Generate provenance statements on npm publish
This PR adds [Provenance statements](https://docs.npmjs.com/generating-provenance-statements) on `npm publish`, increasing supply-chain security.
This commit is contained in:
Wojciech Maj
parent
b5d554e1b4
commit
aaa65bf3fc
3
.github/workflows/publish_release.yml
vendored
3
.github/workflows/publish_release.yml
vendored
@ -4,6 +4,7 @@ on:
|
|||||||
types: [published]
|
types: [published]
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
id-token: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
publish:
|
publish:
|
||||||
@ -33,6 +34,6 @@ jobs:
|
|||||||
run: npx gulp dist
|
run: npx gulp dist
|
||||||
|
|
||||||
- name: Publish the `pdfjs-dist` library to NPM
|
- name: Publish the `pdfjs-dist` library to NPM
|
||||||
run: npm publish ./build/dist
|
run: npm publish ./build/dist --provenance
|
||||||
env:
|
env:
|
||||||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user