From 7819c3eb6d7ca75e4ce420e30f7e39bc780216dd Mon Sep 17 00:00:00 2001
From: Jovi De Croock <decroockjovi@gmail.com>
Date: Mon, 18 Mar 2024 17:43:23 +0100
Subject: [PATCH] automate publishing with provenance (#340)

---
 .github/workflows/release.yml | 13 ++++++++++++-
 package.json                  |  3 +++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 199e0a93..4cefe225 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,6 +9,14 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+      issues: write
+      repository-projects: write
+      deployments: write
+      packages: write
+      pull-requests: write
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v3
@@ -38,6 +46,9 @@ jobs:
         run: npm ci
 
       - name: Create Release Pull Request
-        uses: changesets/action@master
+        uses: changesets/action@1.4.6
+        with:
+          publish: npm run changeset publish
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/package.json b/package.json
index 5b07054a..38cbf1d7 100644
--- a/package.json
+++ b/package.json
@@ -149,5 +149,8 @@
 		"hooks": {
 			"pre-commit": "lint-staged"
 		}
+	},
+	"publishConfig": {
+		"provenance": true
 	}
 }