reinink
commented
7 months ago Thanks for this!
Closed saibotk closed 7 months ago
reinink
commented
7 months ago Thanks for this!
reinink
commented
7 months ago Oh and feel free to submit a subsequent PR to add a standard release workflow 👍
This commit adds provenance for insider packages. See the NPM documentation 0.
Note: This will only affect the insiders build, because the normal package is sadly not being built within a workflow. Should we add that too here or rather in another PR/later?
Provenance will allow people to verify that the packages were actually built on GH Actions and with the content of the corresponding commit. This will help with supply chain security.
For this to work, the
id-tokenpermission was added only where necessary.