From ab43bbc64457c8ba8c86e4a79fb1fbd1fea4875e Mon Sep 17 00:00:00 2001 From: Taylor Jones Date: Tue, 1 Aug 2023 09:32:53 -0500 Subject: [PATCH] chore(npm): publish packages with provenance (#14344) * chore(npm): publish packages with provenance * chore(npm): remove quotes from provenance value --------- Co-authored-by: Andrea N. Cardona --- .github/workflows/nightly-release.yml | 4 ++++ .github/workflows/release.yml | 4 ++++ .github/workflows/v10-release.yml | 4 ++++ config/browserslist-config-carbon/package.json | 3 ++- config/eslint-config-carbon/package.json | 3 ++- config/prettier-config-carbon/package.json | 3 ++- config/stylelint-config-carbon/package.json | 3 ++- packages/carbon-components-react/package.json | 3 ++- packages/carbon-components/package.json | 3 ++- packages/cli-reporter/package.json | 3 ++- packages/cli/package.json | 3 ++- packages/cli/src/commands/sync/package.js | 1 + packages/colors/package.json | 3 ++- packages/elements/package.json | 3 ++- packages/feature-flags/package.json | 3 ++- packages/grid/package.json | 3 ++- packages/icon-build-helpers/package.json | 3 ++- packages/icon-helpers/package.json | 3 ++- packages/icons-react/package.json | 3 ++- packages/icons-vue/package.json | 3 ++- packages/icons/package.json | 3 ++- packages/layout/package.json | 3 ++- packages/motion/package.json | 3 ++- packages/pictograms-react/package.json | 3 ++- packages/pictograms/package.json | 3 ++- packages/react/package.json | 3 ++- packages/scss-generator/package.json | 3 ++- packages/styles/package.json | 3 ++- packages/test-utils/package.json | 3 ++- packages/themes/package.json | 3 ++- packages/type/package.json | 3 ++- packages/upgrade/package.json | 3 ++- tasks/sync.js | 7 +++++-- 33 files changed, 74 insertions(+), 30 deletions(-) diff --git a/.github/workflows/nightly-release.yml b/.github/workflows/nightly-release.yml index 809bd94aabd0..2df9fe49463b 100644 --- a/.github/workflows/nightly-release.yml +++ b/.github/workflows/nightly-release.yml @@ -8,6 +8,10 @@ on: jobs: release: runs-on: macos-11 + # Needed as recommended by npm docs on publishing with provenance https://docs.npmjs.com/generating-provenance-statements + permissions: + id-token: write + contents: write steps: - uses: actions/checkout@main - name: Use Node.js 18.x diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 42056c642d2a..629bd59bae77 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,6 +13,10 @@ jobs: name: Create Release runs-on: ubuntu-latest timeout-minutes: 60 + # Needed as recommended by npm docs on publishing with provenance https://docs.npmjs.com/generating-provenance-statements + permissions: + id-token: write + contents: write steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/v10-release.yml b/.github/workflows/v10-release.yml index f4ec093d1563..b3b8d7cf36ff 100644 --- a/.github/workflows/v10-release.yml +++ b/.github/workflows/v10-release.yml @@ -11,6 +11,10 @@ jobs: name: Create Release runs-on: ubuntu-latest timeout-minutes: 60 + # Needed as recommended by npm docs on publishing with provenance https://docs.npmjs.com/generating-provenance-statements + permissions: + id-token: write + contents: write steps: - uses: actions/checkout@v3 diff --git a/config/browserslist-config-carbon/package.json b/config/browserslist-config-carbon/package.json index 7aa17017c341..0cbeec4a1769 100644 --- a/config/browserslist-config-carbon/package.json +++ b/config/browserslist-config-carbon/package.json @@ -21,6 +21,7 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true } } diff --git a/config/eslint-config-carbon/package.json b/config/eslint-config-carbon/package.json index fc12e5fe02f1..4d694d5d7528 100644 --- a/config/eslint-config-carbon/package.json +++ b/config/eslint-config-carbon/package.json @@ -26,7 +26,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "peerDependencies": { "eslint": "^8.0.0" diff --git a/config/prettier-config-carbon/package.json b/config/prettier-config-carbon/package.json index d86224b4f162..7de71727efb0 100644 --- a/config/prettier-config-carbon/package.json +++ b/config/prettier-config-carbon/package.json @@ -18,7 +18,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "peerDependencies": { "prettier": "2.x" diff --git a/config/stylelint-config-carbon/package.json b/config/stylelint-config-carbon/package.json index 48375397fb0d..c4e7f6c13d58 100644 --- a/config/stylelint-config-carbon/package.json +++ b/config/stylelint-config-carbon/package.json @@ -20,7 +20,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "peerDependencies": { "stylelint": "^15.0.0" diff --git a/packages/carbon-components-react/package.json b/packages/carbon-components-react/package.json index c6571ecfcc99..1fee8da81ab7 100644 --- a/packages/carbon-components-react/package.json +++ b/packages/carbon-components-react/package.json @@ -27,7 +27,8 @@ "components" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && node tasks/build-styles.js && node tasks/build.js", diff --git a/packages/carbon-components/package.json b/packages/carbon-components/package.json index 5ba10a70ca24..8f6345d69968 100644 --- a/packages/carbon-components/package.json +++ b/packages/carbon-components/package.json @@ -31,7 +31,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "node tasks/build-styles.js", diff --git a/packages/cli-reporter/package.json b/packages/cli-reporter/package.json index 3784d07f6788..dc65aed7ad80 100644 --- a/packages/cli-reporter/package.json +++ b/packages/cli-reporter/package.json @@ -20,7 +20,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "dependencies": { "chalk": "^4.1.1" diff --git a/packages/cli/package.json b/packages/cli/package.json index d1d669030757..21a2e5ba1995 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -20,7 +20,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "dependencies": { "@babel/core": "^7.18.2", diff --git a/packages/cli/src/commands/sync/package.js b/packages/cli/src/commands/sync/package.js index 1a2d21f91a46..a75c05b6e527 100644 --- a/packages/cli/src/commands/sync/package.js +++ b/packages/cli/src/commands/sync/package.js @@ -85,6 +85,7 @@ function run({ packagePaths }) { if (!packageJson.private) { packageJson.publishConfig = { access: 'public', + provenance: 'true', }; } diff --git a/packages/colors/package.json b/packages/colors/package.json index abb6fdc0ccbd..3affbe5cf2fc 100644 --- a/packages/colors/package.json +++ b/packages/colors/package.json @@ -29,7 +29,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonColors && node tasks/build.js && carbon-cli check \"scss/*.scss\"", diff --git a/packages/elements/package.json b/packages/elements/package.json index 39e21ddd0e17..0a732a466b1f 100644 --- a/packages/elements/package.json +++ b/packages/elements/package.json @@ -28,7 +28,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonElements", diff --git a/packages/feature-flags/package.json b/packages/feature-flags/package.json index 3ede096f5f64..dc2478bdb302 100644 --- a/packages/feature-flags/package.json +++ b/packages/feature-flags/package.json @@ -25,7 +25,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && node tasks/build.js && rollup -c", diff --git a/packages/grid/package.json b/packages/grid/package.json index c5105d800000..f8d5db1a37d3 100644 --- a/packages/grid/package.json +++ b/packages/grid/package.json @@ -25,7 +25,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && carbon-cli inline && carbon-cli check \"scss/*.scss\"", diff --git a/packages/icon-build-helpers/package.json b/packages/icon-build-helpers/package.json index 69872b5826d7..f2a5ed157358 100644 --- a/packages/icon-build-helpers/package.json +++ b/packages/icon-build-helpers/package.json @@ -19,7 +19,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "devDependencies": { "@babel/core": "^7.18.2", diff --git a/packages/icon-helpers/package.json b/packages/icon-helpers/package.json index 0b2f29f9511d..8385d8a2a73a 100644 --- a/packages/icon-helpers/package.json +++ b/packages/icon-helpers/package.json @@ -26,7 +26,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonIconHelpers", diff --git a/packages/icons-react/package.json b/packages/icons-react/package.json index afd37bf3f18b..f3737191b598 100644 --- a/packages/icons-react/package.json +++ b/packages/icons-react/package.json @@ -25,7 +25,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && node tasks/build.js", diff --git a/packages/icons-vue/package.json b/packages/icons-vue/package.json index 8f8c32a22e7b..8dbeb222dac2 100644 --- a/packages/icons-vue/package.json +++ b/packages/icons-vue/package.json @@ -21,7 +21,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && node tasks/build.js", diff --git a/packages/icons/package.json b/packages/icons/package.json index 6b162f791257..ff4898a71957 100644 --- a/packages/icons/package.json +++ b/packages/icons/package.json @@ -29,7 +29,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && node tasks/build.js", diff --git