From b92c35cb0cd6e4b46578d3b2c82b6a6673c380d0 Mon Sep 17 00:00:00 2001
From: Hugo Romano <hugoromano@gmail.com>
Date: Wed, 9 Aug 2023 00:23:20 +0100
Subject: [PATCH] npm provenance

---
 .github/workflows/publish.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 910d4cc..35cfc33 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -7,6 +7,9 @@ on:
 jobs:
   test:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     timeout-minutes: 5
     steps:
     - uses: actions/checkout@v3
@@ -20,6 +23,6 @@ jobs:
         scope: "@adaptivelink"
         cache: 'pnpm'
     - name: Publish
-      run: npm publish --access public
+      run: npm publish --provenance--access public
       env:
         NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
\ No newline at end of file