From 87d173a17133207492bd5c5ad2eeb70d8ecbe082 Mon Sep 17 00:00:00 2001
From: Sebastian Pekarek <mail@sebbo.net>
Date: Sat, 21 Oct 2023 17:02:49 +0200
Subject: [PATCH] feat: Enable npm provenance

https://docs.npmjs.com/generating-provenance-statements#about-npm-provenance
---
 .github/workflows/test-release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/test-release.yml b/.github/workflows/test-release.yml
index 4a239c446..42ac4444f 100644
--- a/.github/workflows/test-release.yml
+++ b/.github/workflows/test-release.yml
@@ -67,6 +67,9 @@ jobs:
     name: Release
     runs-on: ubuntu-latest
     concurrency: release
+    permissions:
+      contents: read
+      id-token: write
     needs:
       - coverage
       - tests
@@ -91,6 +94,7 @@ jobs:
           GH_TOKEN: ${{ secrets.GH_TOKEN }}
           GH_OWNER: ${{ github.repository_owner }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
       - name: 🔃 Merge main back into develop
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: everlytic/branch-merge@1.1.5