tailwindcss-typography icon indicating copy to clipboard operation
tailwindcss-typography copied to clipboard

Published 20 hours ago verified publisher icon tailwindlabs

ci: add provenance to insider packages

Open saibotk opened this issue 1 year ago • 1 comments

This commit adds provenance for insider packages. See the NPM documentation 0.

Note: This will only affect the insiders build, because the normal package is sadly not being built within a workflow. Should we add that too here or rather in another PR/later?

Provenance will allow people to verify that the packages were actually built on GH Actions and with the content of the corresponding commit. This will help with supply chain security.

For this to work, the id-token permission was added only where necessary.

saibotk avatar Mar 06 '24 01:03 saibotk

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
tailwindcss-typography ✅ Ready (Inspect) Visit Preview 💬 Add feedback Mar 6, 2024 1:41am

vercel[bot] avatar Mar 06 '24 01:03 vercel[bot]

Thanks! And feel free to submit a subsequent PR to add a standard release workflow 👍

reinink avatar Mar 22 '24 17:03 reinink