a/packages/layout/package.json b/packages/layout/package.json index 873be89d4fc3..1e72967cfa75 100644 --- a/packages/layout/package.json +++ b/packages/layout/package.json @@ -21,7 +21,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonLayout && node tasks/build.js", diff --git a/packages/motion/package.json b/packages/motion/package.json index e712c69083f2..fb918d985840 100644 --- a/packages/motion/package.json +++ b/packages/motion/package.json @@ -21,7 +21,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonMotion", diff --git a/packages/pictograms-react/package.json b/packages/pictograms-react/package.json index 90a331d65997..154dfd9abb72 100644 --- a/packages/pictograms-react/package.json +++ b/packages/pictograms-react/package.json @@ -26,7 +26,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && node tasks/build.js", diff --git a/packages/pictograms/package.json b/packages/pictograms/package.json index 45ea33ab5a59..b4abc3722550 100644 --- a/packages/pictograms/package.json +++ b/packages/pictograms/package.json @@ -22,7 +22,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && node tasks/build.js", diff --git a/packages/react/package.json b/packages/react/package.json index f80bf2123d87..84756638c099 100644 --- a/packages/react/package.json +++ b/packages/react/package.json @@ -28,7 +28,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && node tasks/build-styles.js && node tasks/build.js", diff --git a/packages/scss-generator/package.json b/packages/scss-generator/package.json index b857ae4502d6..c27424a7b491 100644 --- a/packages/scss-generator/package.json +++ b/packages/scss-generator/package.json @@ -20,7 +20,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "dependencies": { "prettier": "^2.8.8" diff --git a/packages/styles/package.json b/packages/styles/package.json index a7e6ae99d45f..75721981374c 100644 --- a/packages/styles/package.json +++ b/packages/styles/package.json @@ -22,7 +22,8 @@ "index.scss" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && node tasks/build-css.js", diff --git a/packages/test-utils/package.json b/packages/test-utils/package.json index 645ce56d5f01..f1696caefbbb 100644 --- a/packages/test-utils/package.json +++ b/packages/test-utils/package.json @@ -19,7 +19,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "peerDependencies": { "react-dom": "^16.9.0 || ^17.0.1" diff --git a/packages/themes/package.json b/packages/themes/package.json index 88be7f7ee91b..12465a20ca50 100644 --- a/packages/themes/package.json +++ b/packages/themes/package.json @@ -21,7 +21,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "ci-check": "carbon-cli check \"scss/**/*.scss\" -i \"**/generated/**\" -i \"**/compat/**\"", diff --git a/packages/type/package.json b/packages/type/package.json index 4775b3bc5787..6c040268df46 100644 --- a/packages/type/package.json +++ b/packages/type/package.json @@ -30,7 +30,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "yarn clean && carbon-cli bundle src/index.js --name CarbonType && carbon-cli check \"scss/*.scss\"", diff --git a/packages/upgrade/package.json b/packages/upgrade/package.json index bf7f2af1adfe..e59b1bdaa55c 100644 --- a/packages/upgrade/package.json +++ b/packages/upgrade/package.json @@ -28,7 +28,8 @@ "react" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "build": "esbuild src/cli.js --bundle --platform=node --outfile=cli.js --target=node14 --external:jscodeshift", diff --git a/tasks/sync.js b/tasks/sync.js index 9f0905678d0e..174b20f86a16 100644 --- a/tasks/sync.js +++ b/tasks/sync.js @@ -9,10 +9,11 @@ const fs = require('fs-extra'); const path = require('path'); -const prettier = require('prettier'); -const lerna = require('../lerna.json'); +const prettier = require('prettier'); //eslint-disable-line no-unused-vars +const lerna = require('../lerna.json'); //eslint-disable-line no-unused-vars const packageJson = require('../package.json'); +//eslint-disable-next-line no-unused-vars const prettierOptions = { ...packageJson.prettier, parser: 'markdown', @@ -101,6 +102,7 @@ async function sync() { file.license = 'Apache-2.0'; file.publishConfig = { access: 'public', + provenance: 'true', }; if (Array.isArray(file.keywords)) { @@ -143,6 +145,7 @@ async function sync() { '**/tasks/**', ]; await Promise.all( + //eslint-disable-next-line no-unused-vars packages.map(async ({ packageJson, packagePath }) => { const ignorePath = path.join(packagePath, '.npmignore'); const ignorePatterns = [...defaultIgnorePatterns];