From 24824324dd261769228d3aea3b4dd0e59f0b6479 Mon Sep 17 00:00:00 2001
From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com>
Date: Tue, 1 Oct 2024 10:14:06 +0200
Subject: [PATCH] feat: generating provenance statements (#575)

* feat: generating provenance statements

* Update publish-npm.sh
---
 .github/scripts/publish-npm.sh            | 3 ++-
 .github/workflows/03-publish-packages.yml | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/scripts/publish-npm.sh b/.github/scripts/publish-npm.sh
index b08b2a4a3..3296c1f2c 100644
--- a/.github/scripts/publish-npm.sh
+++ b/.github/scripts/publish-npm.sh
@@ -41,5 +41,6 @@ do
     echo "Could not authenticate with $REGISTRY"
     exit 1
   fi
-  npm publish --tag "$TAG" db-ui-base-"$VALID_SEMVER_VERSION".tgz
+  # https://docs.npmjs.com/generating-provenance-statements#example-github-actions-workflow
+  npm publish --tag "$TAG" db-ui-base-"$VALID_SEMVER_VERSION".tgz --provenance
 done
diff --git a/.github/workflows/03-publish-packages.yml b/.github/workflows/03-publish-packages.yml
index 12348b2a6..4152d0d12 100644
--- a/.github/workflows/03-publish-packages.yml
+++ b/.github/workflows/03-publish-packages.yml
@@ -20,6 +20,8 @@ jobs:
   publish:
     name: Publish latest package versions to GitHub Packages
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - name: ⬇ Checkout repo
         uses: actions/checkout@v4