Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Publish to NPM with provenance #2276

Merged
merged 2 commits into from
Apr 27, 2024
Merged

chore: Publish to NPM with provenance #2276

merged 2 commits into from
Apr 27, 2024

Conversation

meyfa
Copy link
Contributor

@meyfa meyfa commented Aug 26, 2023
edited
Loading

chore: Publish to NPM with provenance

The release process in this repository is already automated via GitHub Actions, which is a great first step toward creating trust in the supply chain. Recently, NPM has started to support publishing with the --provenance flag. This flag creates a link between the GitHub Actions run that created the release and the final artifact on NPM. This linkage further ensures that package installs can be traced back to a specific code revision.

For more information on publishing with provenance, please refer to: https://github.blog/2023-04-19-introducing-npm-package-provenance/

Note that the update of Node.js to v18 is required for NPM v9.5+ to be installed, which is needed for provenance.

Checklist

  • PR contains only changes related; no stray files, etc.
  • README updated (where applicable)
  • Tests written (where applicable)
  • References provided in PR (where applicable)

@meyfa
chore: Publish to NPM with provenance
c7d49f7 
The release process in this repository is already automated via
GitHub Actions, which is a great first step toward creating trust in the
supply chain. Recently, NPM has started to support publishing with the
`--provenance` flag. This flag creates a link between the GitHub Actions
run that created the release and the final artifact on NPM. This linkage
further ensures that package installs can be traced back to a specific
code revision.

For more information on publishing with provenance, please refer to:
https://github.blog/2023-04-19-introducing-npm-package-provenance/
@codecov
Copy link

codecov bot commented Aug 26, 2023
edited
Loading

Codecov Report

Patch and project coverage have no change.

Comparison is base (b958bd7) 99.95% compared to head (2512316) 99.95%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #2276   +/-   ##
=======================================
  Coverage   99.95%   99.95%           
=======================================
  Files         107      107           
  Lines        2454     2454           
  Branches      619      619           
=======================================
  Hits         2453     2453           
  Partials        1        1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

WikiRik
WikiRik reviewed Aug 26, 2023
View reviewed changes
Copy link
Member

@WikiRik WikiRik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to set up anything different than now? Like refreshing the NPM token with different permissions. Or is it all set up, ready to go already since we publish to NPM?

@meyfa
Copy link
Contributor Author

meyfa commented Aug 26, 2023

@WikiRik This is all that's needed. NPM and GitHub Actions handles the rest automatically.

@meyfa
Copy link
Contributor Author

meyfa commented Aug 26, 2023

Please also refer to the following page if in doubt: https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions

@profnandaa profnandaa merged commit 2253a77 into validatorjs:master Apr 27, 2024
9 checks passed
@profnandaa profnandaa mentioned this pull request May 2, 2024
Closed
@kaifkh20 kaifkh20 mentioned this pull request May 30, 2024
Open
@Safar123 Safar123 mentioned this pull request May 30, 2024
Open
@IT21149412 IT21149412 mentioned this pull request May 30, 2024
Open
@Achmad-Farid Achmad-Farid mentioned this pull request May 30, 2024
Open
@ahmetilboga2004 ahmetilboga2004 mentioned this pull request May 30, 2024
Merged
@wambugucoder wambugucoder mentioned this pull request May 30, 2024
Open
@TuanNB28 TuanNB28 mentioned this pull request May 30, 2024
Open
@StemmlerSisters StemmlerSisters mentioned this pull request May 30, 2024
Open
@peterboni peterboni mentioned this pull request May 30, 2024
Open
@rntvicente rntvicente mentioned this pull request May 30, 2024
Open
@DefenderK DefenderK mentioned this pull request May 30, 2024
Closed
@ChinmoyHembram ChinmoyHembram mentioned this pull request May 30, 2024
Open
@saileshbro saileshbro mentioned this pull request May 30, 2024
Merged
@malforsaja malforsaja mentioned this pull request May 30, 2024
Merged
@ryanlelek ryanlelek mentioned this pull request May 30, 2024
Closed
@ziccardi ziccardi mentioned this pull request May 30, 2024
Open
@MoTarigOs MoTarigOs mentioned this pull request May 30, 2024
Open
@pasang7 pasang7 mentioned this pull request May 30, 2024
Open
@ceconcarlsen ceconcarlsen mentioned this pull request May 31, 2024
Open
@sumandas0 sumandas0 mentioned this pull request May 31, 2024
Open
@ChinmoyHembram ChinmoyHembram mentioned this pull request Sep 14, 2024
Open
@IT21221064 IT21221064 mentioned this pull request Sep 14, 2024
Open
@officialmofabs officialmofabs mentioned this pull request Sep 14, 2024
Open
@WontonSam WontonSam mentioned this pull request Sep 14, 2024
Open
@vky5 vky5 mentioned this pull request Sep 15, 2024
Closed
@amay0808 amay0808 mentioned this pull request Sep 16, 2024
Open
@IT21269134 IT21269134 mentioned this pull request Sep 17, 2024
Open
This was referenced Sep 17, 2024
Open
Open
@diviyanjanakamesh diviyanjanakamesh mentioned this pull request Sep 18, 2024
Open
@MohammadGhajari MohammadGhajari mentioned this pull request Sep 18, 2024
Open
@diviyanjanakamesh diviyanjanakamesh mentioned this pull request Sep 19, 2024
Open
@ch4mi2 ch4mi2 mentioned this pull request Sep 19, 2024
Closed
@maleeshaaa maleeshaaa mentioned this pull request Sep 19, 2024
Open
@MohammadGhajari MohammadGhajari mentioned this pull request Sep 19, 2024
Open
@ChinmoyHembram ChinmoyHembram mentioned this pull request Sep 19, 2024
Open
@officialmofabs officialmofabs mentioned this pull request Sep 19, 2024
Open
This was referenced Sep 20, 2024
Open
Open
@ChinmoyHembram ChinmoyHembram mentioned this pull request Sep 21, 2024
Open
@tamir-ariunsukh tamir-ariunsukh mentioned this pull request Sep 21, 2024
Open
@KOTTAGENVH KOTTAGENVH mentioned this pull request Sep 21, 2024
Open
@officialmofabs officialmofabs mentioned this pull request Sep 21, 2024
Open
@MohammadGhajari MohammadGhajari mentioned this pull request Sep 22, 2024
Open
@tamir-ariunsukh tamir-ariunsukh mentioned this pull request Sep 22, 2024
Open
@WontonSam WontonSam mentioned this pull request Sep 22, 2024
Open
@MohammadGhajari MohammadGhajari mentioned this pull request Sep 23, 2024
Open
@pasanchamikara99 pasanchamikara99 mentioned this pull request Sep 26, 2024
Open
@KOTTAGENVH KOTTAGENVH mentioned this pull request Sep 27, 2024
Open
@DefenderK DefenderK mentioned this pull request Oct 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WikiRik WikiRik WikiRik approved these changes

@profnandaa profnandaa profnandaa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@meyfa @profnandaa @WikiRik