Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add provenance to release.yml #227

Merged
merged 1 commit into from
Mar 19, 2025
Merged

chore: add provenance to release.yml #227

merged 1 commit into from
Mar 19, 2025

Conversation

mathiusj
Copy link
Contributor

@mathiusj mathiusj commented Mar 19, 2025
edited
Loading

Add npm provenance support to release workflow

https://docs.npmjs.com/generating-provenance-statements#using-third-party-package-publishing-tools

reference: lerna/lerna#3657 (comment)

What problem is this PR solving?

This PR adds npm provenance support to our release workflow. Provenance is a security feature that allows consumers of our packages to verify where they were built and published from, enhancing supply chain security. With this change, our published packages will include provenance attestations that link them back to our GitHub repository and CI process.

Reviewers' hat-rack 🎩

  • Please verify that the permissions and environment variable added to the workflow are correct
  • No code or package behavior changes are included in this PR, only CI configuration

Before requesting reviews

  • Added a changeset to document this improvement in the changelog

Before you deploy

  • This PR is safe to rollback - it only affects CI configuration and won't impact existing code
  • I tophatted this change on Storybook (N/A - CI configuration change only)

@mathiusj mathiusj requested a review from devisscher March 19, 2025 15:26
@mathiusj mathiusj force-pushed the mathiusj/add-provenance branch from cc35a32 to c6c2d34 Compare March 19, 2025 17:00
@mathiusj mathiusj requested a review from jonathanhamel4 March 19, 2025 17:16
@mathiusj mathiusj merged commit a4bf926 into main Mar 19, 2025
4 checks passed
@mathiusj mathiusj deleted the mathiusj/add-provenance branch March 19, 2025 17:26
@shopify-github-actions-access shopify-github-actions-access bot mentioned this pull request Mar 19, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devisscher devisscher devisscher approved these changes

@jonathanhamel4 jonathanhamel4 Awaiting requested review from jonathanhamel4

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mathiusj @devisscher