Merge pull request #204 from step-security-bot/stepsecurity_remediati… #189

	name: Release

	on:
	push:
	branches:
	- main

	concurrency: ${{ github.workflow }}-${{ github.ref }}

	env:
	NPM_CONFIG_PROVENANCE: true

	permissions:
	contents: read

	jobs:
	release:
	runs-on: ubuntu-latest
	name: Release
	permissions:
	contents: write
	issues: write
	pull-requests: write
	id-token: write
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
	with:
	egress-policy: audit

	- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
	name: Checkout
	with:
	persist-credentials: false
	- uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
	name: Install Node
	with:
	node-version: 18
	- uses: pnpm/action-setup@0b715c7ebbf3cf2174d1386336c5f6d3d8d5504a # v2.3.0
	name: Install pnpm
	with:
	version: 8
	- name: Install dependencies
	run: pnpm install
	- name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
	run: npm audit signatures
	- name: Release
	env:
	GH_TOKEN: ${{ secrets.DUCKTORS_PAT }}
	NPM_TOKEN: ${{ secrets.DUCKTORS_NPM_TOKEN }}
	run: pnpm dlx semantic-release

Provide feedback