From bfe8ba362bbd11ed274bfffab68aefe93fc80a10 Mon Sep 17 00:00:00 2001
From: LitoMore <litomore@gmail.com>
Date: Sat, 21 Dec 2024 16:31:13 +0800
Subject: [PATCH 1/2] Generate provenance statements when publishing

---
 .github/workflows/publish.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index f409da7..6117de7 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -9,6 +9,8 @@ jobs:
   npm:
     name: NPM Package
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -34,6 +36,8 @@ jobs:
         uses: JS-DevTools/npm-publish@v3
         with:
           token: ${{ secrets.NPM_TOKEN }}
+          provenance: true
+          access: public
   github:
     name: GitHub release
     runs-on: ubuntu-latest

From 8ab0911bfc1419c0cfb0558692f007198cfb58f9 Mon Sep 17 00:00:00 2001
From: LitoMore <LitoMore@users.noreply.github.com>
Date: Sat, 21 Dec 2024 23:22:16 +0800
Subject: [PATCH 2/2] Remove `access: public`

---
 .github/workflows/publish.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 6117de7..03ec0a9 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -37,7 +37,6 @@ jobs:
         with:
           token: ${{ secrets.NPM_TOKEN }}
           provenance: true
-          access: public
   github:
     name: GitHub release
     runs-on: ubuntu-latest