From 2ac0496d6378e1ac124efc086b521a16a8f5a355 Mon Sep 17 00:00:00 2001
From: Maximilian Franzke <Maximilian.Franzke@deutschebahn.com>
Date: Mon, 16 Sep 2024 11:26:06 +0200
Subject: [PATCH 1/2] feat: generating provenance statements

---
 .github/scripts/publish-npm.sh            | 8 ++++----
 .github/workflows/03-publish-packages.yml | 2 ++
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/scripts/publish-npm.sh b/.github/scripts/publish-npm.sh
index 449d9b866d..5a2f9e55b4 100644
--- a/.github/scripts/publish-npm.sh
+++ b/.github/scripts/publish-npm.sh
@@ -57,8 +57,8 @@ do
     echo "Could not authenticate with $REGISTRY"
     exit 1
   fi
-  npm publish --tag "$TAG" db-ui-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz
-  npm publish --tag "$TAG" db-ui-ngx-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz
-  npm publish --tag "$TAG" db-ui-react-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz
-  npm publish --tag "$TAG" db-ui-v-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz
+  npm publish --tag "$TAG" db-ui-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance
+  npm publish --tag "$TAG" db-ui-ngx-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance
+  npm publish --tag "$TAG" db-ui-react-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance
+  npm publish --tag "$TAG" db-ui-v-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance
 done
diff --git a/.github/workflows/03-publish-packages.yml b/.github/workflows/03-publish-packages.yml
index 06bade1918..2a2618b441 100644
--- a/.github/workflows/03-publish-packages.yml
+++ b/.github/workflows/03-publish-packages.yml
@@ -24,6 +24,8 @@ jobs:
       fail-fast: false
       matrix:
         themes: [default, enterprise]
+    permissions:
+      id-token: write
     steps:
       - name: ⬇ Checkout repo
         uses: actions/checkout@v4

From c7ccbb5a357a2235336a84b6b1edb821a238e160 Mon Sep 17 00:00:00 2001
From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com>
Date: Mon, 16 Sep 2024 11:32:31 +0200
Subject: [PATCH 2/2] Update publish-npm.sh

---
 .github/scripts/publish-npm.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/scripts/publish-npm.sh b/.github/scripts/publish-npm.sh
index 5a2f9e55b4..bc86558440 100644
--- a/.github/scripts/publish-npm.sh
+++ b/.github/scripts/publish-npm.sh
@@ -57,6 +57,7 @@ do
     echo "Could not authenticate with $REGISTRY"
     exit 1
   fi
+  # https://docs.npmjs.com/generating-provenance-statements#example-github-actions-workflow
   npm publish --tag "$TAG" db-ui-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance
   npm publish --tag "$TAG" db-ui-ngx-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance
   npm publish --tag "$TAG" db-ui-react-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance