From 3298e50325cb5bec7bf744186375544c870b57f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Weslley=20Ara=C3=BAjo?=
 <46850407+wellwelwel@users.noreply.github.com>
Date: Mon, 9 Sep 2024 23:44:52 -0300
Subject: [PATCH] chore(npm): improve transparency by adding provenance (#3029)

---
 .github/workflows/release.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 61fe5262d8..31e607de40 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,10 @@ on:
       - master
   workflow_dispatch:
 name: release-please
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
 jobs:
   release-please:
     runs-on: ubuntu-latest
@@ -34,7 +38,7 @@ jobs:
       - run: npm ci
         if: ${{ steps.release.outputs.release_created }}
 
-      - run: npm publish
+      - run: npm publish --provenance
         if: ${{ steps.release.outputs.release_created }}
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}