From 6f9c9ae6bbff3f9c708e64bcb6614639c04d297d Mon Sep 17 00:00:00 2001 From: Enguerrand Allamel Date: Wed, 4 Dec 2024 15:49:03 +0100 Subject: [PATCH] add debug to list npm --- .github/workflows/slsa-generator-nodejs-custom.yaml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/slsa-generator-nodejs-custom.yaml b/.github/workflows/slsa-generator-nodejs-custom.yaml index 27bb29f..1bf9779 100644 --- a/.github/workflows/slsa-generator-nodejs-custom.yaml +++ b/.github/workflows/slsa-generator-nodejs-custom.yaml @@ -77,13 +77,21 @@ jobs: slsa-layout-file: artifacts-layout.json predicate-type: https://slsa.dev/provenance/v0.2 predicate-file: predicate.json - output-folder: toto + output-folder: attestations - name: Sign the attestation uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v2.0.0 with: payload-type: application/vnd.in-toto+json attestations: attestations - output-folder: attestations-signed + output-folder: attestations-signed + - run: ls -Rla + - name: Upload to npmjs.com + env: + TARBALL_PATH: ${{ steps.package-details.outputs.PACKAGE_FILENAME }} + PROVENANCE_PATH: "./attestations/${{ needs.build.outputs.provenance-download-name }}/${{ needs.build.outputs.provenance-name }}" + run: | + npm config set //registry.npmjs.org/:_authToken "${{ secrets.NPM_TOKEN }}" + npm publish "${TARBALL_PATH}" --access public --provenance-file="${PROVENANCE_PATH}"