From 55a64c67f1ab8463e33b511e749e48e9c4cd537d Mon Sep 17 00:00:00 2001
From: Alex Potsides <alex@achingbrain.net>
Date: Tue, 5 Dec 2023 10:43:34 +0000
Subject: [PATCH] chore: publish with npm provenance (#321)

To guard against supply chain attacks, publish with provenance.

Refs:
- https://github.blog/2023-04-19-introducing-npm-package-provenance/
- https://docs.npmjs.com/generating-provenance-statements
---
 .github/workflows/main.yml      | 8 ++++++--
 .release-please.json            | 1 -
 packages/helia/package.json     | 4 ++++
 packages/interface/package.json | 4 ++++
 packages/interop/package.json   | 4 ++++
 5 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index a389b6148..5c6dc2a9b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -168,11 +168,15 @@ jobs:
       test-electron-renderer
     ]
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    permissions:
+      contents: write
+      id-token: write
+      pull-requests: write
     steps:
-      - uses: GoogleCloudPlatform/release-please-action@v2
+      - uses: google-github-actions/release-please-action@v3
         id: release
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.UCI_GITHUB_TOKEN || github.token }}
           command: manifest
           release-type: node
           manifest-file: .release-please-manifest.json
diff --git a/.release-please.json b/.release-please.json
index 8d7205414..35bf765b9 100644
--- a/.release-please.json
+++ b/.release-please.json
@@ -1,6 +1,5 @@
 {
   "plugins": ["node-workspace"],
-  "group-pull-request-title-pattern": "chore: release ${component}",
   "packages": {
     "packages/helia": {},
     "packages/interface": {},
diff --git a/packages/helia/package.json b/packages/helia/package.json
index 9e81adaad..1360dc117 100644
--- a/packages/helia/package.json
+++ b/packages/helia/package.json
@@ -11,6 +11,10 @@
   "bugs": {
     "url": "https://github.com/ipfs/helia/issues"
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "keywords": [
     "IPFS"
   ],
diff --git a/packages/interface/package.json b/packages/interface/package.json
index 9a84e25cc..37886acc4 100644
--- a/packages/interface/package.json
+++ b/packages/interface/package.json
@@ -11,6 +11,10 @@
   "bugs": {
     "url": "https://github.com/ipfs/helia/issues"
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "keywords": [
     "IPFS"
   ],
diff --git a/packages/interop/package.json b/packages/interop/package.json
index fcff4f85c..6b6a73af5 100644
--- a/packages/interop/package.json
+++ b/packages/interop/package.json
@@ -11,6 +11,10 @@
   "bugs": {
     "url": "https://github.com/ipfs/helia/issues"
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "keywords": [
     "IPFS"
   ],