From c76f4c87851c01954acf4a970e952722dc75e480 Mon Sep 17 00:00:00 2001
From: mshriver <mshriver@redhat.com>
Date: Thu, 6 Nov 2025 13:49:15 +0100
Subject: [PATCH] Configure trusted publishing for NPM

---
 .github/workflows/npm-publish.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index d680f78..8134043 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -23,6 +23,9 @@ jobs:
   publish-npm:
     needs: build
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
@@ -32,4 +35,4 @@ jobs:
           registry-url: https://registry.npmjs.org/
       - run: yarn install --frozen-lockfile
       - run: yarn build
-      - run: npm publish
+      - run: npm publish --provenance --access public