From 164b3c80b2d03c4f151ee94b8b190b7eac893cd4 Mon Sep 17 00:00:00 2001
From: solufa <solufa2020@gmail.com>
Date: Thu, 14 Nov 2024 21:59:37 +0900
Subject: [PATCH] chore: publish to npm with provenance

---
 .github/workflows/nodejs.yml | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
index 28f4e1e..3d3ec8b 100644
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -4,15 +4,15 @@ on: [push, pull_request]
 
 jobs:
   test:
-    name: "Test on Node:${{ matrix.node-version }} OS:${{ matrix.os }}"
+    name: 'Test on Node:${{ matrix.node-version }} OS:${{ matrix.os }}'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        node-version: [18, 20]
+        node-version: [20, 22]
         os: [ubuntu-latest]
         include:
           - os: windows-latest
-            node-version: 20
+            node-version: 22
     steps:
       - uses: actions/checkout@v3
       - name: setup Node.js ${{ matrix.node-version }}
@@ -22,7 +22,7 @@ jobs:
       - uses: actions/cache@v2
         id: npm-cache
         with:
-          path: "node_modules"
+          path: 'node_modules'
           key: ${{ runner.os }}-node-v${{ matrix.node-version }}-npm-${{ hashFiles('package-lock.json') }}
       - run: npm install
         if: steps.npm-cache.outputs.cache-hit != 'true'
@@ -35,18 +35,21 @@ jobs:
   release:
     runs-on: ubuntu-latest
     needs: test
+    permissions:
+      contents: read
+      id-token: write
     if: startsWith(github.ref, 'refs/tags/v')
     steps:
       - uses: actions/checkout@v3
       - name: Use Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: 20
-          registry-url: "https://registry.npmjs.org"
+          node-version: 22
+          registry-url: 'https://registry.npmjs.org'
       - uses: actions/cache@v2
         id: npm-cache
         with:
-          path: "node_modules"
+          path: 'node_modules'
           key: ${{ runner.os }}-node-v20-npm-${{ hashFiles('package-lock.json') }}
       - run: npm install
         if: steps.npm-cache.outputs.cache-hit != 'true'
@@ -55,6 +58,6 @@ jobs:
           VERSION="$(node -e 'console.log(process.argv[1].match(/^refs\/tags\/v(\d+\.\d+\.\d+)$/)[1])' "${{ github.ref }}")"
           node -e 'console.log(JSON.stringify({...require("./package.json"),version:process.argv[1]}, null, 2))' "$VERSION" | tee ./tmp-package.json
           mv ./tmp-package.json ./package.json
-      - run: npm publish
+      - run: npm publish --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}