re-enable npm provenance again to test

Shopify · Jan 30, 2025 · 5f5a20a · 5f5a20a
1 parent 97f7586
commit 5f5a20a
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 20 deletions.
diff --git a/.github/workflows/changesets-back-fix.yml b/.github/workflows/changesets-back-fix.yml
@@ -16,10 +16,10 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'shopify'
     name: Back-fix changelog PR or Release
-    # permissions:
-    #   contents: write
-    #   pull-requests: write
-    #   id-token: write
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
     steps:
       - name: Checkout the code
         uses: actions/checkout@v4
@@ -54,4 +54,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          # NPM_CONFIG_PROVENANCE: true
+          NPM_CONFIG_PROVENANCE: true
diff --git a/.github/workflows/changesets.yml b/.github/workflows/changesets.yml
@@ -14,10 +14,10 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'shopify'
     name: Changelog PR or Release
-    # permissions:
-    #   contents: write
-    #   pull-requests: write
-    #   id-token: write
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
     outputs:
       published: ${{ steps.changesets.outputs.published }}
       # A JSON array to present the published packages. The format is [{"name": "@xx/xx", "version": "1.2.0"}, {"name": "@xx/xy", "version": "0.8.9"}]
@@ -67,7 +67,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          # NPM_CONFIG_PROVENANCE: true
+          NPM_CONFIG_PROVENANCE: true
 
   compile:
     needs: changelog

diff --git a/.github/workflows/next-release.yml b/.github/workflows/next-release.yml
@@ -11,10 +11,10 @@ jobs:
     runs-on: ubuntu-latest
     # don't run if a commit message with [ci] release is present. The release workflow will do the release
     if: github.repository_owner == 'shopify' && !startsWith(github.event.head_commit.message, '[ci] release')
-    # permissions:
-    #   contents: write
-    #   pull-requests: write
-    #   id-token: write
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
     outputs:
       NEXT_VERSION: ${{ steps.version.outputs.NEXT_VERSION }}
     steps:
@@ -64,7 +64,7 @@ jobs:
           npm run version:post
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # NPM_CONFIG_PROVENANCE: true
+          NPM_CONFIG_PROVENANCE: true
 
       - name: 🏗 Build
         if: steps.version.outputs.NEXT_VERSION

diff --git a/.github/workflows/snapit.yml b/.github/workflows/snapit.yml
@@ -10,10 +10,10 @@ jobs:
     name: Snapit
     if: ${{ github.event.issue.pull_request && github.event.comment.body == '/snapit' }}
     runs-on: ubuntu-latest
-    # permissions:
-    #   contents: write
-    #   pull-requests: write
-    #   id-token: write
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
     steps:
       # This action can be executed by users with write permission to this repo
       - name: Checkout current branch
@@ -32,4 +32,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          # NPM_CONFIG_PROVENANCE: true
+          NPM_CONFIG_PROVENANCE: true