From bc273671b70f318792742fde3c3f9114d4350046 Mon Sep 17 00:00:00 2001
From: LitoMore <LitoMore@users.noreply.github.com>
Date: Sun, 22 Dec 2024 00:01:15 +0800
Subject: [PATCH] Generate provenance statements when publishing (#220)

---
 .github/workflows/publish.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index f409da7..03ec0a9 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -9,6 +9,8 @@ jobs:
   npm:
     name: NPM Package
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -34,6 +36,7 @@ jobs:
         uses: JS-DevTools/npm-publish@v3
         with:
           token: ${{ secrets.NPM_TOKEN }}
+          provenance: true
   github:
     name: GitHub release
     runs-on: ubuntu-latest