/storybook-addon-carbon-theme/package.json b/config/storybook-addon-carbon-theme/package.json
index 5c4c568819..ecc6f76578 100644
--- a/config/storybook-addon-carbon-theme/package.json
+++ b/config/storybook-addon-carbon-theme/package.json
@@ -27,7 +27,8 @@
     "carbon for ibm products"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "clean": "rimraf dist",
diff --git a/packages/ibm-products-styles/package.json b/packages/ibm-products-styles/package.json
index 523bcd49e1..6502c5914c 100644
--- a/packages/ibm-products-styles/package.json
+++ b/packages/ibm-products-styles/package.json
@@ -29,7 +29,8 @@
     "carbon for ibm products"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "run-s clean build-first build-all build-css-update-maps",
diff --git a/packages/ibm-products/package.json b/packages/ibm-products/package.json
index dfcc31194a..a20f0a8e3f 100644
--- a/packages/ibm-products/package.json
+++ b/packages/ibm-products/package.json
@@ -34,7 +34,8 @@
     "carbon for ibm products"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "run-s clean build-all",