From db58ae13c775908b4fd70853860d4b4c19020e41 Mon Sep 17 00:00:00 2001
From: Yorke Rhodes <yorke@hyperlane.xyz>
Date: Wed, 22 Nov 2023 11:07:53 -0500
Subject: [PATCH] Publish with provenance

---
 .github/workflows/release.yml | 6 ++++--
 package.json                  | 1 -
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3852e24d0b..e29fc5da70 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,6 +9,8 @@ concurrency: ${{ github.workflow }}-${{ github.ref }}
 
 jobs:
   release:
+    permissions:
+      id-token: write
     name: Release
     runs-on: ubuntu-latest
     steps:
@@ -31,8 +33,8 @@ jobs:
         id: changesets
         uses: changesets/action@v1
         with:
-          # This expects you to have a script called release which does a build for your packages and calls changeset publish
-          publish: yarn release
+          publish: yarn build && yarn publish:all
         env:
+          NPM_CONFIG_PROVENANCE: true
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/package.json b/package.json
index 4bb8ae4dde..c83aa712b4 100644
--- a/package.json
+++ b/package.json
@@ -27,7 +27,6 @@
     "version:prepare": "yarn changeset version",
     "version:check": "yarn changeset status",
     "publish:all": "yarn changeset publish",
-    "release": "yarn build && yarn version:check && yarn publish:all",
     "postinstall": "husky install"
   },
   "workspaces": [