Version Packages (#64) #8

	name: Release

	on:
	push:
	tags:
	- 'v[0-9]+.[0-9]+.[0-9]+'

	permissions: read-all

	# https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/nodejs#generating-provenance

	jobs:
	build:
	permissions:
	id-token: write # For signing
	contents: read # For repo checkout.
	actions: read # For getting workflow run info.
	if: startsWith(github.ref, 'refs/tags/')
	uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.9.0
	with:
	run-scripts: 'ci, build, test'

	publish:
	needs: [build]
	runs-on: ubuntu-latest
	steps:
	- name: Set up Node registry authentication
	uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
	with:
	node-version: 18
	registry-url: 'https://registry.npmjs.org'

	- name: publish
	id: publish
	uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@07e64b653f10a80b6510f4568f685f8b7b9ea830 # v1.9.0
	with:
	access: public
	node-auth-token: ${{ secrets.NPM_TOKEN }}
	package-name: ${{ needs.build.outputs.package-name }}
	package-download-name: ${{ needs.build.outputs.package-download-name }}
	package-download-sha256: ${{ needs.build.outputs.package-download-sha256 }}
	provenance-name: ${{ needs.build.outputs.provenance-name }}
	provenance-download-name: ${{ needs.build.outputs.provenance-download-name }}
	provenance-download-sha256: ${{ needs.build.outputs.provenance-download-sha256 }}

Provide feedback