From 62ff0074d9a3f82e46f5c62db85c04d87ff5e931 Mon Sep 17 00:00:00 2001
From: HiDeoo
Date: Fri, 13 Dec 2024 14:34:12 +0100
Subject: Publish provenance for public packages (#2664)

---
 .changeset/sweet-poems-smoke.md | 8 ++++++++
 .github/workflows/release.yml   | 3 +++
 packages/docsearch/package.json | 3 +++
 packages/markdoc/package.json   | 3 +++
 packages/starlight/package.json | 3 +++
 packages/tailwind/package.json  | 3 +++
 6 files changed, 23 insertions(+)
 create mode 100644 .changeset/sweet-poems-smoke.md

diff --git a/.changeset/sweet-poems-smoke.md b/.changeset/sweet-poems-smoke.md
new file mode 100644
index 00000000..a4835124
--- /dev/null
+++ b/.changeset/sweet-poems-smoke.md
@@ -0,0 +1,8 @@
+---
+'@astrojs/starlight-docsearch': patch
+'@astrojs/starlight': patch
+'@astrojs/starlight-tailwind': patch
+'@astrojs/starlight-markdoc': patch
+---
+
+Publishes provenance containing verifiable data to link a package back to its source repository and the specific build instructions used to publish it.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fe406013..cdca8a2b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,6 +10,9 @@ jobs:
     name: Release
     if: ${{ github.repository_owner == 'withastro' }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v4
diff --git a/packages/docsearch/package.json b/packages/docsearch/package.json
index 389da579..e80bc275 100644
--- a/packages/docsearch/package.json
+++ b/packages/docsearch/package.json
@@ -33,5 +33,8 @@
   },
   "devDependencies": {
     "@astrojs/starlight": "workspace:*"
+  },
+  "publishConfig": {
+    "provenance": true
   }
 }
diff --git a/packages/markdoc/package.json b/packages/markdoc/package.json
index f1c4298b..0218a059 100644
--- a/packages/markdoc/package.json
+++ b/packages/markdoc/package.json
@@ -24,5 +24,8 @@
   "peerDependencies": {
     "@astrojs/markdoc": "^0.11.4",
     "@astrojs/starlight": ">=0.23.0"
+  },
+  "publishConfig": {
+    "provenance": true
   }
 }
diff --git a/packages/starlight/package.json b/packages/starlight/package.json
index ea30d750..730a708a 100644
--- a/packages/starlight/package.json
+++ b/packages/starlight/package.json
@@ -212,5 +212,8 @@
     "unified": "^11.0.5",
     "unist-util-visit": "^5.0.0",
     "vfile": "^6.0.2"
+  },
+  "publishConfig": {
+    "provenance": true
   }
 }
diff --git a/packages/tailwind/package.json b/packages/tailwind/package.json
index 999e0691..5b137cb5 100644
--- a/packages/tailwind/package.json
+++ b/packages/tailwind/package.json
@@ -32,5 +32,8 @@
     "@astrojs/starlight": ">=0.9.0",
     "@astrojs/tailwind": "^5.0.0",
     "tailwindcss": "^3.3.3"
+  },
+  "publishConfig": {
+    "provenance": true
   }
 }
-- 
cgit