publish-with-provenance #64

	name: publish-with-provenance
	on:
	workflow_dispatch:
	inputs:
	cli_version:
	description: 'npm CLI version to install'
	required: true
	default: 'latest'
	type: string

	jobs:
	debug:
	permissions:
	actions: read
	id-token: write
	contents: read
	uses: bdehamer/workflows/.github/workflows/oidc-dump.yml@main
	publish:
	runs-on: 'ubuntu-latest'
	permissions:
	contents: read
	id-token: write
	steps:
	- name: Checkout source
	uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3
	- name: Setup node
	uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # v3
	with:
	node-version: 22
	registry-url: 'https://registry.npmjs.com'
	check-latest: true
	- name: Bump package versions
	run: \|
	sed -i "s/1.0.0/1.0.0-${GITHUB_RUN_ID}.${GITHUB_RUN_ATTEMPT}/" "package.json"
	- name: Publish package
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN_PRODUCTION }}
	run: \|
	npm install -g npm@${{ github.event.inputs.cli_version }}
	npm install
	npm publish --provenance --access public
	- uses: actions/upload-artifact@v3
	with:
	name: package.tgz
	path: ./*.tgz

Provide feedback