From 6b8a14e9867342f25c4dd9482289ea2ee917df17 Mon Sep 17 00:00:00 2001
From: achingbrain <alex@achingbrain.net>
Date: Fri, 1 Dec 2023 10:06:36 +0000
Subject: [PATCH] chore: publish with npm provenance

To guard against supply chain attacks, publish with provenance.

Refs:
- https://github.blog/2023-04-19-introducing-npm-package-provenance/
- https://docs.npmjs.com/generating-provenance-statements
---
 .github/workflows/main.yml      | 8 ++++++--
 .release-please.json            | 1 -
 packages/helia/package.json     | 4 ++++
 packages/interface/package.json | 4 ++++
 packages/interop/package.json   | 4 ++++
 5 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index a389b614..5c6dc2a9 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -168,11 +168,15 @@ jobs:
       test-electron-renderer
     ]
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    permissions:
+      contents: write
+      id-token: write
+      pull-requests: write
     steps:
-      - uses: GoogleCloudPlatform/release-please-action@v2
+      - uses: google-github-actions/release-please-action@v3
         id: release
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.UCI_GITHUB_TOKEN || github.token }}
           command: manifest
           release-type: node
           manifest-file: .release-please-manifest.json
diff --git a/.release-please.json b/.release-please.json
index 8d720541..35bf765b 100644
--- a/.release-please.json
+++ b/.release-please.json
@@ -1,6 +1,5 @@
 {
   "plugins": ["node-workspace"],
-  "group-pull-request-title-pattern": "chore: release ${component}",
   "packages": {
     "packages/helia": {},
     "packages/interface": {},
diff --git a/packages/helia/package.json b/packages/helia/package.json
index 9e81adaa..1360dc11 100644
--- a/packages/helia/package.json
+++ b/packages/helia/package.json
@@ -11,6 +11,10 @@
   "bugs": {
     "url": "https://github.com/ipfs/helia/issues"
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "keywords": [
     "IPFS"
   ],
diff --git a/packages/interface/package.json b/packages/interface/package.json
index 9a84e25c..37886acc 100644
--- a/packages/interface/package.json
+++ b/packages/interface/package.json
@@ -11,6 +11,10 @@
   "bugs": {
     "url": "https://github.com/ipfs/helia/issues"
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "keywords": [
     "IPFS"
   ],
diff --git a/packages/interop/package.json b/packages/interop/package.json
index fcff4f85..6b6a73af 100644
--- a/packages/interop/package.json
+++ b/packages/interop/package.json
@@ -11,6 +11,10 @@
   "bugs": {
     "url": "https://github.com/ipfs/helia/issues"
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "keywords": [
     "IPFS"
   ],