Skip to content

Commit

Permalink
feat(security): Add provenance (#671)
Browse files Browse the repository at this point in the history
  • Loading branch information
AaronDewes authored Apr 3, 2024
1 parent a259846 commit 1c2bd25
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
8 changes: 8 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,14 @@ name: Release
- next
- beta
- "*.x"

# These are recommended by the semantic-release docs: https://github.com/semantic-release/npm#npm-provenance
permissions:
contents: write # to be able to publish a GitHub release
issues: write # to be able to comment on released issues
pull-requests: write # to be able to comment on released pull requests
id-token: write # to enable use of OIDC for npm provenance

jobs:
release:
name: release
Expand Down
3 changes: 2 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
"name": "@octokit/core",
"version": "0.0.0-development",
"publishConfig": {
"access": "public"
"access": "public",
"provenance": true
},
"type": "module",
"description": "Extendable client for GitHub's REST & GraphQL APIs",
Expand Down

0 comments on commit 1c2bd25

Please sign in to comment.