web/video.js
1
0
Fork 0
mirror of https://github.com/videojs/video.js.git synced 2025-01-19 10:54:16 +02:00
Code Releases Activity

Enable supply chain security through npm provenance attestation

Browse Source 
- Configure GitHub Actions workflow for secure publishing
- Enable automatic provenance generation during npm publish
- Add integrity verification through Sigstore transparency logs
This commit is contained in:
Jakub Pavlik 2024-11-07 17:05:45 +01:00
parent ecef37c1fc
commit 18c1183e94
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/release.yml vendored
View File

@ -11,6 +11,10 @@ jobs:
env: env:
NETLIFY_BASE: 'videojs-preview.netlify.app' NETLIFY_BASE: 'videojs-preview.netlify.app'
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # Required for provenance
packages: write # Required for publishing
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
@ -37,7 +41,7 @@ jobs:
# publish runs build for us via a prepublishOnly script # publish runs build for us via a prepublishOnly script
- name: npm release - name: npm release
run: npm publish --tag next run: npm publish --provenance --tag next
env: env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}