Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(publish.yml): add npm provenance statements #29

Merged
merged 1 commit into from
Nov 14, 2023
Merged

ci(publish.yml): add npm provenance statements #29

merged 1 commit into from
Nov 14, 2023

Conversation

Jolg42
Copy link
Contributor

@Jolg42 Jolg42 commented Nov 13, 2023
edited
Loading

See https://docs.npmjs.com/generating-provenance-statements This increases supply-chain security for the packages, since it publicly establish where a package was built (here, in GitHub Actions) and who published a package.

See https://prisma-company.slack.com/archives/C1FPU5FPT/p1698675822988359

I switched to Node.js 20, like in prisma/prisma for publishing (we need to have a more recent version of npm for provenance statements)

Similar to prisma/engines-wrapper#476

@Jolg42
ci(publish.yml): add npm provenance statements
ebe3797 
See https://docs.npmjs.com/generating-provenance-statements
This increases supply-chain security for the packages, since it publicly establish where a package was built (here, in GitHub Actions) and who published a package.

See https://prisma-company.slack.com/archives/C1FPU5FPT/p1698675822988359

I switched to Node.js 20, like in prisma/prisma for publishing (we need to have a more recent version of npm for provenances)

Similar to prisma/engines-wrapper#476
@Jolg42 Jolg42 requested a review from SevInf November 13, 2023 14:19
@Jolg42 Jolg42 self-assigned this Nov 13, 2023
@SevInf
Copy link
Contributor

SevInf commented Nov 14, 2023

Will wee need to publish a new version now?

@SevInf SevInf merged commit ad696cc into main Nov 14, 2023
1 check passed
@Jolg42 Jolg42 deleted the joel/provenance branch November 14, 2023 10:01
@Jolg42
Copy link
Contributor Author

Jolg42 commented Nov 14, 2023
edited
Loading

@SevInf No urgency, but if you want to try it now, It's good to know if it actually works. (it should work ™️)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SevInf SevInf SevInf approved these changes

Assignees

@Jolg42 Jolg42

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Jolg42 @SevInf