diff --git a/.github/scripts/publish-npm.sh b/.github/scripts/publish-npm.sh index 449d9b866d..bc86558440 100644 --- a/.github/scripts/publish-npm.sh +++ b/.github/scripts/publish-npm.sh @@ -57,8 +57,9 @@ do echo "Could not authenticate with $REGISTRY" exit 1 fi - npm publish --tag "$TAG" db-ui-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz - npm publish --tag "$TAG" db-ui-ngx-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz - npm publish --tag "$TAG" db-ui-react-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz - npm publish --tag "$TAG" db-ui-v-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz + # https://docs.npmjs.com/generating-provenance-statements#example-github-actions-workflow + npm publish --tag "$TAG" db-ui-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance + npm publish --tag "$TAG" db-ui-ngx-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance + npm publish --tag "$TAG" db-ui-react-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance + npm publish --tag "$TAG" db-ui-v-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance done diff --git a/.github/workflows/03-publish-packages.yml b/.github/workflows/03-publish-packages.yml index 06bade1918..2a2618b441 100644 --- a/.github/workflows/03-publish-packages.yml +++ b/.github/workflows/03-publish-packages.yml @@ -24,6 +24,8 @@ jobs: fail-fast: false matrix: themes: [default, enterprise] + permissions: + id-token: write steps: - name: ⬇ Checkout repo uses: actions/checkout@v4