diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8c382bb..ff33dce 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -88,6 +88,7 @@ jobs: needs: release runs-on: ubuntu-latest permissions: + id-token: write contents: read if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha steps: @@ -114,6 +115,7 @@ jobs: env: NPM_DIST_TAG: latest NPM_REGISTRY: registry.npmjs.org + NPM_CONFIG_PROVENANCE: "true" NPM_TOKEN: ${{ secrets.NPM_TOKEN }} run: npx -p publib@latest publib-npm release_pypi: diff --git a/.projenrc.ts b/.projenrc.ts index 925ceed..a6f7646 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -1,4 +1,5 @@ import { cdk } from 'projen'; +import { NpmAccess } from 'projen/lib/javascript'; const kplus = 'cdk8s-plus-24'; const project = new cdk.JsiiProject({ @@ -31,6 +32,8 @@ const project = new cdk.JsiiProject({ distName: 'cdk8s-plone', module: 'cdk8s_plone', }, + npmProvenance: true, + npmAccess: NpmAccess.PUBLIC, }); project.synth(); \ No newline at end of file diff --git a/package.json b/package.json index 91f73a4..2560e91 100644 --- a/package.json +++ b/package.json @@ -72,6 +72,9 @@ }, "main": "lib/index.js", "license": "Apache-2.0", + "publishConfig": { + "access": "public" + }, "version": "0.0.0", "jest": { "coverageProvider": "v8",