From b4fc17994faefa8499f3bf0e74d0d10d5224a61f Mon Sep 17 00:00:00 2001
From: Lucas Holmquist <lholmqui@redhat.com>
Date: Mon, 3 Jul 2023 14:17:04 -0400
Subject: [PATCH] chore: add the provenance flag when publishing to npm

* This also splits the GH release and npm publish workflows

Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
---
 .github/workflows/publish-to-npm.yml | 21 +++++++++++++++++++++
 .github/workflows/release-please.yml | 18 +-----------------
 2 files changed, 22 insertions(+), 17 deletions(-)
 create mode 100644 .github/workflows/publish-to-npm.yml

diff --git a/.github/workflows/publish-to-npm.yml b/.github/workflows/publish-to-npm.yml
new file mode 100644
index 00000000..838c16f9
--- /dev/null
+++ b/.github/workflows/publish-to-npm.yml
@@ -0,0 +1,21 @@
+name: Publish to npmjs
+on:
+ release:
+   types: [created]
+jobs:
+ build:
+   runs-on: ubuntu-latest
+   permissions:
+     contents: read
+     id-token: write
+   steps:
+     - uses: actions/checkout@v3
+     - uses: actions/setup-node@v3
+       with:
+         node-version: '18.x'
+         registry-url: 'https://registry.npmjs.org'
+     - run: npm install -g npm
+     - run: npm ci
+     - run: npm publish --provenance --access public
+       env:
+         NODE_AUTH_TOKEN: ${{ secrets.CLOUDEVENTS_PUBLISH }}
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index 680c6523..e588b676 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -10,23 +10,7 @@ jobs:
       - uses: GoogleCloudPlatform/release-please-action@v3
         id: release
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.CLOUDEVENTS_RELEASES_TOKEN }}
           release-type: node
           package-name: cloudevents
           changelog-types: '[{"type":"feat","section":"Features","hidden":false},{"type":"fix","section":"Bug Fixes","hidden":false},{"type":"docs","section":"Documentation","hidden":false},{"type":"chore","section":"Miscellaneous","hidden":false},{"type":"src","section":"Miscellaneous","hidden":false},{"type":"style","section":"Miscellaneous","hidden":false},{"type":"refactor","section":"Miscellaneous","hidden":false},{"type":"perf","section":"Performance","hidden":false},{"type":"test","section":"Tests","hidden":false}]'
-
-      - uses: actions/checkout@v3
-        if: ${{ steps.release.outputs.release_created }}
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-          registry-url: 'https://registry.npmjs.org'
-        if: ${{ steps.release.outputs.release_created }}
-      - run: npm ci
-        if: ${{ steps.release.outputs.release_created }}
-      - run: npm test
-        if: ${{ steps.release.outputs.release_created }}
-      - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.CLOUDEVENTS_PUBLISH}}
-        if: ${{ steps.release.outputs.release_created }}
\ No newline at end of file