Fix provenance

Author: jdalton

.github/workflows/provenance.yml

@@ -11,6 +11,7 @@ on:
         options:
           - '0'
           - '1'
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -21,29 +22,53 @@ jobs:
 
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: SocketDev/socket-registry/.github/actions/setup@main
+      - uses: SocketDev/socket-registry/.github/actions/setup@797e90f4f82ac089a308acdc434d2027c2cd7d5d
         with:
           scope: '@socketsecurity'
       - run: pnpm install
-      - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist
-      - run: pnpm publish --provenance --access public --no-git-checks
+
+      - name: Ensure npm version 11.5.1+ for trusted publishing
+        run: |
+          NPM_VERSION=$(npm --version)
+          echo "Current npm version: $NPM_VERSION"
+          # Check if npm version is >= 11.5.1
+          if ! npx --yes semver "$NPM_VERSION" -r ">=11.5.1"; then
+            echo "Installing npm 11.5.1+ for trusted publishing..."
+            npm install -g npm@latest
+            echo "Updated npm version: $(npm --version)"
+          else
+            echo "npm version $NPM_VERSION meets the 11.5.1+ requirement for trusted publishing"
+          fi
+
+      # Build and publish 'socket' package (default).
+      - name: Build socket package
+        run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist
+        env:
+          SOCKET_CLI_DEBUG: ${{ inputs.debug }}
+      - name: Publish socket package
+        run: cd dist && npm publish --access public --no-git-checks
         continue-on-error: true
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
           SOCKET_CLI_DEBUG: ${{ inputs.debug }}
-      - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_LEGACY_BUILD=1 pnpm run build:dist
+
+      # Build and publish '@socketsecurity/cli' package (legacy).
+      - name: Build @socketsecurity/cli package
+        run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_LEGACY_BUILD=1 pnpm run build:dist
         env:
           SOCKET_CLI_DEBUG: ${{ inputs.debug }}
-      - run: pnpm publish --provenance --access public --no-git-checks
+      - name: Publish @socketsecurity/cli package
+        run: cd dist && npm publish --access public --no-git-checks
         continue-on-error: true
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
           SOCKET_CLI_DEBUG: ${{ inputs.debug }}
-      - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_SENTRY_BUILD=1 pnpm run build:dist
+
+      # Build and publish '@socketsecurity/cli-with-sentry' package.
+      - name: Build @socketsecurity/cli-with-sentry package
+        run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_SENTRY_BUILD=1 pnpm run build:dist
         env:
           SOCKET_CLI_DEBUG: ${{ inputs.debug }}
-      - run: pnpm publish --provenance --access public --no-git-checks
+      - name: Publish @socketsecurity/cli-with-sentry package
+        run: cd dist && npm publish --access public --no-git-checks
         continue-on-error: true
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
           SOCKET_CLI_DEBUG: ${{ inputs.debug }}