Merge pull request #403 from ducktors/dependabot/github_actions/step-… #372

	name: Release

	on:
	push:
	branches:
	- main

	concurrency: ${{ github.workflow }}-${{ github.ref }}

	env:
	NPM_CONFIG_PROVENANCE: true

	permissions:
	contents: read

	jobs:
	release:
	runs-on: ubuntu-latest
	name: Release
	permissions:
	contents: write
	issues: write
	pull-requests: write
	id-token: write
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
	with:
	egress-policy: audit

	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	name: Checkout
	with:
	persist-credentials: false
	- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
	name: Install Node
	with:
	node-version: 20
	- uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
	name: Install pnpm
	with:
	version: 8
	- name: Install dependencies
	run: pnpm install
	- name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
	run: npm audit signatures
	- name: Release
	env:
	GH_TOKEN: ${{ secrets.DUCKTORS_PAT }}
	NPM_TOKEN: ${{ secrets.DUCKTORS_NPM_TOKEN }}
	run: pnpm dlx semantic-release

Provide feedback