2024/06/24/bootstrapping-npm-provenance-github-actions

[utterances-bot]

Bootstrapping NPM Provenance with GitHub Actions

I’m putting my money where my mouth is. NPM provenance statements are great. Everyone should publish packages with a provenance statement. Including me.

https://www.thecandidstartup.org/2024/06/24/bootstrapping-npm-provenance-github-actions.html

[timwiegand]

I updated the conditions in the final NPM publish workflow. The properties available on workflow_run weren't what I thought they were which I only discovered the next time I created a new version.

Top tip: If you ever need to figure out what the actual runtime context is, try throwing this step into your workflow.

    steps: 
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: |
          echo "$GITHUB_CONTEXT"