test new attest for npmjs.com action

.github/workdflow/build.yaml

@@ -0,0 +1,40 @@
+name: SLSA Generator Custom NodeJS
+
+on:
+  workflow_dispatch:
+  push:
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup node
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+      - name: Build steps
+        run: |
+          echo "Building the project"
+          npm pack 
+      - name: Get npm package filename
+        id: package-info
+        run: |
+          PACKAGE_PATH=$(ls -1 *.tgz | head -n 1) # To be change with the action as input
+
+          pack_json=$(npm pack $PACKAGE_PATH --json | tee pack.json | jq -c)
+          jq <pack.json
+          
+          PACKAGE_FILENAME=$(echo "$pack_json" | jq -r '.[0].filename')
+          echo "PACKAGE_FILENAME=${PACKAGE_FILENAME}" >> $GITHUB_OUTPUT
+      - name: Attest for npmjs.com
+        uses: LedgerHQ/actions-security/actions/attest-for-npmsjs-com@feat-init-npmjs-com-action
+        with:
+          subject-path: ${{ steps.package-info.outputs.PACKAGE_FILENAME }}  
+
+
+
+

index.js

@@ -0,0 +1,2 @@
+// index.js
+console.log("Hello from examplepackage!");

package.json

@@ -0,0 +1,16 @@
+{
+    "name": "@ledgerhq/examplepackage12",
+    "version": "0.5.0",
+    "description": "An example npm package for demonstration purposes.",
+    "main": "index.js",
+    "scripts": {
+      "build": "npm pack && mkdir -p dist && mv *.tgz dist/",
+      "test": "echo 'Running tests...'"
+    },
+    "license": "MIT",
+    "repository": {
+      "type": "git",
+      "url": "https://github.com/AEnguerrand/npm-publish-slsa-two-steps"
+    }
+  }
+