feat: add npm provenance (#398)

related to: netlify/pod-dev-foundations#490

Author: khendrikse

.github/workflows/pre-release.yml

@@ -7,6 +7,9 @@ on:
 jobs:
   prerelease:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
@@ -37,7 +40,7 @@ jobs:
         run: npm version ${{ steps.extract.outputs.version }}-${{ steps.extract.outputs.tag }}
       - name: Push changes
         run: git push --follow-tags
-      - name: Run npm publish
+      - name: Run npm publish --provenance
         run: npm publish --tag=${{ steps.extract.outputs.tag }}
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}

.github/workflows/release-please.yml

@@ -6,6 +6,10 @@ on:
 jobs:
   release-please:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
     steps:
       - uses: navikt/github-app-token-generator@a3831f44404199df32d8f39f7c0ad9bb8fa18b1c
         id: get-token
@@ -28,7 +32,7 @@ jobs:
           check-latest: true
           registry-url: 'https://registry.npmjs.org'
         if: ${{ steps.release.outputs.release_created }}
-      - run: npm publish
+      - run: npm publish --provenance
         if: ${{ steps.release.outputs.release_created }}
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}

package.json

@@ -43,7 +43,7 @@
   },
   "keywords": [],
   "license": "MIT",
-  "repository": "netlify/functions",
+  "repository": "https://github.com/netlify/functions",
   "bugs": {
     "url": "https://github.com/netlify/functions/issues"
   },