From e023fe8535c73c5b01837a114d6336c409e2ab17 Mon Sep 17 00:00:00 2001
From: Mark <mark@remarkablemark.org>
Date: Wed, 28 Aug 2024 15:08:39 -0400
Subject: [PATCH] ci(github): publish package to npm registry with provenance

https://docs.npmjs.com/generating-provenance-statements

Release-As: 5.0.10
---
 .../{release.yml => release-please.yml}          | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)
 rename .github/workflows/{release.yml => release-please.yml} (74%)

diff --git a/.github/workflows/release.yml b/.github/workflows/release-please.yml
similarity index 74%
rename from .github/workflows/release.yml
rename to .github/workflows/release-please.yml
index f4805a62..e2b515f9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release-please.yml
@@ -1,4 +1,4 @@
-name: release
+name: release-please
 on:
   push:
     branches:
@@ -12,14 +12,17 @@ jobs:
 
     steps:
       - name: Release Please
-        uses: google-github-actions/release-please-action@v4
+        uses: googleapis/release-please-action@v4
+        id: release
         with:
           release-type: node
-        id: release
 
   publish:
-    needs: release-please
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    needs: release-please
     if: ${{ needs.release-please.outputs.release_created }}
 
     steps:
@@ -29,12 +32,13 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v4
         with:
+          node-version-file: .nvmrc
           registry-url: https://registry.npmjs.org
 
       - name: Install dependencies
-        run: npm ci
+        run: npm ci --prefer-offline
 
       - name: Publish
-        run: npm publish
+        run: npm publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}