Skip to content

Commit

Permalink
ci(release): add sigstore npm integration through --provenance
Browse files Browse the repository at this point in the history
Primary Changes
----------------
1. Added provenance config to the publish workflows.

Fixes #2623

Signed-off-by: adrianbatuto <adrian.batuto@accenture.com>
  • Loading branch information
adrianbatuto authored and petermetz committed Nov 30, 2024
1 parent 7579bc1 commit 96de0c7
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
3 changes: 3 additions & 0 deletions .github/workflows/all-nodejs-packages-publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ concurrency:
jobs:
build-and-publish-packages:
runs-on: ubuntu-22.04
permissions:
id-token: write
steps:
- name: Print Workflow inputs.GIT_TAG_TO_PUBLISH
run: |
Expand Down Expand Up @@ -58,6 +60,7 @@ jobs:
- name: lerna-publish-npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_CONFIG_PROVENANCE: true
run: |
git config --global user.email "npm-ci@hyperledger.org"
git config --global user.name "hyperledger-ghci"
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/publish-npm.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ jobs:

build-and-publish-packages:
runs-on: ubuntu-22.04
permissions:
id-token: write
steps:
- uses: actions/checkout@v4.1.7
with:
Expand All @@ -28,7 +30,7 @@ jobs:
with:
always-auth: true
node-version: ${{ env.NODEJS_VERSION }}
registry-url: 'https://registry.npmjs.org'
registry-url: 'https://registry.npmjs.org/'
- name: ./tools/ci.sh
run: ./tools/ci.sh
env:
Expand All @@ -39,6 +41,7 @@ jobs:
- name: lerna-publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_CONFIG_PROVENANCE: true
run: |
git config --global user.email "npm-ci@hyperledger.org"
git config --global user.name "hyperledger-ghci"
Expand Down

0 comments on commit 96de0c7

Please sign in to comment.