From 2b01e9c827647beac42be3c36310593233efae09 Mon Sep 17 00:00:00 2001
From: kitsuyui <kitsuyui@kitsuyui.com>
Date: Thu, 9 Jan 2025 23:21:11 +0900
Subject: [PATCH] Set up provenance

https://docs.npmjs.com/generating-provenance-statements
This may not work properly because of the dynamic versioning of the package.json file.

But I try it anyway.
---
 .github/workflows/release.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index be04e11..20bd366 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,6 +13,10 @@ jobs:
 
     continue-on-error: true
 
+    permissions:
+      contents: read
+      id-token: write
+
     steps:
       - uses: actions/checkout@v4
 
@@ -33,6 +37,9 @@ jobs:
 
       - name: set git tag version
         run: |
+          # https://docs.npmjs.com/generating-provenance-statements
+          # This may not work properly. dynamic versioning may cause a problem.
+          export NPM_CONFIG_PROVENANCE=true
           git config user.email "dummy@dummy"
           git config user.name "dummy"
           pnpm version from-git --allow-same-version --no-git-tag-version -ws || true