diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 836c32357..bbe8c5bd7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,6 +6,13 @@ name: Release - next - beta - "*.x" +# These are recommended by the semantic-release docs: https://github.com/semantic-release/npm#npm-provenance +permissions: + contents: write # to be able to publish a GitHub release + issues: write # to be able to comment on released issues + pull-requests: write # to be able to comment on released pull requests + id-token: write # to enable use of OIDC for npm provenance + jobs: release: name: release diff --git a/package.json b/package.json index f7c98d6b0..5756c8536 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,8 @@ { "name": "@octokit/auth-app", "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "version": "0.0.0-development", "description": "GitHub App authentication for JavaScript",