From 8093259121e83e209f8371bec4d283ec26e5f70c Mon Sep 17 00:00:00 2001
From: Maximilian Franzke <Maximilian.Franzke@deutschebahn.com>
Date: Mon, 16 Sep 2024 08:34:33 +0200
Subject: [PATCH] feat: generating provenance statements

---
 .github/workflows/02-publish.yml | 2 +-
 .github/workflows/publish.yml    | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/02-publish.yml b/.github/workflows/02-publish.yml
index b011c25..ee74a7f 100644
--- a/.github/workflows/02-publish.yml
+++ b/.github/workflows/02-publish.yml
@@ -34,4 +34,4 @@ jobs:
           npm version --no-git-tag-version "$SEMVER_VERSION"
           npm config set registry https://registry.npmjs.org/
           npm set //registry.npmjs.org/:_authToken "$NPM_TOKEN"
-          npm publish
+          npm publish --provenance
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index fff94d1..378da99 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -27,3 +27,5 @@ jobs:
     uses: ./.github/workflows/02-publish.yml
     needs: [build, lint, test]
     secrets: inherit
+    permissions:
+      id-token: write