mirror of
https://github.com/mozilla/pdf.js.git
synced 2025-04-19 06:38:07 +02:00
Generate provenance statements on npm publish
This PR adds [Provenance statements](https://docs.npmjs.com/generating-provenance-statements) on `npm publish`, increasing supply-chain security.
This commit is contained in:
Wojciech Maj
parent
b5d554e1b4
commit
aaa65bf3fc
1 changed files with 2 additions and 1 deletions
3
.github/workflows/publish_release.yml
vendored
3
.github/workflows/publish_release.yml
vendored
|
|
@ -4,6 +4,7 @@ on:
|
|||
types: [published]
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
|
||||
jobs:
|
||||
publish:
|
||||
|
|
@ -33,6 +34,6 @@ jobs:
|
|||
run: npx gulp dist
|
||||
|
||||
- name: Publish the `pdfjs-dist` library to NPM
|
||||
run: npm publish ./build/dist
|
||||
run: npm publish ./build/dist --provenance
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue