chore(npm): publish packages with provenance (#14344)

* chore(npm): publish packages with provenance * chore(npm): remove quotes from provenance value --------- Co-authored-by: Andrea N. Cardona <[email protected]>
carbon-design-system · Aug 1, 2023 · ab43bbc · ab43bbc
1 parent 35fc72f
commit ab43bbc
Show file tree

Hide file tree

Showing 33 changed files with 74 additions and 30 deletions.
diff --git a/.github/workflows/nightly-release.yml b/.github/workflows/nightly-release.yml
@@ -8,6 +8,10 @@ on:
 jobs:
   release:
     runs-on: macos-11
+    # Needed as recommended by npm docs on publishing with provenance https://docs.npmjs.com/generating-provenance-statements
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - uses: actions/checkout@main
       - name: Use Node.js 18.x

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,6 +13,10 @@ jobs:
     name: Create Release
     runs-on: ubuntu-latest
     timeout-minutes: 60
+    # Needed as recommended by npm docs on publishing with provenance https://docs.npmjs.com/generating-provenance-statements
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - uses: actions/checkout@v3
 

diff --git a/.github/workflows/v10-release.yml b/.github/workflows/v10-release.yml
@@ -11,6 +11,10 @@ jobs:
     name: Create Release
     runs-on: ubuntu-latest
     timeout-minutes: 60
+    # Needed as recommended by npm docs on publishing with provenance https://docs.npmjs.com/generating-provenance-statements
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - uses: actions/checkout@v3
 

diff --git a/config/browserslist-config-carbon/package.json b/config/browserslist-config-carbon/package.json
@@ -21,6 +21,7 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   }
 }
diff --git a/config/eslint-config-carbon/package.json b/config/eslint-config-carbon/package.json
@@ -26,7 +26,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "peerDependencies": {
     "eslint": "^8.0.0"

diff --git a/config/prettier-config-carbon/package.json b/config/prettier-config-carbon/package.json
@@ -18,7 +18,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "peerDependencies": {
     "prettier": "2.x"

diff --git a/config/stylelint-config-carbon/package.json b/config/stylelint-config-carbon/package.json
@@ -20,7 +20,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "peerDependencies": {
     "stylelint": "^15.0.0"

diff --git a/packages/carbon-components-react/package.json b/packages/carbon-components-react/package.json
@@ -27,7 +27,8 @@
     "components"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && node tasks/build-styles.js && node tasks/build.js",

diff --git a/packages/carbon-components/package.json b/packages/carbon-components/package.json
@@ -31,7 +31,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "node tasks/build-styles.js",

diff --git a/packages/cli-reporter/package.json b/packages/cli-reporter/package.json
@@ -20,7 +20,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "dependencies": {
     "chalk": "^4.1.1"

diff --git a/packages/cli/package.json b/packages/cli/package.json
@@ -20,7 +20,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "dependencies": {
     "@babel/core": "^7.18.2",

diff --git a/packages/cli/src/commands/sync/package.js b/packages/cli/src/commands/sync/package.js
@@ -85,6 +85,7 @@ function run({ packagePaths }) {
         if (!packageJson.private) {
           packageJson.publishConfig = {
             access: 'public',
+            provenance: 'true',
           };
         }
 

diff --git a/packages/colors/package.json b/packages/colors/package.json
@@ -29,7 +29,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonColors && node tasks/build.js && carbon-cli check \"scss/*.scss\"",

diff --git a/packages/elements/package.json b/packages/elements/package.json
@@ -28,7 +28,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonElements",

diff --git a/packages/feature-flags/package.json b/packages/feature-flags/package.json
@@ -25,7 +25,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && node tasks/build.js && rollup -c",

diff --git a/packages/grid/package.json b/packages/grid/package.json
@@ -25,7 +25,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && carbon-cli inline && carbon-cli check \"scss/*.scss\"",

diff --git a/packages/icon-build-helpers/package.json b/packages/icon-build-helpers/package.json
@@ -19,7 +19,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "devDependencies": {
     "@babel/core": "^7.18.2",

diff --git a/packages/icon-helpers/package.json b/packages/icon-helpers/package.json
@@ -26,7 +26,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonIconHelpers",

diff --git a/packages/icons-react/package.json b/packages/icons-react/package.json
@@ -25,7 +25,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && node tasks/build.js",

diff --git a/packages/icons-vue/package.json b/packages/icons-vue/package.json
@@ -21,7 +21,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && node tasks/build.js",

diff --git a/packages/icons/package.json b/packages/icons/package.json
@@ -29,7 +29,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && node tasks/build.js",

diff --git a/packages/layout/package.json b/packages/layout/package.json
@@ -21,7 +21,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonLayout && node tasks/build.js",

diff --git a/packages/motion/package.json b/packages/motion/package.json
@@ -21,7 +21,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonMotion",

diff --git a/packages/pictograms-react/package.json b/packages/pictograms-react/package.json
@@ -26,7 +26,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && node tasks/build.js",

diff --git a/packages/pictograms/package.json b/packages/pictograms/package.json
@@ -22,7 +22,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && node tasks/build.js",

diff --git a/packages/react/package.json b/packages/react/package.json
@@ -28,7 +28,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && node tasks/build-styles.js && node tasks/build.js",

diff --git a/packages/scss-generator/package.json b/packages/scss-generator/package.json
@@ -20,7 +20,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "dependencies": {
     "prettier": "^2.8.8"

diff --git a/packages/styles/package.json b/packages/styles/package.json
@@ -22,7 +22,8 @@
     "index.scss"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && node tasks/build-css.js",

diff --git a/packages/test-utils/package.json b/packages/test-utils/package.json
@@ -19,7 +19,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "peerDependencies": {
     "react-dom": "^16.9.0 || ^17.0.1"

diff --git a/packages/themes/package.json b/packages/themes/package.json
@@ -21,7 +21,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "ci-check": "carbon-cli check \"scss/**/*.scss\" -i \"**/generated/**\" -i \"**/compat/**\"",

diff --git a/packages/type/package.json b/packages/type/package.json
@@ -30,7 +30,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonType && carbon-cli check \"scss/*.scss\"",

diff --git a/packages/upgrade/package.json b/packages/upgrade/package.json
@@ -28,7 +28,8 @@
     "react"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "esbuild src/cli.js --bundle --platform=node --outfile=cli.js --target=node14 --external:jscodeshift",

diff --git a/tasks/sync.js b/tasks/sync.js
@@ -9,10 +9,11 @@
 
 const fs = require('fs-extra');
 const path = require('path');
-const prettier = require('prettier');
-const lerna = require('../lerna.json');
+const prettier = require('prettier'); //eslint-disable-line no-unused-vars
+const lerna = require('../lerna.json'); //eslint-disable-line no-unused-vars
 const packageJson = require('../package.json');
 
+//eslint-disable-next-line no-unused-vars
 const prettierOptions = {
   ...packageJson.prettier,
   parser: 'markdown',
@@ -101,6 +102,7 @@ async function sync() {
       file.license = 'Apache-2.0';
       file.publishConfig = {
         access: 'public',
+        provenance: 'true',
       };
 
       if (Array.isArray(file.keywords)) {
@@ -143,6 +145,7 @@ async function sync() {
     '**/tasks/**',
   ];
   await Promise.all(
+    //eslint-disable-next-line no-unused-vars
     packages.map(async ({ packageJson, packagePath }) => {
       const ignorePath = path.join(packagePath, '.npmignore');
       const ignorePatterns = [...defaultIgnorePatterns];