ci: add provenance statement to released artifacts (#1081)

## This PR - add provenance statement to released artifacts ### Notes Snippet from the NPM docs: > You can generate provenance statements for the packages you publish. This allows you to publicly establish where a package was built and who published a package, which can increase supply-chain security for your packages. It also adds a cool badge in NPM 😎 ### Resources - https://docs.npmjs.com/generating-provenance-statements#example-github-actions-workflow Signed-off-by: Michael Beemer <[email protected]>
open-feature · Nov 20, 2024 · c97d6d1 · c97d6d1
1 parent 1ba149d
commit c97d6d1
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -74,6 +74,8 @@ jobs:
       - name: Publish to NPM
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+          # https://docs.npmjs.com/generating-provenance-statements
+          NPM_CONFIG_PROVENANCE: true
         run: npm run publish-all
 
       - name: Build Docs