Update GitHub Actions workflow to publish with provenance
- Removed the registry URL from the setup-node action for cleaner configuration. - Modified the publish command to include the --provenance flag, enhancing the security and traceability of published packages.
This commit is contained in:
3
.github/workflows/publish.yml
vendored
3
.github/workflows/publish.yml
vendored
@@ -67,7 +67,6 @@ jobs:
|
|||||||
uses: actions/setup-node@v4
|
uses: actions/setup-node@v4
|
||||||
with:
|
with:
|
||||||
node-version: 22
|
node-version: 22
|
||||||
registry-url: https://registry.npmjs.org/
|
|
||||||
cache: "npm"
|
cache: "npm"
|
||||||
cache-dependency-path: package-lock.json
|
cache-dependency-path: package-lock.json
|
||||||
- name: Check tag matches package version
|
- name: Check tag matches package version
|
||||||
@@ -85,4 +84,4 @@ jobs:
|
|||||||
- name: Verify plugin
|
- name: Verify plugin
|
||||||
run: npm run verify
|
run: npm run verify
|
||||||
- name: Publish
|
- name: Publish
|
||||||
run: npm publish
|
run: npm publish --provenance
|
||||||
|
|||||||
Reference in New Issue
Block a user