Merge pull request #108 from lidofinance/feature/si-1276-investigate-provenance-signature

[build]fix provenance config

Author: Jeday

.github/workflows/publish-alpha.yml

@@ -0,0 +1,43 @@
+name: Publish Beta version to registry
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: write # to be able to publish a GitHub release
+  issues: write # to be able to comment on released issues
+  id-token: write # to enable use of OIDC for npm provenance
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    environment: development
+    # restricts job to develop branch
+    if: github.ref == 'refs/heads/develop'
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'yarn'
+
+      - name: Install dependencies
+        run: yarn --frozen-lockfile
+
+      - name: Build
+        run: yarn build:packages
+
+      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+        run: yarn npm audit
+
+      - name: Publish Alpha
+        run: yarn multi-semantic-release --deps.bump=override --deps.release=patch --sequential-init
+        env:
+          NPM_CONFIG_PROVENANCE: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/publish.yml

@@ -38,13 +38,14 @@ jobs:
       - name: Authenticate in npm
         run: |
           echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc
-          echo "workspaces-update = false" >> .npmrc
-          echo "provenance = true" >> .npmrc
+          echo "workspaces-update=false" >> .npmrc
+          echo "provenance=true" >> .npmrc
         env:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: Publish
         run: yarn multi-semantic-release --deps.bump=override --deps.release=patch --sequential-init
         env:
+          NPM_CONFIG_PROVENANCE: true
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

package.json

@@ -25,7 +25,7 @@
     "@commitlint/config-conventional": "^17.7.0",
     "@lidofinance/eslint-config": "^0.35.0",
     "@next/eslint-plugin-next": "^14.0.1",
-    "@qiwi/multi-semantic-release": "6.7.0",
+    "@qiwi/multi-semantic-release": "7.1.1",
     "@typescript-eslint/eslint-plugin": "^5",
     "@typescript-eslint/parser": "^5.46.0",
     "eslint": "^8.46.0",
@@ -57,7 +57,12 @@
   ],
   "release": {
     "branches": [
-      "main"
+      "main",
+      {
+        "name": "develop",
+        "channel": "alpha",
+        "prerelease": "alpha"
+      }
     ]
   },
   "packageManager": "[email protected]",