From c9e8da7458532cb1f9c320590c0ec6f6022a0259 Mon Sep 17 00:00:00 2001
From: Adrien Crivelli <adrien.crivelli@gmail.com>
Date: Fri, 8 Mar 2024 11:48:24 +0800
Subject: [PATCH] Generate npm package provenance

Following https://docs.npmjs.com/generating-provenance-statements
---
 .github/workflows/main.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 71502e8..8eb2a9d 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -54,6 +54,9 @@ jobs:
 
     release:
         runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            id-token: write
         if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
         needs:
             - build
@@ -73,7 +76,7 @@ jobs:
               with:
                   node-version: '18'
                   registry-url: 'https://registry.npmjs.org'
-            - run: npm publish --access public dist/angular-natural-gallery/
+            - run: npm publish --provenance --access public dist/angular-natural-gallery/
               env:
                   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
@@ -82,7 +85,7 @@ jobs:
               with:
                   node-version: '18'
                   registry-url: 'https://npm.pkg.github.com'
-            - run: npm publish --access public dist/angular-natural-gallery/
+            - run: npm publish --provenance --access public dist/angular-natural-gallery/
               env:
                   NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}