From d4aa2e9a6859ca03d5e09ee7c67ef339ce267dee Mon Sep 17 00:00:00 2001 From: Grace Park Date: Wed, 6 May 2026 13:56:06 -0700 Subject: [PATCH] Update publish workflow to include provenance flag --- .github/workflows/publish.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 872e134..09bccfb 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -6,6 +6,7 @@ on: permissions: contents: read + id-token: write jobs: publish-npm: @@ -22,6 +23,4 @@ jobs: - run: npm version ${TAG_NAME} --git-tag-version=false env: TAG_NAME: ${{ github.event.release.tag_name }} - - run: npm whoami; npm --ignore-scripts publish - env: - NODE_AUTH_TOKEN: ${{secrets.npm_token}} + - run: npm --ignore-scripts publish --provenance