Merge pull request #334 from github/dg/publish-provenance

Publish to npm with provenance

Author: dgreif

.github/workflows/publish.yml

@@ -4,6 +4,10 @@ on:
   release:
     types: [created]
 
+permissions:
+  contents: read
+  id-token: write # for provenance and publish access
+
 jobs:
   publish-npm:
     runs-on: ubuntu-latest
@@ -21,6 +25,4 @@ jobs:
       - run: npm version ${TAG_NAME} --git-tag-version=false
         env:
           TAG_NAME: ${{ github.event.release.tag_name }}
-      - run: npm whoami; npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.npm_token}}
+      - run: npm publish --provenance