From 79fe7227f67a02ec9b5ede455f20df45c32e74ce Mon Sep 17 00:00:00 2001
From: utarwyn <maxime.malgorn@laposte.net>
Date: Fri, 4 Aug 2023 20:07:28 +0200
Subject: [PATCH] Add provenance when publishing package

---
 .github/workflows/publish.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 9658d49..5a2b6ae 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -14,6 +14,8 @@ env:
 jobs:
   publish-npm:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - name: Checkout tag "${{ github.ref_name }}"
         uses: actions/checkout@v3
@@ -34,7 +36,7 @@ jobs:
         run: cp LICENSE.md eslint-plugin/
 
       - name: Publish package on NPM
-        run: npm publish --access public
+        run: npm publish --provenance --access public
         working-directory: eslint-plugin
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}